An issue I’ve run into on Palo Alto Networks firewalls is that everything seems to work when importing a certificate (usually a PFX). Until you start using the certificate, then after a validation or a commit, there’s a warning that the certificate chain is not correctly formed. Warning: certificate chain not correctly formed in certificate…
Sometimes, you have a certificate in PEM format as a CRT file (also called a CER file) with a key file (also called a PEM file), and you need to combine and convert them into a PFX certificate. In this post, I will show you step-by-step how to convert a PEM certificate into a PFX…
There are many ways to generate a CSR (Certificate Signing Request). In this post, I will show you step-by-step how to generate a CSR using OpenSSL. Prerequisites The Process I will be using C:\SSL as my working directory. I will be using Microsoft Windows with Windows Terminal and PowerShell. In my example, I will name my private…
There are a few ways to grant external access to an internal application without doing any port forwarding. The way to do this in Microsoft’s world is through an Entra Application Proxy. The name is a bit of a mess, as Microsoft renamed the Microsoft Entra application proxy program to Microsoft Entra private network connector.…
Inspecting TLS/SSL traffic on corporate networks is very common, as over 80% of all web traffic is encrypted. If you aren’t performing TLS/SSL traffic inspection, you are potentially leaving your network exposed. The simple act of inspecting SSL connections helps reduce your attack surface. SSL inspection can make it harder to establish malicious outbound connections,…
Certificate chain issues are extremely widespread and more common than you think. You start to see how many websites have broken certificate chains when you start performing SSL inspection on a network. If you want to read more about certificate chains, my post Certificate Chain goes into more detail. My website, thedxt.ca, has a server…
This post will explain the main components of a certificate and how they contribute to a certificate chain. A certificate chain consists of three main components: Root CA A root CA is the most trusted source of authority for certificates. It is the first link in a certificate chain, and all certificates are issued by…
While having your SSL/TLS certificate in a PFX file is great, as most applications support the PFX file, there are still some cases where a PFX file is not supported, and you need the certificate in the PEM format as a CRT file (also called a CER file) with a key file (also called a…
Once you have exported your certificate, the next step is installing the certificate PFX on other servers as needed. In this post, I will show you step-by-step how to install an exported PFX certificate file on a Microsoft Windows system. Prerequisites The Process
If you work with wild card certificates, it’s common to need to deploy them to more than one server. You will need to export the certificate to install it on other systems. In this post, I will show you step-by-step how to export a certificate using MMC (Microsoft Management Console). The Process
