Posts Tagged ‘CRT’

How to convert .CRT SSL Certificate to .PFX format (with openssl Linux command) and Import newly generated .PFX to Windows IIS Webserver

Tuesday, September 27th, 2016

IIS8_Windows_Webserver_logo_convert_CRT_and_import_PFX-certificate

1. Converting to .CRT to.PFX file format with OpenSSL tool on GNU / Linux to import in Windows (for example, IIS)

Assuming you have generated already a certificate using the openssl Linux command and you have issued the .CRT SSL Certificate issuer file
and you need to have the new .CRT SSL Certificate installed on Windows Server (lets say on Windows 2012) with IIS Webserver version 8.5, you will need a way to convert the .CRT file to .PFX, there is plenty of ways to do that including using online Web Site SSL Certificate converter or use a stand alone program on the Windows server or even use a simple perl / python / ruby script to do the conversion but anyways the best approach will be to convert the new .CRT file to IIS supported binary Certificate format .PFX on the same (Linux certificate issuer host where you have first generated the certificate issuer request .KEY (private key file used with third party certificate issuer such as Godaddy or Hostgator to receive the .CRT / PEM file).

Here is how to generate the .PFX file based on the .CRT file for an Internal SSL Certfiicate:

 

openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx

On the password prompt to appear use any password because otherwise the future IIS Webserver certificate import will not work.
 

To do a certificate chain SSL export to be accessed from the  internet.

 

openssl pkcs12 -export -in server.crt -inkey server.key -out server.pfx -certfile internet v2.crt

2. Import the PFX file in Windows


Run: mmc, add snap, Certificates, Computer account, Local Computer; in the
Console:

Certificates (Local Computer) > Personal > Certificates: Select All Tasks > Import File

Enter previously chosen password.
You should get further the Message "Import was successful."

You can import the PFX file by simply copying it to the server where you want it imported and double click it this will  open Windows Importwizzard.

Then select the IIS:

 

Site, Properties, Directory Security, Server Certificate, Replace the current certficate, select proper Certificate. Done.

Alternatively to complete the IIS Webserver certificate import within one step when a new certificate is to be imported:

In IIS Manager interface go to :

Site, Properties, Directory Security, Server Certificate, Server Certificate Wizard


Click on

Next

Choose

import a certificate from a .pfx file, select and enter password.

Internet_Information_Server_IIS_Windows-SSL_Certificate-import-PKF-file

3. Import the PFX file into a Java keystore


Another thing you might need if you have the IIS Webserver using a backend Java Virtual Machine on the same or a different Windows server is to import the newly generated .PFX file within the Java VM keystore.

To import with keytool command for Java 1.6 type:

 

keytool -importkeystore -deststorepass your_pass_here -destkeypass changeit -destkeystore keystore.jks -srckeystore server.pfx -srcstoretype PKCS12 -srcstorepass 1234 -srcalias 1 -destalias xyz


Also the .CRT file could be directly imported into the Java keystore

 

Import a .crt in a Java keystore


/usr/java/jre/bin/keytool -import -keystore /webdienste/java/jdk/jre/lib/security/cacerts -file certificate.crt -alias Some alias

 

 

4. Get a list of Windows locally installed certificates

To manager installed certificates on Windows 7 / 8 / 2012 Server OS is to run command via

Start -> Run

 

certmgr.msc

certmgr_trca_windows_check-windows-installed-ssl-certificates

 

One other way to see the installed certificates on your Windows server is checking within

Internet Explorer

Go to Tools (Alt+X) → Internet Options → Content → Certificates.

 

To get a a complete list of installed Certificate Chain on Windows you can use PowerShell

 

Get-ChildItem -Recurse Cert:

 

That's all folks ! 🙂

 

How to fix “Out of Range” resolution problems with NVIDIA Riva TNT2 Model 64/Model 64Pro with BENQ FP61E

Friday, January 20th, 2012

Today I had a task to change an old CRT Monitor to LCD BENQ Model FP61E on a computer running Microsoft Windows XP SP3.

Changing phyiscally the monitors and restarting the computer to load with the new BENQ monitor ended up with the LCD Monitor showing a blank screen with error:

Out of Range

making the computer completely unusable.

Thanksfully in Windows Safe Mode the monitor was able to display the screen properly, so I had an option to operate somehow on the pc

My guess was that the Out of Range monitor problems were caused by an incorrect (monitor unsupported resolution).

Therefore what I tried as a fix to make it work was:

1. Enter Windows Safe Mode and change (lower the resolution) to 640×480, and restart the PC.
Unfortunately using this classical way to fix such issues failed… so I thought of some options.
2. Disable the video card NVIDIA Riva TNT2 Model 64 driver and check if this will make any difference.

I come up with the idea the Out of Range LCD issues might be caused by the Video card driver cause I've noticed in safe mode a standard VESA like VGA Driver shipped with Windows worked just fine.
To Disable the currently loaded NVIDIA Riva TNT2 Model 64/ Model 64Pro I used:

System -> Device Manager -> Hardware (Tab) -> Display Adapters

Clicking on Display Adapters the NVIDIA Riva TNT2 Model 64 appears using the option menu on it one can choose to disable the driver.

Further on restart Windows, to test if the XP will load properly with disabled NVidia video drivers.
Onwards it was clear the whole Out of Range issues were caused by some kind of conflict between the LCD BENQ FP61E Monitor and the NVIDIA Riva TNT2 Model 64

Often latest video drivers solves hardware incompitability issues and fix many bugs, upgrading the driver to latest is always a good idea.

3. Therefore I Upgraded the NVIDIA Riva TNT2 64 driver (using Safe Mode) to the latest available from Nvidia's official site.

Weirdly Upgrading NVidia Riva TNT2 drivers to the latest did not fix the Out of Range blank screen error.
After a bit of thinking on what to do to make the Monitor work fine with the Nvidia driver, I thought of completely uninstalling the Nvidia drivers and installing them again might be a fix.
In my previous experience with Windows at many occasions, uninstalling a driver failing to properly work and installing it again with a working version was a good fix.

4. Uninstall the NVIDIA Riva TNT2 Model and Install the latest driver.

Uninstalling and Installing the Video driver had to be done in Windows Safe Mode again, in normal mode the windows was not displaying anything.

After The driver installation program completes the installation it requires a restart. After the restart the Video driver gets loaded fine and Windows loaded up in Normal mode as usual 😉

An Idea – How to put your old CRT Monitors in use ;)

Friday, June 24th, 2011

How to order your old monitor screens

Wonder what to do with these old monitors in the basement ?
Here is an idea 😉

What is Xorg’s server DPMS module for? And how to use it to reduce your computer power consumption

Thursday, April 21st, 2011

As I’m manually configuring a Xserver via xorg.conf I have noticed a block of code in:

Section "Monitor"
Identified "Generic Monitor"
Option "DPMS"
EndSection
That triggered my curiousity to research further what is DPMS . A very quick google search revealed that DPMS’s purpose is to communicate to communicate between the monitor and the computer, to make the computer turn off the (CRT or LED) based monitor if the computer is not used

Thus in short to rephrase DPMS is a power saving handy Xorg feature. I many custom configured xorg.conf like the mine I’m building right now does not include DPMS as many people doesn’t have idea what DPMS is and how to enable it.

DPMS is also an interface to the Energy start power-saving capability if not all, most of the modern day monitor screens.

DPMS enables the Xserver to control automatically the computer screen and thus reduces the overall computer power consumption.

To enable the use of DPMS on my Linux, all I had to do is place a couple of configuration directives in my xorg.conf .:
Here is how I enabled DPMS in my Xorg server:

1. Edit with a text editor /etc/X11/xorg.conf

2. Find the Monitor Section , e.g.:

Section "Monitor"
....
EndSection

3. Add inside the Monitor Section Options "DPMS" "true"

4. Lookup for the ServeryLayout section , e.g.:

Section "ServerLayout"
...
EndSection

5. Place inside the ServerLayout section For instance the following options:

Option "StandbyTime" "20"
Option "SuspendTime" "10"
Option "OffTime "25"

You might like to change the options StandbyTime, SuspendTIme or OffTime to match your likings.
6. As a last step restart the Xorg server.

Press Ctrl+Alt+BackSpace or by issuing:

host:~# pkill -HUP X

Test that DPMS is loaded properly by reviewing /var/log/Xorg.0.log for example:

host:~# grep -i /var/log/Xorg.0.log
(II) Loading extensions DPMS