Hodžův blog

Archive for the 'Bezpečnost' Category

02 Lis

The revocation function was unable to check revocation because the revocation server was offline

Translated humorously into Czech as Funkce zrušení nemohla zkontrolovat zrušení, protože server pro zrušení byl offline. If the issue is with the certification authority, the following registry modification will help you. In HKLM\System\CCS\Services\SSTPSvc\Parameters create a new DWORD (32-bit) named NoCertRevocationCheck with a value of 1.The provided solution should be implemented only for the necessary period!

16 Říj

KB5018410 = Outlook error 0x800CCC1A & Postfix SSL_accept:error

After installing the October update (KB5018410), customers started reporting to us that they were unable to send mail from Outlook using SMTP TLS (port 587). The email client only displays the error message: 0x800CCC1A and postfix writes in the log: Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: connect from my.private.ip.[xxx.xxx.xxx.xxx] Oct 16 18:21:39 mail postfix/submission/smtpd[719912]: SSL_accept error […]

29 Srp

Greenbone Enterprise TRIAL – Login problem

With Greenbone Enterprise TRIAL, as well as Greenbone Community Edition (GCE), I ran into a problem where I could not log into the web interface after several tests. I just get a message: The Greenbone Vulnerability Manager service is not responding. This could be due to system maintenance. Please try again later, check the system […]

04 Úno

.CSR, .CRT a .KEY aneb patří k sobě?

Dnes jsem zákazníkovi obnovoval certifikáty. Jelikož jsem generování a stažení certifikátů dělal z různých počítačů, chtěl jsem mít 100% jistotu, že soubory k sobě patří. S OpenSSL to lze naštěstí velmi snadno ověřit: # CSR $ openssl req -in domena.cz.csr -pubkey -noout -outform pem | sha256sum a9a2390ea6ea6a3d5a186b5ee137f89909f533031fab9e2010a8f2c237fb9b7e – # Certifikát $ openssl x509 -in domena.cz.crt […]

05 Říj

UBNT UniFi AP (UAP) Upgrade Loop

1. Forgot device from UniFi 2. SSH to UniFi AP (default credential ubnt/ubnt) ssh root@ip_of_unifi_ap 3. Upload latest firmware image from UniFi web site (https://www.ui.com/download/unifi/unifi-ap) cd /tmp wget https://dl.ubnt.com/unifi/firmware/BZ2/4.0.15.9872/BZ.ar7240.v4.0.15.9872.181229.0259.bin –no-check-certificate mv BZ.ar7240.v4.0.15.9872.181229.0259.bin fwupdate.bin 4. Run upgrade process syswrapper.sh upgrade2 & 5. Wait a moment & adopt device in controller

05 Říj

DNSSEC in BIND & Fast validation

Edit Bind config file vi /etc/bind/named.conf.options … options { … dnssec-enable yes; dnssec-validation auto; … }; …

14 Čvc

Jak dešifrovat heslo z Remminy

…aneb když zapomenete přihlašovací údaje. Hesla v remmině jsou zašifrována pomocí blokové šifry 3DES s 256bitovým (náhodně vygenerovaným) klíčem. Klíč lze nalézt (Kubuntu 18.04) v souboru ~/.config/remmina/remmina.pref (na řádce začínající slovem „secret=“). Jednotlivá zašifrovaná hesla pak jsou v souborech ~/.local/share/remmina/*.remmina (řádek začínající klíčovým slovem „password=“). K dešifrování poslouží tento krátký skript v Pythonu (nahraďte položky […]

27 Led

IPSEC tunnel from Check Point to Mikrotik

Check Point configuration: IP address WAN: 1.2.3.4 IP address LAN: 192.168.1.0/24 Username: johndoe Password: mysecret Shared secret: 12345678 Mikrotik configuration: /interface l2tp-client add connect-to=1.2.3.4 disabled=no ipsec-secret=12345678 name=l2tp-checkpoint password=“mysecret“ use-ipsec=yes user=johndoe /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des pfs-group=none /ip route add distance=1 dst-address=192.168.1.0/24 gateway=l2tp-checkpoint

13 Led

Getent passwd dosen’t show all users of LDAP server (Can’t receive more than 500 entries)

Quick fix: echo „dn: cn=config changetype: modify replace: olcSizeLimit olcSizeLimit: 10000“ > olcSizeLimit.ldif ldapmodify -Y EXTERNAL -H ldapi:/// -f olcSizeLimit.ldif

13 Led

SSL Library Error: 185073780 key values mismatch

When installing a certificate on Apache web server, you might receive an error SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch during restart of Apache service. Most often, this error appears if you are using an incorrect private key along with the certificate you received from the Certificate Authority. In order for Apache to […]

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme