An issue I’ve run into on Palo Alto Networks firewalls is that everything seems to work when importing a certificate (usually a PFX). Until you start using the certificate, then after a validation or a commit, there’s a warning that the certificate chain is not correctly formed. Warning: certificate chain not correctly formed in certificate…
Sometimes, you have a certificate in PEM format as a CRT file (also called a CER file) with a key file (also called a PEM file), and you need to combine and convert them into a PFX certificate. In this post, I will show you step-by-step how to convert a PEM certificate into a PFX…
There are many ways to generate a CSR (Certificate Signing Request). In this post, I will show you step-by-step how to generate a CSR using OpenSSL. Prerequisites The Process I will be using C:\SSL as my working directory. I will be using Microsoft Windows with Windows Terminal and PowerShell. In my example, I will name my private…
There are a few ways to grant external access to an internal application without doing any port forwarding. The way to do this in Microsoft’s world is through an Entra Application Proxy. The name is a bit of a mess, as Microsoft renamed the Microsoft Entra application proxy program to Microsoft Entra private network connector.…
Certain situations can arise where you no longer know a Windows user account password and need to reset it or make a new one. Third-party tools can assist, but in my experience, many of them have been hit-and-miss. In this post, I will show you step-by-step how to reset a Windows password using Windows install…
The net user and group commands are very powerful tools for managing local and domain users and groups. In this post, I will show you how to use the net user command locally and on a domain to create a user account, reset a user account password, and view general info about a user account.…
I write a lot of PowerShell scripts for application installations, and many download the install files from a URL. Because the URL is hardcoded in the scripts, if the URL changes, I need to update all the scripts. This exact issue happened to me a few years ago, and my solution at the time was…
There are many ways to activate Windows, and a really cool way to activate Windows is with Active Directory-Based Activation. Active Directory-Based Activation (ADBA) was first introduced in Windows Server 2012 and is only usable if your Microsoft Volume licensing has a KMS host key. If you don’t have a KMS key, you may need…
If you haven’t heard of SolarWinds Kiwi CatTools, it is a great tool for network automation. I primarily use it to back up network configurations. Before 2009, Kiwi CatTools (KCT) was developed by Kiwi Enterprises. In 2009, SolarWinds acquired Kiwi Enterprises. SolarWinds continues to develop KCT. The upgrade process can feel a bit scary if…
On November 18th, 2024, the certificates that the Palo Alto User-ID agent and the Palo Alto Terminal Server agent use to communicate with a Palo Alto firewall will expire, causing all communication to fail. Palo Alto Networks has made new versions of the User-ID and TS agents with updated certificates that will expire on January…
