Certificates, PKI, Certificate Transparency tools to check

   

With the Website crt.sh you can search what Google and other API providers know about a DOMAIN related to issue Certificates.

You can Wildcard search for a Domain you want to get a quick overview of the Certificates they used. (If the customer or internal IT does not know even know they have Certs as example).

Query: https://crt.sh/?q=%25.computerladen.ch

Related site which explains it:

https://www.certificate-transparency.org/what-is-ct (text below from that website)

What is Certificate Transparency?

Certificate Transparency aims to remedy these certificate-based threats by making the issuance and existence of SSL certificates open to scrutiny by domain owners, CAs, and domain users. Specifically, Certificate Transparency has three main goals:

  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.

Certificate Transparency satisfies these goals by creating an open framework for monitoring the TLS/SSL certificate system and auditing specific TLS/SSL certificates. This open framework consists of three main components, which are described below. Sample which shows usage of crt.sh

   

   

  

W10 1709 (Fall Creator) unable to make OS Setup package under DSM Frontrange 2016.2 R2 latest updates

W10 1709 (Fall Creators Update) unable to install under DSM Frontrange 2016 R2 latest updates

You are unable to do a SETUPdatei with the Paket Assistant under DSM 2016.2 R2 latest patches 14.11.2017 3844

Unter dem angegeben Verzeichnis-Pfad wurden keine Installationsdateien gefunden.

 

ERROR:

 

WORKAROUND:

Add following on DSM/Frontrange/Enteo Server:

<INIValue>rs3</INIValue>

<INIValue>rs3_release</INIValue>

 

First time in file: \\enteoserver\enteoshare\ OSD\OSSetupTypes \OSSetupTypes.xml

A second time in same file:

Save

Try again

 

 

W10: Enable Remote Management for WMI from Commandline silent

Security related this is turned OFF on W10 all release. You still may need this for Remote Management or testing

Certain things you can't do on the LOCAL client (Like checking process for LOGON Credentials provider with WMI).

Here is how to turn on Windows Remote Management Silent via Commandline on WINDOWS 10.

Screen shows Paessler WMI Tester we use do test certain WMI query.

winrm.cmd quickconfig –q

https://technet.microsoft.com/en-us/library/hh921475%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

 

MCAFEE 5.3.3 Certificate - Cipher Suites TLS problem- Agent does not report back

Mcafee EPO Server 5.3.3 seems to have problems on some older OS like 2008R2 regarding TLS ciphers (We did not see this in 2012R2 to date with our customers). The A-Z sort order of those is the source. This had such an impact that Mcafee did release this info to all customer with SNS-Alert.

This has been a month where we on our side have seen why PKI Engineer has to be Senior and understand all Levels of the full enterprise (Appliance, Software, Hardware etc.) The times where you could slip through that gray zone without really understanding what it does 100% are over. When it comes to Exchange or Sharepoint SAN Certificates to CRL Certificate Revocation list you have to understand what it does.

https://kc.mcafee.com/corporate/index?page=content&id=KB89858

This issue can manifest in many ways including, but not limited to:

  • McAfee Agent Wake Ups and Run Client Task Nows succeeding on the endpoint, but never reporting back status.
  • Drive Encryption activation failures.

The ePO server_servername.log (located in ePO_install_dir\db\log) will include messaging that demonstrates its inability to communicate to the Application Server service, similar to the following:
 

20170918133528 E #05472 MCUPLOAD SecureHttp.cpp(987): Failed to send HTTP request.  Error=12029 (12029)
20170918133528 E #05472 NAIMSERV server.cpp(583): Failed to send request, err=0x80004005, HTTP status code=0
20170918133528 E #05472 NAIMSERV server.cpp(968): Error sending data channel message to application server

 

System Change

Upgraded ePO to 5.3.3.

 

Reorder the ciphers to have the following at the top:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256

This is an interesting tool which we used before at ISP's.

www.nartac.com/Products/IISCrypto

 

 

Installshield V6.X, Microsoft APP-V 4.6.x Sequence error

 

ERROR: The installshield engine (ikernel exe) could not be launched interface not registered

FEHLER: Schnittstelle nicht unerstützt

Problem: You are unable to sequence a software setup which comes with Installshield/Flex Version 6 under WIN 7 with APPV 4.6.X sequencer.

 

We just had a case where a producer of a German software still uses Installshield 6 (From 2000 17 years old) to push EVEN

recent client version of their software to customers. The application did work in any older version under APPV. If they would have re-written their code

and use Installshield/Flex products from version 10/11 they could even SUPPLY a APP-V package do their customers. But the full version edition of that suite is around USD 5'000.- so they tend to skip updates ;-)

 

https://www.flexera.com/producer/resources/white-papers/is-appvdevelopers.html

 

Error we had while trying to Sequence Allegion Interflex Client 1.83 which comes with Installshield 6.

 

You tried all:

http://consumer.installshield.com/faq.asp

  • All TEMP Folder at any location %temp% and c:\windows\temp where deleted
  • No running Installshield leftover anywhere
  • Every Installation of any other or older version of Installshield components where removed
  • DCOM Permission for SYSTEM user Set or reverted
  • Windows Installer AUTO / MANUAL State (During or before sequence state changed and reverted)
  • Tried to silent install the Installshield IN the sequencer with .INI Files etc.

 

We stripped down the problem to Installshield 6 setup itself: "IkernelUpdate.exe"

Just the Runtime Part of Installshield which is contained in as sample a setup.exe solution software developers ship their software made with Installshield.

On a complete other second sequencer machine we had the same error on German Windows 7 64BIT SP1 Enterprise.

 

We shortly did investigate in the "LEGO ISLAND 2.ico" and the "T-online\setup.exe" BUT that was contained in every Installshield 6.X Release from all sources. May be some education or test keys. Maybe leftovers?

In days of Ransomware you have to be sure what developer's ship into your box and if they are aware of such things. So we did a procmon and Sandbox analyze of all the files.

However ORIGINAL sample from Installshield/FLEX net from year 2000 had those things too so all fine we guess.

 

 

We did not found any other suspicious information in the setup.exe from the supplier or the IkernelUpdate.exe binary.

 

Solution workaround:

To SEQUENCE an Installshield 6.X supply on APPV 4.6 under Windows 7 64BIT.

  1. Download the Installshield 6 runtime from Flex:

http://support.installshield.com/kb/files/Q108322/IkernelUpdate.exe

  1. Pre Install the IkernelUpdate.exe on your sequencer machine before you sequence!
  2. From that point open the Sequencer and Install the Software which comes with Installshield 6. It will see that the correct version is already installed and skip the check.