Icinga icon   Icinga – Monitor SSL certificate expiration date

A common task among system administrators is the renewal of SSL certificates. It is important to keep track of expiration dates so that it is not too late for us to renew it.

You can simply create an excel or some other type of record of the certificate dates, but you have to remember to check it from time … Read more

EXCHANGE   Exchange – Cannot remove exchange certificate

Some days ago I tried to cleanup old certificates from my Exchange servers, but I received the following error:

Exchange - Cannot remove exchange certificate

[PS] C:\> Remove-ExchangeCertificate -Thumbprint D09EDD6D5F18C175254AB97046AAAAAAAAAAAAA

Are you sure you want to perform this action?
Remove certificate with thumbprint DD09EDD6D5F18C175254AB97046AAAAAAAAAAAAA from the computer's certificate store?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is 
Read more

Security   Security – Create self signed SAN certificate with OpenSSL

This post explains how to generate self signed certificates with SAN – Subject Alternative Names using openssl. It is a common but not very funny task, only a minute is needed when using this method.

The example below generates a certificate with two SubAltNames: mydomain.com and www.mydomain.com

Create openssl configuration file

Create configuration file for openssh (In a Linux … Read more

Security   Security – Convert PFX to PEM using Windows or Linux

For certain application, a job partner asked me to send him certain certificate with private key in PEM format. Normally I’m using PFX format, but with a little help of the openssl toolkit converting PFX to PEM is quite easy.


openssl for windows can be downloaded here: http://gnuwin32.sourceforge.net/packages/openssl.htm
After extracting the contents, inside the bin subfolder the openssl … Read more

Windows   Windows – Renew certificate assigning the same private key

When renewing a certificate it is not necessary to generate a new csr. This is possible by maintaining the same private key.

When received the renewed certificate from the 3rd party certification authority, we can try to import it and assign the private key from the management console (mmc -> certificates).
One of the options that are shown when … Read more