Check local certificate store for expired certificate

This script looks inside local machine certificate store for expired certificates. If found, it writes to the event log.

$ThresholdWarning = "60"   #Set warning date  
$ThresholdError = "30"   #Set error date  
New-EventLog -Source PKI -LogName Application -ErrorAction:SilentlyContinue
$Certs = (Get-ChildItem Cert:\LocalMachine\My)
Foreach ($Cert in $Certs){  
	If ($($Cert.Subject) -notlike "*OU=Servrar, DC=domain, DC=se"){
		$Day = $($Cert.NotAfter - (Get-Date)).Days 
        $Message =  "$($cert.Subject)`n$($cert.Issuer)`n$($cert.NotAfter) `nExpires in $Day Days" 
		If ($Day -le $ThresholdError){
			Write-Eventlog -computername LocalHost -Logname 'Application' -source PKI -eventID 100 -EntryType Error -message $Message -Category 4
			#Write-Host "ERROR! `n$Message" #Debug only
			}
		ElseIf ($Day -le $ThresholdWarning){
			Write-Eventlog -computername LocalHost -Logname 'Application' -source PKI -eventID 100 -EntryType Warning -message $Message -Category 4
			#Write-Host "WARNING! `n$Message" #Debug only
			}
        }
	}
Posted in Powershell, Uncategorized | Comments Off on Check local certificate store for expired certificate

Search inside Powershell scripts

Cls
#Path
$Files = Get-ChildItem "Path to your scripts i.e C:\Powershell" -File
Foreach ($File in $Files)
	{
	$SearchString = "*Text*" #Enter search pattern here
	If (Select-String -Path $File -Pattern $SearchString)
		{Write-Host "Found $SearchString in $File $(($File.LastWriteTime).DateTime)"}
	}

Posted in Powershell | Comments Off on Search inside Powershell scripts

Windows Firewall – How to bypass AD-policy and allow inbound traffic

In some cases i.e support and other troubleshooting issues you have to temporary disable or allow all traffic through Windows Firewall.

1. Open regedit.exe and browse to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
(This key does not exist if there is no AD-policy affecting your machine)

2. Change the DWORD “DefaultInboundAction” to “0”.

3. Restart the Windows Firewall service.

4. This setting will remain until next policy update.

Posted in Firewall, Windows | Comments Off on Windows Firewall – How to bypass AD-policy and allow inbound traffic

Generate a new pkcs12 ( p12 or pfx) from your public and private key

Start Openssl. Normally in “C:\Program Files (x86)\GnuWin32\bin”

Execute
openssl>pkcs12 –export –in MyCertificate.crt –inkey MyKey.key –out MyNewCert.pfx

Posted in OpenSSL | Tagged , | Comments Off on Generate a new pkcs12 ( p12 or pfx) from your public and private key

Write CSR with SAN-attributes

Openssl.cnf[
req]

distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = MyProvince
localityName = Locality Name (eg, city)
localityName_default = Mycity
0.organizationName = Organization Name (eg, company)
0.organizationName_default = MyOrganisation
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = MyOrganisationUnit
commonName = Subject Name
commonName_max = 64
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = san1.domain.com
DNS.2 = san2.domain.com

Execute
OpenSSL> req -newkey rsa:2048 -keyout C:\Certs\MyKey.key -out C:\Certs\Request.csr -config C:\Certs\Openssl.cnf

When you get the signed CSR in return follow this article to generate a pfx or p12

Posted in OpenSSL, PKI | Tagged , , | Comments Off on Write CSR with SAN-attributes

Pass variables to Invoke-Command

Invoke-Command -ComputerName $Server -Credential $Creds -ArgumentList $Password -ScriptBlock {Param($Password) Write-Host $Password}

Posted in Powershell | Comments Off on Pass variables to Invoke-Command

Problems updating Turnkey appliance WordPress installation

When you click the update button i WordPress you come to a page where WordPress wants you to specify a ftp server.

This is because faulty ownership of the WordPress files.

Soloution:

chown -R www-data:www-data /var/www/wordpress

Posted in Uncategorized, Wordpress | Comments Off on Problems updating Turnkey appliance WordPress installation

Windows Update fails when trying to install KB2925418 with 0x80070057 as error code

Problem: You get error 0x80070057 in Windows system event log when you try to install KB2925418 either manually or by WSUS.

Installation Failure: Windows failed to install the following update with error 0x80070057: Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB2925418).

Installation Failure: Windows failed to install the following update with error 0x80070057: Security Update for Windows (KB2925418).

Soloution: This patch has been superseeded by another so just decline the patch in the console and it won’t install on your machines.

Posted in Windows | Comments Off on Windows Update fails when trying to install KB2925418 with 0x80070057 as error code

Verify certificate and private key with Openssl

Openssl can be used for verifying if there is a match between a private key and certificate.

Enter these commands and analyze the output.

openssl x509 -noout -text -in server.crt
openssl rsa -noout -text -in server.key

Compare the two sections listed below, they should be the same if there is a match.

ComparePubkeyComparePrivkey

Posted in OpenSSL, PKI | Comments Off on Verify certificate and private key with Openssl

Control Panels shortcuts/shortnames

Control panel tool Command
—————————————————————–
Add/Remove Programs       appwiz.cpl
Network Properties              ncpa.cpl
System Properties                sysdm.cpl

Posted in Windows | Comments Off on Control Panels shortcuts/shortnames