Imported certificates like this:
certmgr /add /v /c /ctl "selfsignedroot.cer" /s /r localMachine root
certmgr /add /v /c /ctl "server.cer" /s /r localMachine root
certmgr /add /v /c /ctl "server.cer" /s /r localMachine CA
certmgr /add /v /c /ctl "server.cer" /s /r localMachine MY
My code looks like this
LdapConnection conn = new LdapConnection();
conn.SecureSocketLayer=true;
conn.Connect("server",636);
conn.bind("cn=user,o=root","password");
I get error comming from mono.security.dll. Error code: -2146762487. Which means it failed to validate root certificate. Looking at the certificate via mmc it is shown as trusted.
Mono.Security.dll is cross platform and its origins are on Linux. As such it does not use Windows CryptoAPI-based certificate stores, but it's own stores (and tools).
You can look at the Mono project's wiki, e.g. the security FAQ, and in particular the article named Using Trusted Roots Respectfully.
Related
I'am trying to export certificates from my personal store to c:drive location using certmgr in script
Does someone know what the command is, or can send me to some website. Thanks alot..
CertMgr /s /r CurrentUser my /put cert1.cer /s /r C:\
The following command saves a certificate with the common name myCert in the my system store to a file called newCert.cer. (certmgr command is certmgr.exe instead of certmgr.msc)
certmgr /add /c /n myCert /s my newCert.cer
Please refer to the below link.
https://learn.microsoft.com/en-us/dotnet/framework/tools/certmgr-exe-certificate-manager-tool
Besides, we could refer to the below Powershell cmdlet, which can export a certificate to a file, the difference between these commands is whether the private key and some other extended properties are exported.
https://learn.microsoft.com/en-us/powershell/module/pkiclient/export-certificate?view=win10-ps
https://learn.microsoft.com/en-us/powershell/module/pkiclient/export-pfxcertificate?view=win10-ps
Here is an example of exporting a certificate to a PFX file.
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
Get-ChildItem -Path cert:\localMachine\my\5F98EBBFE735CDDAE00E33E0FD69050EF9220254 | Export-PfxCertificate -FilePath C:\mypfx.pfx -Password $mypwd
I'm trying to set up a password free ssh path from a linux server to a windows machine. I currently have MobaSSH running on the windows machine. I can ssh from the linux server to the windows machine fine and execute commands just fine but I have to enter a password.
I create a public RSA key on the linux system and using WinSCP I copied the file over to the C:\Users\MyUserName\.ssh folder and restarted the MobaSSh service on the windows machine.
It still won't let me ssh in without a password. What am I missing here? Any help vastly appreciated.
OpenSSH is available for Windows 10 and has worked very reliably for me. I can consistently connect from a Linux machine without a password. Here is how to set it up.
upgrade to Windows 10 version 1809 or higher
check via: powershell -c "(Get-Item 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion').GetValue('ReleaseID')"; see also systeminfo | findstr /B /C:"OS Name" /C:"OS Version" for Pro vs. Home, build number
upgrade via Windows Update settings or Download Windows 10 (the latter works around an issue where some systems are stuck at 1803)
install SSH client and server (as administrator; source) - in Windows PowerShell:
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd # remote login should be possible following this command
Set-Service -Name sshd -StartupType 'Automatic'
Get-NetFirewallRule -Name *ssh* # there should be a firewall rule named "OpenSSH-Server-In-TCP" # optional
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0 # optional
enabling public key login for administrators (source) - from Linux command-line:
scp ~/.ssh/id_rsa.pub administrator#remote_computer_name:'C:\ProgramData\ssh\administrators_authorized_keys' # if using an alternate method, ensure file is not UTF-16 encoded
icacls C:\ProgramData\ssh\administrators_authorized_keys /remove "NT AUTHORITY\Authenticated Users"
icacls C:\ProgramData\ssh\administrators_authorized_keys /inheritance:r
get-acl C:\ProgramData\ssh\ssh_host_dsa_key | set-acl C:\ProgramData\ssh\administrators_authorized_keys
enabling public key login for non-administrators - in Windows PowerShell:
Install-Module -Force OpenSSHUtils -Scope AllUsers # for: Repair-AuthorizedKeyPermission
cd C:\Users\...
ssh-keygen # create ~/.ssh
# add key(s) to ~/.ssh/authorized_keys
$ConfirmPreference = 'None'; Repair-AuthorizedKeyPermission -FilePath .ssh\authorized_keys
# if above fails, try ''%%Set-ExecutionPolicy Unrestricted -Scope CurrentUser%%''; see also https://github.com/PowerShell/Win32-OpenSSH/issues/1245#issuecomment-440388604
I have two domain joined machines (ServerA & ServerB) running Windows Server 2012 R2.
I want to add new registry key in ServerB from ServerA.
I am running below command in ServerA:
reg add \\ServerB\HKLM\SOFTWARE\MyCompany\MyApp /v Username /t REG_SZ /d ABC123 /f
Output from above command: The operation completed successfully.
But when I checked registry in ServerB, I didn't find the newly added key.
I am using MSBuild to run this command inside a script in ServerA.
Deploy.proj
<Target Name="Deploy_Registry">
<!--Make sure the Remote Registry service is started-->
<ServiceController MachineName="ServerB" ServiceName="Remote Registry" Action="Start" ContinueOnError="true"/>
<Exec Command='reg add \\ServerB\HKLM\SOFTWARE\MyCompany\MyApp /v Username /t REG_SZ /d ABC123 /f' ContinueOnError='false' /></Target>
I created a wix bundle which was working properly before codesigning. After googling and checking wix documentation, I got to know that I need to use insignia.exe for code signing the wix bundle. Please any idea on how to use this tool. Thanks in Anticipation.
I use the next command sequence (it's a part of my cmd file. Certificate is stored in a file on hard drive. If you want to sign your installer by the certificate from the store just fix signing part. All result code check is omitted)
set INSIGNIA_PATH="C:\Program Files (x86)\WiX Toolset v3.8\bin\insignia.exe"
rem Detach engine
del /q engine.exe
%INSIGNIA_PATH% -ib Setup.exe -o engine.exe
rem Sign engine
SignTool.exe sign /f certificate.pfx /p CERT_PASSWORD /t TIMESTAMP_URL engine.exe
rem Attach engine
%INSIGNIA_PATH% -ab engine.exe Setup.exe -o ProductSetup.exe
rem Sign bundle
SignTool.exe sign /f certificate.pfx /p CERT_PASSWORD /t TIMESTAMP_URL ProductSetup.exe
I am writing batch script..
that will download from google docs using wget.
I am getting SSL error from google inc.
here is code wget (from this link Windows batch file file download from a URL)
#echo off
for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set y=%%k
for /F "tokens=2,3,4 delims=/ " %%i in ('date/t') do set d=%%k%%i%%j
for /F "tokens=5-8 delims=:. " %%i in ('echo.^| time ^| find "current" ') do set t=%%i%%j
set t=%t%_
if "%t:~3,1%"=="_" set t=0%t%
set t=%t:~0,4%
set "theFilename=%d%%t%"
echo %theFilename%
#pause
cd "C:\Users\MYNAME\Documents\TemObv\GnuWin32\bin"
wget.exe --output-document C:\Users\MYNAME\Documents\TemObv\file_%theFilename%.tsv https://docs.google.com/spreadsheet/pub?key=0AqSBI1OogE84dGN2bXRSZkZPVVRuNkMtN0p4eXpyVlE&single=true&gid=0&range=A5&output=txt
#pause
here is ssl error from wget
Resolving docs.google.com... 74.125.227.72, 74.125.227.73, 74.125.227.78, ...
Connecting to docs.google.com|74.125.227.72|:443... connected.
ERROR: cannot verify docs.google.com's certificate, issued by `/C=US/O=Google In
c/CN=Google Internet Authority':
Unable to locally verify the issuer's authority.
To connect to docs.google.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
'single' is not recognized as an internal or external command,
operable program or batch file.
'gid' is not recognized as an internal or external command,
operable program or batch file.
'range' is not recognized as an internal or external command,
operable program or batch file.
'output' is not recognized as an internal or external command,
operable program or batch file.
Press any key to continue . . .
I don't know about Windows, but the unix version of wget has a flag called no-check-certificate which can be used in this case.