I do not know much about RDP-certificates for Windows Server 2012 R2, but I would like to know if it is possible to create a solution where the server is using a certificate in the way that RDP-client needs this certificate in advance in order to try to login at the server. If the client does not have the certificate (in advance) he / she needs to be denied access.
As I have set it up now the client is automatically given the certificate on logon and this means that everyone in the world can try to log on to the server. My point was to hand over the certificate-copies to only the people that should try to log on the server.
Is this possible? Can some one give me a bit of help here? :-) Thank you very much :-)
Related
So I am trying to achieve remote logins via powershell using certs from an AWS Managed AD Certificate Service but I am struggling on where to go or how to achieve this.
I will be remote logging from my own work laptop into domain joined servers, I have the certificate service/authority setup but I am not sure where to go next from here and wondering if anyone could help with a few pointers? I am new to this and tried going through their docs but they seem overly complicated.
Would I need to somehow store the cert/s use for remote logging on my own machine? Or will storing them on the servers I want to remote login to work?
Is it even possible to request a cert from ad remotely to be used for remote logging in?
Is there anything else I possibly need to think about around this?
Any advice or pointers would be much appreciated.
I have tried doing this locally, with a server not on the domain and can do it this way, although I need to generate the cert on the server itself first then use its thumbprint to connect.
I have also setup the certificate services for Managed AD but stuck on where to go next.
How to change security policy in milo example server? I've tried to connect to milo's opc server with UaExpert, and set the security policy. No matter what security policy I choose, the result is the same error:
ERROR o.e.m.o.s.s.t.u.UascServerAsymmetricHandler - [remote=/127.0.0.1:33762] Exception caught; sent ErrorMessage{error=StatusCode{name=Bad_SecurityChecksFailed, value=0x80130000, quality=bad}, reason=certificate path validation failed}
io.netty.handler.codec.DecoderException: UaException: status=Bad_SecurityChecksFailed, message=certificate path validation failed
How can I configure it correctly?
Second question: The example server seems quite complicated. What is the simplest way to create a server and connect to it? Is there a minimal example for that?
Welcome to stackoverflow
I do not know the Milo server and I have not almost used UAExpert but:
The client must trust the server certificate and the server must do the same with the client's certificate and of course both sides must have their certificate, sometimes the client and the server automatically create one if it doesn't exist but sometimes it should be created previously by external ways.
Help about UAExpert http://documentation.unified-automation.com/uaexpert/1.4.3/html/first_steps.html
If you don't want to deal with certificates then choose then endpoint with SecurityPolicy None when connecting:
Otherwise, note the security directory the example server logs on startup. Something like:
INFO o.e.m.examples.server.ExampleServer - security temp dir: /var/folders/1v/2pxlxd_x4bsdxz25_fv7r0940000gn/T/security
Navigate to the security directory and you'll find the UaExpert client certificate in the pki/rejected folder. You can move it to pki/trusted/certs and then connect with security from UaExpert.
I am using chrome.sockets.tcp API to create a secure connection. No errors are being encountered when connecting using a trusted certificate.
However, I'm facing error -202 (CERT_AUTHORITY_INVALID) (among other possible [certificate errors][2]) when trying to connect to a server with a self-signed/untrusted certificate.
Is it possible to warn the user about the invalid certificate and provide the option to continue with the connection? (similar to the way Chrome handles such situations)
Seeing nothing on the topic in the docs (and SocketsTcpSecureFunction::AsyncWorkStart(), the source code of chrome.sockets.tcp.secure, only verifies the certificate but doesn't try to handle the errors, it would only report them back) I'd conclude there's no way to interactively handle this predicament.
Maybe you can import the certificate on the client machine but it won't help other users of the site unless they're willing to do the same.
I am working with a client who needs SSL on their Email and Web Site.
We have their site hosted on a Rackspace Cloud Site (Wordpress so Apache and all that jazz).
From what I can tell their Email is on an ISS server of their own.
They want to apply this SSL Cert they bought through GoDaddy and apply it to this email server and to the site on our hosting server. Now I am only a Web Developer with enough server knowledge to get sites launched and running, But I don't think you can apply the same SSL Cert on two different types of servers.
What would the solution be for this?
Would you purchase a second ssl? Is that even possible?
Sorry if this is a all completely wrong I am trying to use my limited knowledge of SSL to describe the situation.
I'm pretty sure you can use the same certificate if it's going on two servers as long as they are both using the same domain. You don't need to purchase a second ssl. The tricky part might be if the two servers require different certificate file formats.
Also, just do the CSR part on ONE of the servers (use the one you trust the most). On the other server just install the certificate bypassing the CSR part.
Am getting SSL error while connecting to remote exchange server.
Can any one help me.
Taking a completely random guess at this near-empty question, I'd say your exchange server is using a privately issued SSL certificate and the workstation that you are trying to connect to it from doesn't have the Root CA (it doesn't trust the remote SSL cert)
Try connecting with something like WFetch. This will help you get a meaningful response from Exchange when attempting to connect. Also i agree with x0n , it sounds like you are missing certificate which is required when connecting over SSL.