How to Remove Azure ILB ASE SSL Certificate - powershell

I need to remove the ILB Certificate that was set on the Internal Load Balancer App Service Environment (ILB ASE)
There is no remove or delete option in the GUI, and i cannot seem to locate any Powershell, or Azure CLI commands for removing only the ILB Certificate
I do not want to make any other changes to the ASE, as i already have several Apps and configurations set

You go to the Resource Group, mark "Show hidden types" and delete the cert as you would do with any other resource.

ILB certificate is required for an ILB ASE to run and that is why you cannot find the remove button.
​You can update that certificate by "update ILB cert"
You can try to set cert name to null in cluster setting. Please check Resource Explorer > Hosting Environment endpoint

You could try this method:
Go to Azure resource portal (https://resources.azure.com ) and navigate to subscriptions --> specific subscription --> providers --> Microsoft.Web --> certificates. You will see the certificates. Click the specific cert which you want to remove and delete it directly here. Make sure you have enough permission to do this.
Update
Just click the read/write in the top of Azure resource portal to change to read/write mode, then you can delete the cert. I am an owner role in the IAM of ASE. I can remove the cert after I upload a self-signed cert in the ILB cert.

Related

Installing SSL Certificates for Wazuh-Dashboard

Is it possible to have Wazuh Manager served through custom SSL certificates? The wazuh-certs-tool gives you a self cert, and every other way to get it served through SSL has failed.
The closest I've gotten to getting this to work is I've had the dashboard being served by a custom SSL, I had agents connecting to it successfully and providing a heartbeat, but had zero log flows or events happening. When I had it in this state, I saw the API calls were coming from what appeared to be a Java instance, erroring out complaining about receiving certificate. I saw a keystore file located at /etc/wazuh-indexer. Do I also need to add the root-ca cert here as well?
It seems that your indexer's excepted certificates do not match the certificates in your manager or the dashboard.
If you follow the normal installation guide, it shows how and where to place your certificates, that are created using the wazuh-cert-tool. But, certificates can be created from any other source, as long as they have the expected information, you can check that informationenter link description here here.
I would recommend you follow the installation steps in the installation guide, from scratch to make sure you copy each excepted certificate in it's place and that the configuration files for your indexer, dashboard, and manager take into account the correct files. All you would need to change, the creation of the certificates, to have your own custom certs.
In case of further doubt, do not hesitate to ask.

Deploying a Service fabric app from Team Services to Azure

I need some help with deploying a Service fabric app from Team Services to Azure.
I’m getting the following error from the Agent in Team Services (see screenshot below):
2018-06-22T13:17:13.3007613Z ##[error] An error occurred attempting to
import the certificate. Ensure that your service endpoint is
configured properly with a correct certificate value and, if the
certificate is password-protected, a valid password.
Error message: Exception calling "Import" with "3" argument(s):
"Cannot find the requested object.
Please advise.
Here is my Service Fabric Security security page, don't remember where I set up the password needed on the VSTS side but I took note of it and believe it's correct.
Here is the Endpoint page on the VSTS side:
Issue resolved with the help of MS Support by creating a new Certificate in the Key Vault and Adding it to the Service Fabric, steps:
Azure Portal:
Home > Key vaults > YourKeyVault - Certificates: Generate/Import
Generate new key with a CertificateName of your choosing and CN=CertificateName as Subject.
Home > Key vaults > YourKeyVault - Certificates > CertificateName
Select the only version available and Download in PFX/PEM format.
Power Shell: Convert to Base64 string, CertificateBase64
[System.Convert]::ToBase64String([System.IO.File]::ReadAllBytes("c:\YourCertificate.pfx"))
Home > YourServicefabric - Security: Add
Add the Certificate you created as Admin Client by providing 's thumbprint.
VSTS/TFS:
Build and release > Your pipeline: Edit
In the Deployment Process Service Fabric Environment click Manage for Cluster Connection and add a new connection. Besides the other information, in the Client Certificate paste the previous CertificateBase64.
Check the Service Endpoint in VSTS:
Whether it has a properly base64 encoded certificate, with a private key.
Also, check if the provided passphrase is correct.
Also, check if the service endpoint is configured as tcp://mycluster.region.cloudapp.azure.com:19000.
Check if the thumbprint is correct.

Azure Authentication for Deployment - Powershell

For deployment to Azure we need to authenticate, and we have two methods to achieve this.
1. Publish Setting File
Download the publish setting and use the Subscription Name to Set the subscription before deployment
2. Managed Certificate
Create and upload the .cer file to the management Portal.
Use the associated .pfx to be installed in the client machine during deployment, and authenticate with the thumbprints.
Can someone tell me which one is better in terms of security, manageability and ease of usage?

File System location of AD FS's Token-Signing Certificate

On Windows Server 2012, where does ADFS store the automatically generated Token-Decrypting certificate?
I manually checked the usual places and could not find it:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
I was able to identify the Service-Communications cert and Token-Signing certificate.
On our boxes (WID / automatic rollover), they are stored in a container in AD under:
Program Data / Microsoft / ADFS
ADFS was configured to run under a specific account, the certificate was located under there Roaming profile. This path is only applicable for certficates that are automatically generated when ADFS is first configured. Once expired, I recommend installing a new cert is LocalMachine store instead.
C:\Users\<AccountNameRunningADFS>\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates
Self-signed certificates are stored in the SQL / WID database, not the Certificates MMC

XBAP full trust deployment

I did the following steps to deploy my wpf application that need full trust permission:
1-Creating a certificate using makecert.exe
2-Creating signed application and deployment manifests.
3-Building a website in IIS to host files (include MyApplication.exe.manifest and MyAppicatio.xbap)
4-Adding certificate - used to sign manifests - to IE certificate store (Trustes Root Certification Authorities and Trusted Publishers) , IE Menu bar->Tools Internet Options->Content->Certificates
But when i try to browse Xbap file in IE6 it throws Not granted exception for dowloading MyApplication.exe.manifest file.
When i grant access using caspol.exe tool to my deployment url , it works well.
But how can i make certifcate approach works correctly?
Thanks
I found the problem , my created certificate was out of date (expired).