There are a few ways to grant external access to an internal application without doing any port forwarding. The way to do this in Microsoft’s world is through an Entra Application Proxy. The name is a bit of a mess, as Microsoft renamed the Microsoft Entra application proxy program to Microsoft Entra private network connector.…
Inspecting TLS/SSL traffic on corporate networks is very common, as over 80% of all web traffic is encrypted. If you aren’t performing TLS/SSL traffic inspection, you are potentially leaving your network exposed. The simple act of inspecting SSL connections helps reduce your attack surface. SSL inspection can make it harder to establish malicious outbound connections,…
Certificate chain issues are extremely widespread and more common than you think. You start to see how many websites have broken certificate chains when you start performing SSL inspection on a network. If you want to read more about certificate chains, my post Certificate Chain goes into more detail. My website, thedxt.ca, has a server…
This post will explain the main components of a certificate and how they contribute to a certificate chain. A certificate chain consists of three main components: Root CA A root CA is the most trusted source of authority for certificates. It is the first link in a certificate chain, and all certificates are issued by…
While having your SSL/TLS certificate in a PFX file is great, as most applications support the PFX file, there are still some cases where a PFX file is not supported, and you need the certificate in the PEM format as a CRT file (also called a CER file) with a key file (also called a…
Once you have exported your certificate, the next step is installing the certificate PFX on other servers as needed. In this post, I will show you step-by-step how to install an exported PFX certificate file on a Microsoft Windows system. Prerequisites The Process
If you work with wild card certificates, it’s common to need to deploy them to more than one server. You will need to export the certificate to install it on other systems. In this post, I will show you step-by-step how to export a certificate using MMC (Microsoft Management Console). The Process
When you create a CSR and provide it to your certificate vendor or CA (Certificate Authority), you must complete the CSR (Certificate Signing Request). In this post, I will show you step-by-step how to complete a CSR. Prerequisites You can check which system has the pending certificate by checking the Certificate Enrollment Requests in MMC…
There are many ways to generate a CSR (Certificate Signing Request) one of them is with IIS. What if you don’t have IIS or you want to be stubborn and not use IIS at all? In this post I will detail step-by-step how to generate a CSR using MMC (Microsoft Management Console).
