Tag Archives: certificate

Install certificate for Unifi Controller

1. Request certificate. I saved my certificate as unifi2020.crt and unifi2020.key
2. Replace certificate on unifi controller

3. Restart unifi

RDP failed, and got system event ID 36870 fatal error occurred when attempting to access the SSL server credential private key.

It’s a wired issue.
Port 3389 is open, and can telnet to it. But if try to RDP to the server, the RDP connection will failed immediately.
And in system event log, there is an error message said “Description: A fatal error occurred when attempting to access the SSL server credential private key.”

After investigation, found out this issue was caused by the incorrect file permission were set on files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.

So the fix is, grant system full control access to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys as well as all files within this folder.

Disable IE Certificate Revocation Check

If groupolicy disabled you to do so, then we still can turn off certificate revocation check in registry

In registry editor browse to the following key:

Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal

Install PFX certificate on ESXi host

1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
http://slproweb.com/download/Win32OpenSSL_Light-0_9_8zb.exe
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:

During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.

b. Generate crt file for the certificate via below command:

6. Done. Now you can install the certificate for ESXi host