Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

Uncategorized
I pulled together a few scripts and sites and found a simpler path to get Let's Encrypt working on the Unifi Controller. Pre-requisites: Port 443 opened on the boxUnifi 5.10 or newer. May work on older installs but no guarantees.Ubuntu 16.04 or newer. May work with older installs but no guarantees. Now the quick how-to: After connecting to the server via SSH, run the following: wget https://util.wifi.gl/unifi-import-cert.sh cp ./unifi-import-cert.sh /etc/letsencrypt/renewal-hooks/post/ chmod o+x /etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh wget https://dl.eff.org/certbot-auto chmod o+x ./certbot-auto ./certbot-auto certonly /etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network. This should get you going, now we just need to schedule the renewal…
Read More

Create a self signed certificate on Windows Server 2016 with PowerShell

Uncategorized
I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn't care to go through the normal process. Here's the snippets you need. New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate. Now let's export the certificate. $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword Then we just need to export the public key. Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer
Read More

Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

Uncategorized
I'm at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we'll focus on one. How to protect all OU's from Accidental Deletion. Here's a quick PowerShell to determine what OU's are not currently protected from accidental deletion: Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft Now that you know what OU's need work, we can pass that into a set command to go ahead and get those OU's protected. Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true Lastly, we can verify that…
Read More

Centos 7.6 Minimal Post Install Change

blog, Linux, Ubuntu, VMWare
I'm working on a project at a customer location this week and this particular project required me to install Centos 7+.  Being an Ubuntu guy, I kicked and moaned for about 3 whole seconds and started the install.  It went as smooth as you'd expect, however, I was greeted with no network connectivity once Centos rebooted.  Mentally, I thought it was needing VMWare drivers or something but as it turns out, I just needed to enable the network interface. vi /etc/sysconfig/network-scripts/ifcfg-<cardname> Now change ONBOOT=No to ONBOOT=Yes Then simply reboot and make sure you can get connected to the network.
Read More