Certificates, Subject Alternative Names, etc.
I had encountered this in my testlab but never bothered much coz it was just my testlab after all. But now I am dabbling with certificates at work and hit upon the same issue. The issue is that if I...
View ArticleClik here to view.
Generating certificates with SAN in NetScaler (to make it work with Chrome...
I want to create a certificate for my NetScaler and get it working in Chrome. Creating a certificate is easy – there are Citrix docs etc for it – but Chrome keeps complaining about missing...
View Article[Aside] Misc ADFS links
Claims-based Authentication, ADFS 3.0, and SharePoint 2013 – Beginners Guide – as it says, a good intro. Beginners Guide to Claims-based Authentication, AD FS 3.0, and SharePoint 2013 – Part II:...
View ArticleCertificate stuff (as a note to myself)
Helping out a bit with the CA at work, so just putting these down here so I don’t forget later. For managing user certificates: certmgr.msc. For managing computer certificates: certlm.msc. Using CA Web...
View ArticleNotes on ADFS
I have been trying to read on ADFS nowadays. It’s my new area of interest! :) Wrote a document at work sort of explaining it to others, so here’s bits and pieces from that. What does Active Directory...
View Article[Aside] Various SharePoint links
Been dabbling in a bit of SharePoint at work, here’s some links I came across and want to put here as a reference Future Rakhesh: https://sharepoint.stackexchange.com/a/141861 – Hiding a list column in...
View Article[Aside] How to convert a manually added AD site connection to an...
Cool tip via a Microsoft blog post. If you have a connection object in your AD Sites and Services that was manually created and you now want to switch over to letting KCC generate the connection...
View ArticleAsus RT-AC68U router, firmware, etc.
Bought an Asus RT-AC68U router today. I didn’t like my existing D-Link much and a colleague bought the Asus and was all praises so I thought why not try that. Was a bit put off that many of the...
View Article[Aside] Web Servers
I came across these recently and wanted to put them here as a bookmark to myself. h5ai – A modern file browsing UI for web server. Looks amazing! HFS – HTTP File Server. It’s a web server and also a...
View ArticleClik here to view.
HPE Synergy and eFuse Reset
In the HPE BladeSystem c7000 Enclosures one can do something called an eFuse reset to power cycle any the server blades. I have blogged about it previously here. Now we are on the HPE Synergy 12000...
View ArticleAsus RT-AC68U router, firmware, etc. (contd.)
Continuing a previous post of mine as a note to myself. Tried to flash my Asus RT-AC68U with the Advanced Tomato firmware and that was a failed attempt. The router just kept rebooting. Turns out...
View Article[Aside] Various Azure links
My blog posting has taken a turn for the worse. Mainly coz I have been out of country and since returning I am busy reading up on Azure monitoring. Anyways, some quick links to tabs I want to close now...
View ArticleClik here to view.
Creating an OMS tile for computer online/ offline status
This is by no means a big deal, nor am I trying to take credit. But it is something I setup a few days ago and I was pleased to see it in action today, so wanted to post it somewhere. :) So as I said...
View ArticleService SIDs etc.
Just so I don’t forget. The SCOM Agent on a server is called “Microsoft Monitoring Agent”. The short service name is “HealthService” and is set to run as Local System (NT Authority\System). Although...
View ArticleDNS SRV records used by AD
Just thought I’d put these here for my own easy reference. I keep forgetting these records and when there’s an issue I end up Googling and trying to find them! These are DNS records you can query to...
View ArticleMacOS VPN doesn’t use the VPN DNS
Continuing with my previous post … as part of configuring it I went to “Advanced” > “DNS” in the VPN connection and put in my remote end DNS server and domain name to search. On Windows 10 I didn’t...
View Article[Aside] Offline CRL errors when requesting a certificate
This blog post saved my bacon many times in my home lab. Remember this command: certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
View ArticleClik here to view.
New ADFS configuration wizard does not pick up SSL certificate
Was setting up ADFS in my home lab and I encountered the following issue. Even though I had a certificate generated and imported to the personal certificate store of the ADFS server, it was not being...
View ArticleClik here to view.
Setting up IPsec tunnel from OPNsense at home to Azure
This is mainly based on this and this blog posts with additional inputs from my router FAQ for my router specific stuff. I have a virtual network in Azure with a virtual network gateway. I want a Site...
View ArticleClik here to view.
Outlook auto-discover & DNS weirdness
It’s 2am and I spent the last 2-3 hours chasing a shitty problem in my home lab to which I haven’t yet found a satisfactory answer. What a waste of time (sort of)! It all began when I enabled MAPI/HTTP...
View ArticleClik here to view.
Certificates in the time of Let’s Encrypt
Here’s me generating two certs – one for “edge.raxnet.global” (with a SAN of “mx.raxnet.global”), another for “adfs.raxnet.global”. Both are “public” certificates, using Let’s Encrypt. PS...
View ArticlePi-Hole Docker
I’ve been trying to get a hang of Docker off late, but not making much headway. I work best when I have a task to work towards so all this reading up isn’t getting anywhere. Initially I thought I’d try...
View ArticlePi-Hole Docker (contd.)
This post isn’t much about Pi-Hole, sorry for the misleading title. It is a continuation to my previous post though and I couldn’t think of any other title. I thought I’d put the docker commands of...
View ArticleStubby + Unbound + Docker
I wanted to record this somewhere as I was pretty pleased with my work. Over the course of yesterday and today I build a Docker image that contains Stubby & Unbound. This is something I wanted for...
View ArticleShoutouts – Oct 2020
Quick shoutouts to various interesting stuff I came across these past few weeks. Thought I should capture them somewhere. This series of Ansible 101 YouTube sessions by Jeff Geerling. A Japanese/...
View ArticleNET::ERR_CERT_COMMON_NAME_INVALID in Chrome (and Chromium based Edge)
I was getting the above error in Chrome and Chredge (Chromium based Edge) for a new cert I issued from our on-prem AD CA. There was no similar error in IE, and I didn’t check Firefox as I didn’t have...
View ArticleLet’s Encrypt on my Raspberry Pi
Some months ago I had created some certs on my Pi via Let’s Encrypt. I forgot to blog about it and today when I wanted to generate some more certs my mind drew a blank. :) I know I had done something...
View ArticleNotes of Azure AD authentication, SSO, etc.
I am familiar with Azure AD authentication etc. but not so clued in when it comes to authentication for Azure AD Hybrid joined machines and such. Was reading up on that and thought I’d make some notes...
View ArticleLetsEncrypt will continue working for older Android devices!
You can read about the background of the issue here. What’s funny is this (from the official announcement): IdenTrust has agreed to issue a 3-year cross-sign for our ISRG Root X1 from their DST Root...
View ArticleClik here to view.
Adieu, Twenty Twenty Two
As the year comes to an end I took this last week off from work. It’s only been a few days of holiday so far, but I am glad I took it. I really needed a detox from work as it has been a hectic few...
View Article