Author: Curtis

Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

Post author By Curtis
Post date
No Comments on Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

I pulled together a few scripts and sites and found a simpler path to get Let’s Encrypt working on the Unifi Controller.

Pre-requisites:

Port 443 opened on the box
Unifi 5.10 or newer. May work on older installs but no guarantees.
Ubuntu 16.04 or newer. May work with older installs but no guarantees.

Now the quick how-to:

After connecting to the server via SSH, run the following:

wget https://util.wifi.gl/unifi-import-cert.sh  
cp ./unifi-import-cert.sh /etc/letsencrypt/renewal-hooks/post/ 
chmod o+x /etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh  
wget https://dl.eff.org/certbot-auto 
chmod o+x ./certbot-auto 
./certbot-auto certonly 
/etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh

If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network.

This should get you going, now we just need to schedule the renewal of the certificate on a monthly basis. To do this, we’ll do the following:

Open Crontab with crontab -e

enter this line:

0 0 1 * * ./certbot-auto renew

Save Crontab and you should be ready to go.

Tags PKI, SSL, Ubiquiti, Ubuntu

Uncategorized

Create a self signed certificate on Windows Server 2016 with PowerShell

Post author By Curtis
Post date
No Comments on Create a self signed certificate on Windows Server 2016 with PowerShell

I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn’t care to go through the normal process. Here’s the snippets you need.

New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My

This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate.

Now let’s export the certificate.

 $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText

Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword

Then we just need to export the public key.

Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer

Tags Certificate, PKI, PowerShell, Windows Server

Uncategorized

Send Email with PowerShell

Post author By Curtis
Post date
No Comments on Send Email with PowerShell

I was helping a customer today troubleshoot a VM to email issue and was tired of using my standard “send email via telnet” method to test the SMTP server. After a bit of research, it’s really easy to send email with powershell in a single command.

Here you go:

Send-MailMessage -SMTPServer localhost -To [email protected] -From [email protected] -Subject "test email" -Body "PowerShell for the win!"

Tags Email, PowerShell, SMTP, Windows Server

Uncategorized

Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

Post author By Curtis
Post date
No Comments on Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

I’m at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we’ll focus on one. How to protect all OU’s from Accidental Deletion.

Here’s a quick PowerShell to determine what OU’s are not currently protected from accidental deletion:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

Now that you know what OU’s need work, we can pass that into a set command to go ahead and get those OU’s protected.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Lastly, we can verify that all of our OU’s are now protected. The column ProtectFromAccidentalDeletion should now say True.

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion} | ft

blog Linux Ubuntu VMWare

Centos 7.6 Minimal Post Install Change

Post author By Curtis
Post date
No Comments on Centos 7.6 Minimal Post Install Change

I’m working on a project at a customer location this week and this particular project required me to install Centos 7+. Being an Ubuntu guy, I kicked and moaned for about 3 whole seconds and started the install. It went as smooth as you’d expect, however, I was greeted with no network connectivity once Centos rebooted. Mentally, I thought it was needing VMWare drivers or something but as it turns out, I just needed to enable the network interface.

vi /etc/sysconfig/network-scripts/ifcfg-<cardname>

Now change ONBOOT=No to ONBOOT=Yes

Then simply reboot and make sure you can get connected to the network.