Mark Berry November 1, 2016
I’m planning to installed 3CX 15 on a Windows 2012 R2 server. I want to use a new SSL certificate. The machine does not have IIS installed. How do I create a Certificate Signing Request (CSR)?More...
Mark Berry September 27, 2016
I wanted to get TLS connections working between remote Grandstream phones connected over the Internet to a Grandstream UCM6102 PBX. This location already has an SSL certificate for its web site issued by a public Certification Authority. Here’s how to set up TLS with that kind of certificate.More...
Mark Berry March 28, 2016
Today I wanted to give an Abyss web server the same certificate in use by IIS. Abyss only allows entering keys as blocks of text, so I needed to extract a private key and certificate from a Windows-based pfx file.
This University of Washington article gave me exactly the information I needed to do that with OpenSSL. And yes, OpenSSL was able to handle the password that I had added when I exported the certificate on Windows.
I hope UW doesn’t mind me copying in the key (pun) points:
- Run the following command to export the private key:
openssl pkcs12 -in certname.pfx -nocerts -out key.pem -nodes
- Run the following command to export the certificate:
openssl pkcs12 -in certname.pfx -nokeys -out cert.pem
- Run the following command to remove the passphrase from the private key:
openssl rsa -in key.pem -out server.key
Mark Berry December 13, 2014
I want to be able to make out-of-band KVM connections to computers running Intel AMT 9 (vPro). I initially thought this would require the $99 VNC Viewer Plus from RealVNC, but it seems to work fine with the free UltraVNC Viewer in combination with the free Manageability Commander Tool.
The RealVNC approach requires that you set up TLS for the connection. The UltraVNC approach can work without that, but I prefer the connection to be encrypted anyway. The RealVNC site has some decent documentation on this but I wanted to add some pictures and some info about self-signed certificates.
Update 6 October 2016 You now have to use MeshCommander for remote KVM but you still need MDTK if you want to set up TLS. See more info at the end of the article.More...
Mark Berry June 5, 2014
I purchased a GeoTrust RapidSSL certificate from Namecheap to install on an Amazon Web Services Elastic Load Balancer. I won’t go into all the details of deploying SSL on AWS here, but I do want to document something about the certificate chain.More...
Mark Berry December 3, 2012
I recently created a new Windows domain for my network with the same name as the old domain. I migrated the profile on my XP development machine using the very handy ForensIT User Profile Wizard.
Today I needed to sign some code using my VeriSign code signing certificate. But signtool.exe kept giving me this error:More...
Mark Berry June 18, 2011
It may be a bit sensationalistic to call it a time bomb, but apparently Hyper-V will only run for a year before the self-signed certificate that allows remote access to the machines expires. Supposedly it will auto-renew (unless you’re on Server 2008 and need this hotfix), but according to MSKB 2413735, you may still be left with an inoperable mouse and need to save/resume your VMs.More...
Welcome to MCB Systems!
MCB Systems is a San Diego-based provider of software and information technology services.
Our software services include customization and programming to make software work for you.
Our proactive I.T. services help businesses control costs by providing a fixed monthly bill for routine I.T. services.
We take a consulting approach that listens first and provides solutions tailored to your business.
Contact MCB Systems today to discuss your technology needs!