Topics related to Public Key Infrastructure (PKI).
When we spend two weeks trying to resolve an issue that affects multiple servers it is worth documenting its solution. But not only to jot down a 2 liner, but to clearly lay out a detailed process. This saves our successors time and headaches down the road. Here we discuss Event 36870 Schannel 10001 – …
Event 36870 Schannel 10001 – A fatal error occurred Read More »
For some reason the vast majority of VMware environments we run into continue to utilize the default untrusted self-signed VMware web client front end certificate. Why? Who knows – maybe admins are intimidated by the seemingly daunting procedure of replacing the machine SSL certificate. But let’s face it, daunting or not, any HTTPS website should …
With the upcoming deprecation of TLS-SNI-01, Let’s Encrypt certificate renewals may start breaking for some clients. For more information regarding the TLS-SNI-01 ACME protocol deprecation see Bulletproof TLS Newsletter #37. As per Let’s Encrypt’s recent notification, “It will stop working temporarily on February 13th, 2019, and permanently on March 13th, 2019”. TLS-SNI-01 validation is reaching …
The other day, a client was deploying a new solution and needed a subordinate (SubCA) certificate for their networking device. The device basically needed to issue its own trusted certificates to clients within the internal network. They already had an internal 2-tier Microsoft CA infrastructure in place. One offline root CA and 2 enterprise subordinate …
Issue Subordinate CA Certificate from Offline Root CA Read More »