How to change the Friendly Name on a certificate -Windows

I ran into the situation where someone created and applied a certificate in IIS and the friendlyName was wrong. During automatic deployments of the software, they would call into the cert store and select the certificate to use for their 443 bindings based on the friendly name. The certificate was named wrong and wouldn’t get applied during deployment or it would apply the wrong one.

Here is how to fix this using PowerShell without re-issuing the certificate.

Open up PowerShell with administrative rights and change your location to the certificate store.

We will change the certificate with the thumbprint named wrong_internal_wildcard to right_internal_wildcard

In the above example, I have done the following:

    Opened Powershell
    Set-Location to the certificate store by typing Set-Location cert:
    Listed out the certs by typing Get-ChildItem
    Located the cert I wanted to change the friendly name of
    Put that cert in a variable so I could view it’s properties
    Verified that the cert is the right one by typing $cert.friendlyname
    Then changed the friendlyname by typing $cert.FriendlyName = “right_internal_wildcard”
    lastly, I verifed the cert friendlyname by typing $cert.FriendlyName

    • Google Plus
    • Facebook
    • Twitter
    • Delicious
    • LinkedIn
    • StumbleUpon
    • Add to favorites
    • Email
    • RSS

Certificates – Convert pfx to PEM and remove the encryption password on private key

I’ve recently ran into a few times where we had to move a certificate from Microsoft Exchange to a HAProxy load balancer. I was provided an exported key pair that had an encrypted private key (Password Protected).

We will seperate a .pfx ssl certificate to an unencrypted .key file and a .cer file

The end state is to get the private key decrypted, the public cert and the certificate chain in the .pem file to make it work with openssl/HAProxy.

Requirements:
Openssl installed
.pfx file (you need to know the password)
intermediate public cert (you can obatin this from your provider like Thawte)
root public cert (you can obatin this from your provider like Thawte)

Step 1
Extract the private key from the .pfx file (you need to know the password:

Step 2
Now lets decrypt the key:

Step 3
Now lets extract the public certificate:

Step 4
You also need all the public certs in the chain up to the root. I’m talking about these:
Root and Intermediate Certs

Step 5
now create a new text file (don’t use notepad) and put your public, private, intermediate public and root public together. It’s simple and should look like this:

Save the file as a .pem file.
If you want to view the cert on windows, simply rename the .pem to .cer

…This is how Ed does it 🙂

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Disable SSLv2, SSLv3 and Enable TLS 1.2 and pass Qualis SSL Test

I was tasked with securing one of our internet facing web servers against the POODLE SSL vulnerability and weaker old SSL technologies. After doing many searches online, I finally wrote a script to run against our Windows 2008 R2 server to disable the protocols in IIS via the registry. The following is a simple script that you can run to change the STUNNEL ciphers to make your server secure.

FIRST and most important, backup the registry hive that you will be changing. << You have been warned! Do this by going to the following hive and right clicking it and exporting the hive:

HKLM:\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Then simply run this script and reboot your server:

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

SSH with Powershell: Backup multiple Cisco devices

Today, I was asked to write a script to connect to all our Cisco devices and backup the configs to our fileserver. After a few hours of figuring it out, this is what I came up with

You ONLY need a READ ONLY account on the Cisco devices.

We run this every day at 2:00 AM and backup many Cisco devices.

I downloaded and use this SSH.NET Library: SSH With Powershell

You have to move it to your powershell modules directory and then import-module

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Nexus 4 USB doesn’t connect to computer with Android 4.3 – Use Wireless FTP Transfer for Android

After I got my Nexus 5, I had the task of transferring all my pictures and music off of my Nexus 4 to my Nexus 5. I had thought that it would have been backed up and I could simply restore it on my Nexus 5. Well nothing came over. No Apps but my wireless connection settings did. That was a disappointment.

So, I decided to connect it to my computer to copy the data to it and then back down to the Nexus 5. That didn’t work!

My Nexus 4 for some reason couldn’t connect to ANY of my Windows 7 computers. I tried 3 different computers and at least 3 different USB cables. Nothing worked. It would charge when connected to the computer though…

Every once in a while, it would connect and I could copy some pictures and music over but then I would get a device error and the connection would get terminated. After 2 days of troubleshooting this problem I found a simple solution that works well.

I found a app in the Google Play store called “WiFi File Transfer Pro” which was free. This software turns your Android device into a FTP server on port 2121 and allowed me to use my favorite FTP program (FileZilla) to connect to it and copy ALL my pics and music off of my Nexus 4 over to my computer. Then I can connect my Nexus 5 to my computer (which does work by the way) and copy back to my shiny new Nexus 5 all my music and what pictures I want to transfer over.

The file transfer is still going as I have over 6GB of data to move off of the Nexus 4.

I did call Google Nexus Support at 1-855-836-3987 and got a US speaking support person that did help me but he didn’t have a working solution except to try one of these programs.

Once I get everything off my old Nexus 4, I’m going to wipe the phone to factory defaults and see if it works again after the wipe. If not, Back to Google for Warranty repair 🙁

This phone will then be handed down to my wife and her’ Google Galaxy Nexus will go to my mom! EEEK!!!

 

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Nexus 5 – What I like and HATE about the Nexus 5 (First 24 hours)

I received my Nexus 5 yesterday and fired it up. A few notes that I didn’t like about my first 24 hour experience…

Nexus 5 Dislikes come first because they bug me the most:

Icons got larger… Much Larger

The icons in the app list got larger and lost a row. My Nexus 4 had 5×5 grid of application icons. The Nexus 5 has a 4×5 grid and the icons got bigger. This drives me nuts. It took me a few hours to figure out why it was bugging me until I had the phones side by side. They are simply bigger. I think now that the phone has a higher resolution, they should have kept the icons the same size (in pixels) and let them be smaller or let us change the size of the icons back. I feel that I’ve lost some real-estate since there isn’t as many icons even though the screen got larger with higher resolution.

Nexus 5 - 4 icons wide

Nexus 5 – 4 icons wide

Nexus 4 - 5 icons wide

Nexus 4 – 5 icons wide

The Camera sticks out the back

This is a crazy decision. Why would you let a phone teeter totter on the camera lens when it is set down. This keeps the phone from having a good grip (using the rubber back) on anything you set it on. Everyone that stopped by my desk to see the phone immediately noticed this. Just a bad design decision.

They switched/rotated the USB connection port 180 degrees

Why would they do this? now my docking station for my Nexus 4 doesn’t fit the Nexus 5. It would have fit fine if they wouldn’t have done this. Also, now I have to remember to flip my plug around when plugging it in when the light is dim. This sucks. If Google would have thought of keeping the Nexus line similar in versions, they sure missed the boat on this one. Just pisses me off!

The back has a HUGE label on it

Such a pretty phone. Nice and black. No Silver or chrome at all on it. Just what I wanted. Then, they slapped a IMEI sticker across the back. I assume I need this so I had better not remove it but why? Why not put it in the slot where you put the SIM card? Oh, why am I not a designer!

No color in the status window shade

Huh? so before, when you were disconnected from Google, your signal strength would change from blue to white. You would not receive any updates, notifications or anything on Android 4.3. To fix this, I had to open up Google Hangouts and it would re-register and turn blue again. Now, there is no way to tell if you’re disconnected from Google. It’s a shame! The blue looked nice. Now it’s just white. If I had a white background, what would it look like now…

Google Hangouts for SMS/Texting

What? Now I gotta figure this out? I guess it’s a move to get your texts and messages out of the providers SMS/Texting service and on to Google’s? I’ll bet that’s the plan. Then start sending ad’s may come next. Shit, this is hard to figure out. Why?

Swipe left for Google Now…

Where did my left desktop go on my phone. Now I have Google Now there. That sucks! I don’t want it there and can’t figure out how to change it.

And now on to the things I like

The Sound is much better on the Nexus 5

Wow! the sound has gotten much better. I have owned all the Google phones starting with the Google G1, then the Galaxy Nexus (Curved phone) which the volume and ringer SUCKED, the Nexus 4 which got better but not great and now the Nexus 5. I think Google and LG finally got it right. Maybe it takes a TON of customers to complain over and over until they listen. You will be satisfied with this!

An ALL BLACK phone. No silver/chrome accents

Oh, My, this Nexus 5 looks fine! eNuff said!

Full Screen background

Yah, this was a long time coming. The full background and allowing apps to use the full screen makes use of the full screen. Much nicer. Thanks Google!

Ok Google…

This is just awesome so far. I wish I could command my phone while it was locked but that’s ok for now. Saying “Ok Google, Call my wife” works great. LOVE IT. I wish it dialed a default number which I think it can so I don’t have to interact with it while driving doing something else 🙂

Conclusion

Ok. I’m done bitching about the phone. Overall, I’m starting to like it even though there are some things that simply suck. Yup, some changes were just not a good decision.

About ME: Long time Google Android User. Always use Google Chrome. I’m allergic to IE! Makes me sick! 20+ years in IT as a Systems Administrator supporting all aspects of IT. I LOVE Android phones and Google products.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How To: Import AD Users from .csv file

I had a project that required me to make over 40 domain accounts. I decided that it was time to create all the domain accounts with a Powershell script. The script I came up with uses an import csv file with all the accounts and info I needed in it. Make sure you take the time to plan a naming convention for your AD accounts. In this case, they were a type of service account for many different environments. To keep it quick, I decided to not auto-gen the passwords so I simply put them in the csv file and removed them when I was done. Well, it took me a day or so to figure out my script to create ad accounts because I had problems…

My troubleshooting was a bit flawed but I didn’t know it until the very end (After running for all the users). I was having problems with the script ending in error . This is a very generic error. I knew that my accounts had spaces in them for $GivenName $Surname and $Name. So, I went through the trouble making sure that my variable properties with spaces had “” around them. Yes, that’s a pair of double quotes. My Display name I wanted to use had GivenName and Surname in it with a space. So it looks like this: Displayname = ($User.”GivenName”+” “+$User.”Surname”). The quotes around “GivenName” allowed me to use two names in the GivenName column of the .csv file and the same for “Surname”. This way I can create an account that looks like: First Second Third Forth. In other words, my “GivenName” in my CSV was First Second so I had to put “” around it in the script so it would read it as one word. What I missed is after everything was put together, the fields were over 20 characters. Well, the limit on Windows 2008 Account “Names” is 20 characters. Until I ran my script and found that it didn’t create about 1/2 of them, I started analyzing the .csv file to figure out why it didn’t work. I found out that the ones that didn’t get created are the ones that were over 20 characters.

Here is the script. You will notice that I’ve got a comment in the script for the .csv file’s header fields. You can add to them or remove as needed. I think it’s easier to view the powershell references on Microsoft’s site. Here is the link to Set-ADUser cmdlet: http://technet.microsoft.com/en-us/library/ee617215.aspx. For each property, you need it in the script and in the .csv file. If there are special characters or spaces. Remember to use the “” around it in the script. Also, make sure you are not exceeding the field length in AD for each property. The sAMAccountName (pre-Windows 2000 logon name) is limited to 20 characters for user objects. This is what got me a few times 🙁

Let me know if you need anything below explained! I’ll answer all comments on this the same day if I can.

I’m a seasoned Systems Administrator with experience starting in the early 90’s when 286 computers with 20 and 30 Mhz processors running Windows 3.1 which was the newest operating system.

…and that’s the way Ed does it 🙂 — Thanks Scott J. for that 🙂

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Cool test to ensure YOURLS is working

I installed YOURLS on another domain so I can use short URL’s on the blog. This is a test to see if it works. The following link didn’t get generated correctly because of HostGator and their strict security settings. I had to chat with them for over 30 minutes and provide this google link to the problem https://code.google.com/p/yourls/issues/detail?id=407 to have them resolve it. I’ve only heard that Hostgator is the only offending host that blocks this.

Beh! Still didn’t work! Looking into why 🙁

Eventually gave up because I think it’s Hostgator. Looking for a new hosting provider

EddieRock

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

Connect remotely to a computer with powershell and get ipconfig /all from it

Are you looking to connect remotely to a computer and run powershell commands. Below is a simple one liner that will connect to a computer and get the ipconfig /all and display it on your computer.

If it doesn’t work, you may have to enable WinRM on the remote computer. This can be done with group policy or simply typing Winrm quickconfig at the command prompt on the computer you want to connect to. This has to be done before hand so there may be some prep involved but when you have Winrm enabled on all your computers, you can connect with powershell and run all sorts of commands.

Here is

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

How to Get The Logged On User on a Remote Windows Machine

This one is super cool and you will amaze your boss. Many times, I’m asked if I can find who is logged into a machine.

As long as you have PSRemoting enabled across your network you can run this:

Also replace IP or name with the IP address or computer name of the computer

or you can do a | select * and it will give you more info.

  • Google Plus
  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS