Certificate Services

Automate LetsEncrypt Certificate Renewal using Internet Information Services (IIS).

For those of you who have been living under a rock for the last couple years, Lets Encrypt is a brilliant initiative to provide publicly trusted SSL certificates for free. https://letsencrypt.org/ The one downside about using LetsEncrypt is that the certificates are only valid for 3 months. To overcome this, some automation is required. After fumbling around with different methods I came up with this simple configuration and script to achieve this goal. Before we begin there are some prerequisites we need to ensure are in place. 1. This tutorial expects that you understand how to configure websites and virtual...

Continue reading...

Disabling TLS/SSL renegotiation in Configuration Manager 2012

I recently assisted a client with a very specific issue blocking client communication to the Configuration Manager 2012 Management Points. During my investigation I found there was no suitably ranked article and so here is the issue outline and resolution. Key error codes:- Client – Failed to receive HTTPS response. (Error at WinHttpReceiveResponse: 12029) Error 0x80072efd Server – (In IIS inetsrv logs) – 2015-05-07 13:28:55 {IP} PROPFIND /CCM_Client – 443 – {IP} ccmsetup – 500 0 64 0 0 Environment:- You have client certificates / HTTPS (PKI) Authentication enabled for the Configuration Manager site and Site Systems. Some or none...

Continue reading...

Certificate Revocation List Distribution Point (CDP) – A working example!

But I’m an MCSE. This should just work right… Yet another deployment that required more time remediating the Public Key Infrastucture (PKI) then it did to deploy the entire hierarchy. Based on that, I wanted to write this article. Nearly all the PKI issues I see are all a bi-product of a “next-next-next” deployment. It amazes me that people will spend months planning a SQL deployment but not give a critical infrastructure component like Certificate Services more than 5 minutes of their time. Anyway, I digress 🙂 Lets start right at the beginning and explain how Certificate Revocation works:- 1)...

Continue reading...