I was following these instructions here using CERTREQ to create my certificate request, and everything worked fine up to step 6. In step 6 is states that I should have a CER file. I wrote some articles about creating a certificate here and here, where there is a CER file created, however, when I downloaded […]
Read More →NOTE: Security is a very serious topic and you should always engage an IT security expert before deploying an application that needs to be secure. This article is intended to share my experience versus being an article to use as a guideline. With all the news about the different vulnerabilities like heartbleed and poodle, developers […]
Read More →
I will confess to not being a security expert. So this article is not about how the process works, instead about a change that I had a hard time finding when working with a customer some months ago. Security is serious business, so I like to leave those kinds of things to the experts and […]
Read More →The kind of Client Certificate I use most is stored electronically on a chip located on the back of my id badge. There is a card reader in my PC that can access these certificates, which are protected by a pin and requested when I attempt to access a web site that is configured to […]
Read More →I was configuring an SSL certificate and once complete, when I attempted to access the website using https://localhost I started receiving a 404 error as shown in Figure 1. Figure 1, 404 HTTP Status after installing an SSL Certificate I tried some shots at troubleshooting the issue using Failed Request Tracing and LogParser to view […]
Read More →Like many technologies, they seem very complicated when you begin to work with it, but once you get into it you start to hit the boundaries of its capabilities and features. Once you use a tool for some time you learn what it can and cannot do, and therefore when there is a problem you […]
Read More →The CryptoAPI 2.0 Diagnostics is a feature available on Windows Server 2008+ that supports the trouble shooting of issues concerned with, for example: Certificate Chain Validation Certificate Store Operations Signature Verification This article describes how to enable the CAPI2 Diagnostic, but for an in depth review of the capability, check here. Enable CAPI2 logging by […]
Read More →I wrote 2 previous blogs about NTLM and Negotiate/Kerberos which discussed briefly about how those authentication packages work within the context of Integrated Windows Authentication. Another authentication package supported in Windows is called Secure Channel, also known as Schannel. This blog will not discuss the details of Schannel because the detail can be found here. […]
Read More →Kerberos is a request based authentication protocol. That means with each request, there is a resulting authentication step. See the following figure 1 where you notice a Ticket request for each GET Http Command. Figure 1, Network Monitor log for request based authentication This article covers the implementation of the authPersistNonNTLM attribute, that when set […]
Read More →IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]
Read More →