Creating a Certificate Signing Request Using Certreq.exe Rumi, April 6, 2013 Create a file named CSRParameters.inf on the C:\ drive using the contents below as a template (replace the single quotes with double quotes): [NewRequest] Subject="CN=mailgw.mango.com.bd,OU=IIG,O=Mango Teleservices Limited,S=Not Applicable,L=Dhaka,C=BD" KeySpec=1 KeyLength=2048 Exportable=TRUE MachineKeySet=TRUE SMIME=False PrivateKeyArchive=FALSE UserProtected=FALSE UseExistingKeySet=FALSE ProviderName="Microsoft RSA SChannel Cryptographic Provider" ProviderType=12 RequestType=PKCS10 KeyUsage=0xa0 Silent=TRUE [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 Open a command… Continue Reading
Many-To-One Mappings IIS Rumi, February 13, 2013February 13, 2013 Many-to-one Client certificate mapping is used by the Internet Information Services (IIS) to associate an end user to a windows account when the client certificate is used for the user authentication. The user session is executed under the context of this mapped windows account by IIS. For this to work… Continue Reading
Code Signing (Digital Signature) using Signtool Rumi, February 4, 2013 The following command adds the catalog file MyCatalogFileName.cat to the system component and driver database. The /v option generates a unique name if necessary to prevent replacing an existing catalog file named MyCatalogFileName.cat. signtool catdb /v /u MyCatalogFileName.cat The following command signs a file automatically by using the best certificate…. Continue Reading
How to distribute root certificates as exe files Rumi, November 1, 2012 We start by creating a folder. We call it cer_as_exe and here we put our root certificate that we want to distribute and a small installation script. Our installation script is not that big. @echo off certutil -addstore -f -enterprise -user root %tmp%\root_ca.cer > NUL del /F %tmp%\root_ca.cer > NUL… Continue Reading
Using an Aladdin eToken with firefox Rumi, August 25, 2012 A very easy method for importing (or removing) keys in your eToken is to add the eToken as a Security Device in Firefox. The procedure for Thunderbird and Mozilla/Seamonkey is nearly identical. To add your eToken as a security device , follow these steps Start Firefox (Linux) Go to Edit->Preferences->Advanced->Tab… Continue Reading
Setting up an Apache Web Server as a proxy in front of EJBCA Rumi, April 26, 2012 This section will show you how to use an Apache Web Server Proxy in front of EJBCA. The resulting server will Display EJBCA public web at https://ca-server.company.local/ Redirect all HTTP-requests to HTTPS, except for OCSP and CRL. Require a client SSL certificate when accessing https://ca-server.company.local/adminweb/ Be able to loadbalance requests… Continue Reading
EJBCA Custom OID DN and altName oids Rumi, April 16, 2012 EJBCA supports custom (your own) OIDs in DN components. In order to add such a DN you can simply call the DN for example: CN=MyCommonName,1.1.1.1=MyCustomOid,C=SE Where 1.1.1.1 is your custom OID. Custom OIDs are always encoded as UTF8String in the DN. To get support for custom OIDs in the Admin… Continue Reading
Neighbour table overflow Rumi, February 10, 2012 If you have a big network with the hundreds of hosts you can expect “Neighbour table overflow” error which occurs in large networks when there are two many ARP requests which the server is not able to reply. For example you’re using server as a DHCP server, cable modems provisioning,… Continue Reading
Connecting openvpn server using openvpn gui client for windows Rumi, August 31, 2011August 31, 2011 Assuming that you have a openVPN server ready to allow vpn connectivity from its clients. It is also assumed that CA Certificate (.pem) is also obtained from a valid CA and signed with the openVPN server. Because the large number of parameters you can define either in the configuration file… Continue Reading
Generating CSR using openssl Rumi, August 19, 2011 It's just a single line of code to execute- openssl req -new -newkey rsa:2048 -nodes -keyout /tmp/csr/csr.mangoca.com.key -out /tmp/csr/csr.mangoca.com.csr Continue Reading