Tag Archives: certificate

Install certificate for Unifi Controller

1. Request certificate. I saved my certificate as unifi2020.crt and unifi2020.key
2. Replace certificate on unifi controller

openssl pkcs12 -export -inkey unifi2020.key -in unifi2020.crt -out unifi.p12 -name unifi  -password pass:temppass
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt

3. Restart unifi

/etc/init.d/unifi restart

Configuring Firefox to use the Windows Certificate Store

Leave a reply

In Firefox, type ‘about:config’ in the address bar
If prompted, accept any warnings
search for ‘security.enterprise_roots.enabled‘ as the Name
Set the value to ‘true’

RDP failed, and got system event ID 36870 fatal error occurred when attempting to access the SSL server credential private key.

Leave a reply

It’s a wired issue.
Port 3389 is open, and can telnet to it. But if try to RDP to the server, the RDP connection will failed immediately.
And in system event log, there is an error message said “Description: A fatal error occurred when attempting to access the SSL server credential private key.”

After investigation, found out this issue was caused by the incorrect file permission were set on files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

So the fix is, grant system full control access to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys as well as all files within this folder.

Event ID 1057 – The Terminal Server has failed to create a new self signed certificate

6 Replies

Rename below folder to Machinekeys_old

C:ProgramDataMicrosoftCryptoRSAMachineKeys

And then restart the server

Disable IE Certificate Revocation Check

Leave a reply

If groupolicy disabled you to do so, then we still can turn off certificate revocation check in registry

In registry editor browse to the following key:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing

Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal

Install PFX certificate on ESXi host

Leave a reply

1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
http://slproweb.com/download/Win32OpenSSL_Light-0_9_8zb.exe
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:

openssl pkcs12 -in server.pfx -nocerts -out server_tmp.key

During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.

openssl rsa -in server_tmp.key  -out server.key

b. Generate crt file for the certificate via below command:

openssl pkcs12 -in server.infau.wbcau.westpac.com.au.pfx -clcerts -nokeys -out server.crt

6. Done. Now you can install the certificate for ESXi host

System Admin/Developer's Blog

Windows, VMware, Citrix, FreeBSD,Web servers and Coding…

Tag Archives: certificate

Install certificate for Unifi Controller

Configuring Firefox to use the Windows Certificate Store

RDP failed, and got system event ID 36870 fatal error occurred when attempting to access the SSL server credential private key.

Event ID 1057 – The Terminal Server has failed to create a new self signed certificate

Disable IE Certificate Revocation Check

Install PFX certificate on ESXi host