Month: July 2017

Internet Explorer Proxy Registry Keys

Internet Explorer Proxy Registry Keys

Disable Proxy on Windows

There may be a scenario where you may find the need to bypass a Proxy in order to test an internal application or just basically get out to the internet. In most organisations the Proxy is usually set via Group Policy and in order to bypass the proxy you would usually move the computer account to another Organisation Unit within Active Directory. In order to action this the new OU would need to have identical group policies applied except for the proxy.

Well, you can easily bypass a proxy, as long as you have local administrator access to the client machine. I came over a scenario with DirectAccess where I required the removal of the Proxy in order to test the Microsoft CPA scripts which hardened the solution. A simple and effective way to do this is to delete the below registry location. Do not worry, it location will be re-created once you fire up Internet Explorer or Edge. A restart is not required, just close down all your IE windows and re-open the change is instant. Do not reboot as the policies may be applied again via group policy.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

 

Verify Connectivity to a Remote Computer

Verify Connectivity to a Remote Computer

Telnet from a Windows Machine

When providing accessible public services a requirement may arise to test the connectivity externally. This can be done using the built in command line Telnet subject to the Telnet Windows feature is installed. This is unlikely as in most scenarios, Telnet is only installed if required. Additionally, using Putty you can achieve the same result, however try downloading Putty through some Proxy’s and you wont have much luck. But using the built in Windows 10 PowerShell command Test-NetConnection, this is easily achiveable. If you need to test SMTP, HTTP, HTTPS, running  the below command can provide you with either “True” or “False”.

Test-NetConnection -Port 80 -ComputerName kamhussain.com | ft TcpTestSucceeded

 

Extracting a Private Key from a Certificate

Extracting a Private Key from a Certificate

Splitting a Certificate File

OpenSSLWe recently has an issue where I was required to upload a certificate to a F5 Big-IP. Now most of admins probably already figured out that some systems such as ADC’s or load balances require the certificate you upload to come in to parts. Part 1 is the certificate file itself so it will have an extension of .CER and part 2 is the private key with an extension of .KEY. Some certificate providers bundle the private key and certificate together, as useful as this, sometimes you have a requirement to separate the private key from the certificate file.

In order to split a certificate we will use OpenSSL for Windows, a free utility to manage and create certificates, if you don’t already have a copy of this utility, Click HERE to download it.

Assuming your utility is located in the root of the C Drive, and the certificate you want to split is also kept within in the same folder.

 

Open a administrative command prompt and navigate to the folder where you have stored the OpenSSL utility, then run the following command. You will be asked to provide the password for the certificate. This will extract the Private Key.

openssl pkcs12 -in certificates.pfx -nocerts -out privatekey.key

 

Next we will now extract the certificate, so run the below command:

openssl pkcs12 -in certificates.pfx -clcerts -nokeys -out certificate.cer

 

That’s it! You now have a private key and certificate which you can utilise. If you need to use OpenSSL on Windows, I’ve attached the program to this post. Just extract the files and using a command prompt navigate to the OpenSSL directory and call openssl.exe [then your commands]