Use Let’s Encrypt on Ubiquiti Unifi 5.10 on Ubuntu

Uncategorized
I pulled together a few scripts and sites and found a simpler path to get Let's Encrypt working on the Unifi Controller. Pre-requisites: Port 443 opened on the boxUnifi 5.10 or newer. May work on older installs but no guarantees.Ubuntu 16.04 or newer. May work with older installs but no guarantees. Now the quick how-to: After connecting to the server via SSH, run the following: wget https://util.wifi.gl/unifi-import-cert.sh cp ./unifi-import-cert.sh /etc/letsencrypt/renewal-hooks/post/ chmod o+x /etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh wget https://dl.eff.org/certbot-auto chmod o+x ./certbot-auto ./certbot-auto certonly /etc/letsencrypt/renewal-hooks/post/unifi-import-cert.sh If prompted to enter any information, use option 1 to setup a temporary web server for the challenge and enter your unifi.domain.tld hostname (this must have a DNS record that is available external to your network. This should get you going, now we just need to schedule the renewal…
Read More

Create a self signed certificate on Windows Server 2016 with PowerShell

Uncategorized
I guess today is PowerShell day. I needed to create a quick self signed certificate on a Windows Server and didn't care to go through the normal process. Here's the snippets you need. New-SelfSignedCertificate -DnsName server.domain.tld -CertStoreLocation cert:\LocalMachine\My This command will spit out the Thumbprint of that certificate which we will need in the next command. Note, that this is a 1 year certificate. Now let's export the certificate. $CertPassword = ConvertTo-SecureString -String “SomeStrongPassword” -Force –AsPlainText Export-PfxCertificate -Cert cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.pfx -Password $CertPassword Then we just need to export the public key. Export-Certificate -Cert Cert:\LocalMachine\My\3579B7928D895B21CAECfe2F6BE1A6BCCA92C31 -FilePath C:\server.domain.tld.cer
Read More

Windows Server 2012 DC Best Practice Analyzer – Protected OU’s

Uncategorized
I'm at a customer site this week doing various best practice scans, troubleshooting, etc. and one of the tasks today was a full AD scan (security, best practice, etc.). Easily enough, this particular client only had 2 items in Best Practice Analyzer that needed fixed. In this post, we'll focus on one. How to protect all OU's from Accidental Deletion. Here's a quick PowerShell to determine what OU's are not currently protected from accidental deletion: Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft Now that you know what OU's need work, we can pass that into a set command to go ahead and get those OU's protected. Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true Lastly, we can verify that…
Read More

Quick Fix: Exchange 2010 Back Pressure workaround

Uncategorized
We are now in the year 2017 and any exchange admin will know this by the back of their hand but as little as I touch Exchange now (either because it's rock solid or we've moved to Office 365), I always have to Google it.  So this is just a reminder for me in the future. A customer had a backup issue over the past weekend due to an unfortunate set of circumstances.  As a result, their D: was getting full.  They had 15 Gb left of 600 Gb total but the probably well known feature of Exchange called Backpressure prevents your hard drives from filling up due to email transport and their mail stopped flowing. I needed to get their email working ASAP while a backup completed in the background. An…
Read More