Love the tubes..thank you Kiran Patil – base64 won’t trick me again :)

Thank God for the tubes!! I was banging my head against some errors today in some code which seemed pretty straightforward. Take some data – encrypt it via 3DES – encode it in base64 Toss it over to some other system – decode – decrypt. However, randomly I would fail here: System.FormatException was unhandled by…

2

HowTo: Disable UPN mapping for SmartCard logon

  <rant> good lord this is an ugly blog… I need to find the time to customize this hideous new theme </rant> It’s been a while since I’ve blogged about something around smartcards ( ha! ) , so here goes. Here is the basic setup. The smartcard certificate has the following key information:   Serial:…

9

Delete certificate from smartcard with Base Smart Card provider

Just a reminder Certutil -scinfo will list all the cert on the card: ================ Certificate 3 ================— Reader: Gemplus USB Smart Card Reader 0—   Card: Axalto Cryptoflex .NETProvider = Microsoft Base Smart Card Crypto ProviderKey Container = le-AuthMultiOID-e6c02f48-c2ee-4c0-27765 [Default Container] No AT_SIGNATURE key for reader: Gemplus USB Smart Card Reader 0 Performing AT_KEYEXCHANGE public key…

0

WSFederationAuthenticationModule (WSFAM) CryptographicException auth failure

As you may have guessed from my recent posts, I was working on a first stab at some WIF work recently.. and the app was failing with the following error. The system cannot find the file specified. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for…

1

Just a quick post on IIS7 cert mapping setup

Install the role service under IIS At the Server level – enable DS mapping under authentication: Create the web site. Enable it for HTTPS ( bindings ) Set the site to require certs under: Enable the site : C:\Windows\SysWOW64\inetsrv>appcmd unlock config /section:clientCertificateMappingAuthentication Unlocked section “system.webServer/security/authentication/clientCertificateMappingAuthentication” at configuration path “MACHINE/WEBROOT/APPHOST”. C:\Windows\SysWOW64\inetsrv>appcmd set config “CertAuthWebSite” -section:clientCertificateMappingAuthentication /enabled:true…

1

Cool new features in 2k8 R2 for Certificate Services

I really dont like posting about another post.. but its too cool not to in this case 🙂 There are some really awesome new features for Cert Services in 2k8 R2.. check it out in the Certificate Enrollment Web Services Whitepaper Original post: http://blogs.technet.com/pki/archive/2009/09/15/certificate-enrollment-web-services-whitepaper.aspx Doc download link: http://download.microsoft.com/download/C/2/2/C229E624-36E4-4AD8-9D86-F564ED539A16/Windows%20Server%202008%20R2%20Certificate%20Enrollment%20Web%20Services.doc

0

Joining a domain via Smartcards

http://technet.microsoft.com/en-us/library/cc721959.aspxundefined A snip from the article: Smart card root certificate requirements for use when joining a domain When using a smart card to join a domain, the smart card certificate must comply with one of the following conditions: The smart card certificate must contain a Subject field that contains the DNS domain name within the…

0

Honey, I lost the (private) keys — EFS keys missing?

    Interesting  EFS issue the other day.. Customer was rolling  out EFS so they set up DRA’s and this worked great. When they encrypted files the DRA’s  showed up just fine in the file information. However, when they went to decrypt a file via the assigned DRA account – it failed to recover the…

2

Get Serial number, expiry date, subject name and subject alternative names in script

The question was something like this:   …”What I need to be able to do is iterate through each certificate in the Local Machine’s Personal store and spit out at least the serial number, expiry date, subject name and subject alternative names.”   Here is the output:   —————————————————————- Serial: 619487CD000000E4DCFFSubjectName: CN=SPATDSG, OU=Workstations, OU=Machines, DC=crisco,…

2