Archive

Archive for the ‘SSL’ Category

Heartbleed OpenSSL bug – What you need to know

I thought I would give a plug for Troy Hunt’s blog post as he has taken some time to write it all up. If you want to read about the security ‘Heartbleed OpenSSL bug’ then take a look at the link below. Worth a read!

http://www.troyhunt.com/2014/04/everything-you-need-to-know-about.html 

I also did a blog post about creating OpenSSL certificates for development, but I emphased in that post the following statement:

you should purchase a secure SSL certificate for production environments

Memory

Greg Olsen
YellowDuckGuy

Advertisements

Microsoft Dynamics CRM – Create an OpenSSL Self-signed SSL Certificate for your CRM 2013 Dev Environment

December 17, 2013 Leave a comment

The first step in configuring a CRM 2013 environment to be enabled for claims-based authentication and Internet Facing Deployment (IFD) is to have a SSL Certificate available for setup. This blog post will simply outline how to quickly generate and use an OpenSSL certificate to be used with your setup of CRM for claims-based authentication and Internet Facing Deployment.

Before I move on, I do want to emphasize that you should purchase a secure SSL certificate for production environments. I would recommend purchasing them from sites such as godaddy.com, entrust.net, verisign.com, thawte.com etc

 

What is a SSL Certificate?

 

yellowduckguy

Firstly, the Secure Socket Layer (SSL) protocol ensures secure transactions between web servers and browsers i.e. traffic between you sitting at your PC and the server your interacting with.

Secondly, the protocol uses a third party, a Certificate Authority (CA), to identify one end or both ends of the transactions. SSL certificates are files that connect the security key to an organisation’s details. When the SSL certificate is installed on a web server, it activates the little padlock symbol and the https protocol (which is over port 443) and allows secure connections from a web server to your browser.

 

Creating a OpenSSL Self-Signed SSL Certificate?

 

When you start out with SSL certificates you probably quietly say to yourself “how the hell do I create a local one and not buy one?”. Keep reading as I have an answer for you. But remember, you need to buy one for production environments!

Let’s head to Open SSL website first and get the file(s) you need. To read about OpenSSL, go to http://slproweb.com/products/Win32OpenSSL.html

 

Install the software to create the OpenSSL Certificates:

 

Note:

    make sure you install the dll’s in the bin directory when it asks you to in the installer. I found this to be easier.

 

Create the OpenSSL Certificate

 

You will create the OpenSSL Cerificate by using the Command Prompt – yea sorry, no UI in these instructions.

Open a Run Command Prompt with administrator priviledges and then execute the following commands one at a time. Note: change C:\OpenSSL-Win32\bin\ below to match your location of your installation and remember to change Win32 to Win64 if your using the 64bit installation. Also, change itsgrego to a name for your SSL Certificate.

During the process, you will be asked to input a certificate password and a few other organisation details. Don’t worry if you get it wrong on the first occasion as you can do the process again.

set RANDFILE=C:\OpenSSL-Win32\bin\.rnd 
openssl genrsa -out privatekey.pem 1024
openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825
openssl pkcs12 -export -out itsgrego.pfx -inkey privatekey.pem -in publickey.cer

During the process, you will be asked to input a certificate password and a few other organisation details. Don’t worry if you get it wrong on the first occasion as you can do the process again. I recommend creating a wildcard certificate with a Common Name (CA) of *.yourdomain , example: *.itsgrego.

sslcert

Once you are successful creating the OpenSSL Certificate, navigate to your installation directly and obtain OpenSSL Certificate, which will have an extension of .pfx. It will be located in a directly similar to C:\OpenSSL-Win32\bin\ or C:\OpenSSL-Win64\bin\ or depending on where you chose to install the OpenSSL software.

Now that you have your OpenSSL Certificate, you can add it to the Personal and Trusted Root Certificate locations to start using it.

itsgregoSSL

Greg Olsen
YellowDuckGuy

Microsoft Dynamics CRM – Creating SSL Certificates for CRM Test Environment

December 10, 2013 Leave a comment

I thought I would give a plug for Jeremy Morlock’s MSDN blog post regarding creating SSL certificates. There is some useful information in this post which is a good read.

Find the posting here: http://blogs.msdn.com/b/crminthefield/archive/2013/11/27/creating-ssl-certificates-for-crm-test-environment.aspx

Greg Olsen
YellowDuckGuy