Monday 16 December 2019

Creating a CSR


Use the instructions on this page to create your certificate signing request (CSR) and then to install your SSL certificate in IIS 8 on Windows Server 2012 or IIS 8.5 on Windows Server 2012 R2.
1.     To create your CSR via IIS 8 and IIS 8.5: How to Create Your CSR on Windows Server 2012.
2.     To install your SSL certificate, via IIS 8 and IIS 8.5: How to Install and Configure Your SSL Certificate on Windows Server 2012.
Step 1: Create Your CSR in IIS 8 or IIS 8.5 on Windows Server 2012
1.     From the Start screen, find Internet Information Services (IIS) Manager and open it.
2.     In the Connections pane, locate and click the server.
3.     In the server Home page (center pane) under the IIS section, double-click Server Certificates


4.     In the Actions menu (right pane), click Create Certificate Request

5.     In the Request Certificate wizard, on the Distinguished Name Properties page, provide the information specified below and then click Next.
Common name:
The fully-qualified domain name (FQDN) (e.g., www.example.com).
Organization:
Your company’s legally registered name (e.g., YourCompany, Inc.).
Organizational unit:
The name of your department within the organization. This entry will usually be listed as "IT", "Web Security", or is simply left blank.
City/locality:
The city where your company is legally located.
State/province:
The state/province where your company is legally located.
Country/region:
The country/region where your company is legally located. Use the drop-down list to select your country.
6.    

7.     On the Cryptographic Service Provider Properties page, provide the information specified below and then click Next.
Cryptographic service provider:
In the drop-down list, select Microsoft RSA SChannel Cryptographic Provider (unless you have a specific cryptographic provider).
Bit length:
In the drop-down list, select 2048 (unless you have a specific reason for using a larger bit length).
8.    

9.     On the File Name page, under Specify a file name for the certificate request, click the  …  button to specify a save location for your CSR.
Note: Remember the filename and save location of your CSR file. If you enter a filename without specifying a location, your CSR will be saved to C:\Windows\System32

10.   When you are done, click Finish.
11.   Open the CSR file using a text editor (such as Notepad), then copy the text (including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags) and paste it into the DigiCert order form. 

12.   After you receive your SSL certificate from DigiCert, you can install it.
Posted by ventej.blogspot.com at 11:22 0 comments
Labels:

Creating a CSR and Installing and configuring your SSL


Step 1:Creating a CSR 


Step 2: Install and Configure Your SSL Certificate in IIS 8 or IIS 8.5 on Windows Server 2012 


Detailed Steps are provided at the Certificate Authority site. refer here
Posted by ventej.blogspot.com at 11:18 0 comments
Labels:

Quick Shortcut in Windows 10 - Recording sessions

Windows key + shift-S

You can also use keyboard shortcut Windows key + shift-S to capture a screenshot with Snip & Sketch. Your screen will dim and you'll see Snip & Sketch's small menu at the top of your screen that will let you choose with type of screenshot you want to capture.

Alt + Print Screen

To take a quick screenshot of the active window, use the keyboard shortcut Alt + PrtScn. This will snap your currently active window and copy the screenshot to the clipboard. You'll need to open the shot in an image editor to save it.

PSR.exe to record steps to reproduce a problem
Posted by ventej.blogspot.com at 10:50 0 comments
Labels:

To Check FSMO Roles from DC

Flexible Single Master Operations specialized domain controller roles, how to check if you have multiple DCs - a quick glimpse

From command prompt:
netdom query fsmo

C:\Windows\system32>netdom query fsmo
Schema master                ****01P.ABCD.COM
Domain naming master  ***02P.ABCD.COM
PDC                                    ***01P.ABCD.COM
RID pool manager            ***01P.ABCD.COM
Infrastructure master        ***01P.ABCD.COM
The command completed successfully.

Posted by ventej.blogspot.com at 10:49 0 comments
Labels:

Sync all Domain Controllers

Using Command Prompt from DC:

repadmin /syncall /APeD

------------------------------------------------------------------------------------------
The flags in the following list are supported.
• /a Aborts, if any server is unavailable.
• /A Synchronizes all naming contexts that are held on the home server.
• /d Identifies servers by distinguished name in messages.
• /e Synchronizes domain controllers across all sites in the enterprise. By default, this command does not synchronize domain controllers in other sites.
• /h Displays Help.
• /i Iterates indefinitely.
• /I Runs the repadmin /showrepl command on each server pair in the path instead of synchronizing.
• /j Synchronizes adjacent servers only.
• /p Pauses after every message to allow the user to abort the command.
• /P Pushes changes outward from the specified domain controller.
• /q Runs in quiet mode, which suppresses call back messages.
• /Q Runs in very quiet mode, which reports fatal errors only.
• /s Does not synchronize.
• /S Skips the initial server response check.

Ref. From https://technet.microsoft.com/en-us/library/cc835086(v=ws.11).aspx

--------------------------

Replication summary:

repadmin /replsum

Posted by ventej.blogspot.com at 10:42 0 comments
Labels:

To check to which Domain Controller the end nodes are connected

From command prompt type:
Set l

Output>> 
C:\Users\Rinith >set l
LOCALAPPDATA=C:\Users\Rinith\AppData\Local
LOGONSERVER=\\HQABCD

Check Operational Group Policy from DC:
From Event Viewer
>>Applications and Services Logs >> Microsoft >> Windows > GroupPolicy >> Operational >> Filter Event ID 5310

Result:
Account details:
            Account Name : CN=**01P,OU=Domain Controllers,DC=ABCD,DC=COM
            Account Domain Name : ABCD.COM
            DC Name : \\**01P.ABCD.COM
            DC Domain Name : ABCD.COM

Posted by ventej.blogspot.com at 10:41 0 comments
Labels:

Resolution: Windows 10 Hello - Group Policy PIN and fingerprint gray out

Requirement:

Allow user to logon with PIN or Fingerprint via Group Policies

Resolution:

Create GPO



 Some of the commands to troubleshoot in case policies won’t replicate to the end nodes:

Logon to DC and open Active Directory PowerShell Module as administrator and execute below commands and compress the output folder c:\Ms-log and send by mail:

Cd \

md MS-log

Get-ADDomain | fl Name, DomainMode > C:\ms-log\DFL.txt

Get-ADForest | fl Name, ForestMode > C:\ms-log\FFL.txt
 
Get-ADDomainController -Filter * | select Name, OperatingSystem, IPv4Address, Site > C:\ms-log\dclist.txt

Netdom query fsmo > C:\ms-log\fsmo.txt

Repadmin /showrepl * /csv > C:\ms-log\showrepl.csv

Gpresult /h C:\ms-log\GPR001.html

auditpol.exe /get /category:*  >  C:\ms-log\audit.txt

dfsrmig.exe /getglobalstate > c:\MS-Log\dfs.txt 

logon to client open CMD as admin and execute below

gpresult /h c:\gpr-client.html  


For more information:

https://support.microsoft.com/en-us/help/3201940/can-t-configure-a-pin-when-convenience-pin-and-hello-for-business-poli
https://www.tenforums.com/tutorials/107441-enable-disable-users-sign-windows-10-using-biometrics.html
Posted by ventej.blogspot.com at 10:40 0 comments
Labels:
Subscribe to: Posts (Atom)