Benutzer:MovGP0/Zertifikate

MovGP0

Über mich

Hilfen

Artikel

Weblinks

Literatur

Zitate

Notizen

Programmierung

MSCert

Physik

Programmierung Programmierung Administration • Links • Vorgehensmodelle • NuGet • Transformations • MSBuild • Raspberry • Cheatsheets • Git • Mathematica C♯ Program Flow Multithreading and asynchronous processing • Multithread management • Program flow • Events and callbacks • Exception handling Types Type creation • Type consumentation • Encapsulation • Class hierarchies • Reflection • Object life cycle • String manipulation Debugging and Security Input validation • Encryption • Assembly Management • Debugging • Diagnostics Data access I/O operations • Data consumtion • LINQ • Data serialization • Collections Theory Functional • Lambda Calculus • Category Theory F♯ Basics Data Structures • Classes • Generics • Units of Measure • Exception Handling • Pipes • Recursion • Pattern Matching • Lazy Evaluation • Asynchronous and Parallel Programming • Number Representations • Arithmetic Operators • Conversion Functions • Queries Quantitative Finance Math.NET • Statistics • Root Finding Algorithmns • Data Visualisation • Option Pricing • Volatility • Order Types and Market Data • Volatility Trading Python Classes • Loops • Anonymous Types • Lambda Expressions • Queries (LINQ) • Iterators (yield) PHP   T-SQL / SQL Server T-SQL Fundamantals Select • Programming • Pitfalls • Query from Multiple Tables • Groups and Summaries • Advanced Select • Aggregation and Windowing • Insert, Update, Delete • Strings • Date and Time • Numbers • Transactions, Locking, Blocking, Deadlock • Tables • Views • Large Tables and Databases • Indexes • Stored Procedures • User-Defined Functions and Types • Triggers • Error Handling • Query Performance and Tuning • Hints • Index Tuning and Statistics • XML • Files, Filegroups, Integrity • Backup • Recovery • Principals and Users • Securables, Permissions, Auditing • Objects and Dependencies SQL Server Performance Tuning Memory Performance Analysis • Disk Performance Analysis • CPU Performance Analysis • Baseline Creation • Query Performance Metrics • Query Performance Analysis • Index Architecture and Behavior • Index Analysis • Database Engine Tuning Advisor • Key Lookups • Statistics, Data Distributuon, and Cardinality • Index Fragmentation • Execution Plan Generation • Execution Plan Cache Behavior • Parameter Sniffing • Query Recompilation • Query Design Analysis • Reduce Query Resource Use • Blocking and Blocked Processes • Causes and Solutions for Deadlocks • Row-By-Row Processing • Memory-Optimized OLTP Tables and Procedures • Database Performance Testing • Database Workload Optimization • SQL Server Optimization Checklist Service Broker Message • Contract • Queue • Service • .NET Integration • Route • Security   Datatypes • Unit Testing • Dependency Injection • Partitioning • .NET General LINQ • Reactive Extensions • Entity Framework • OData • Windows Workflow Foundation • Threading • Logging • Unit Testing • Dependency Injection • Documentation • WinForms Performance Locking • Coding Style and Class Design • .NET Framework • Performance Counters • Event Tracing (ETW) • Windows Phone • Code Safety • Team ASP.NET Common OWIN • Razor • WebForms • MVC • WebAPI Core Configuration • Data Protection API • Dependency Injection • Routing Attack Vectors HTTPS • HSTS • HPKP • CSP • CSRF • Anti-XSS • CORS • Open Redirection • Click-Jacking Libraries OpenID • Azure AD Messaging WCF Basics Services • Addresses • Contracts • Hosting • Bindings • Endpoints • Metadata Exchange • Behaviour Configuration • Client-Side Programming • Architecture • Channels • Transport-Level Sessions • Reliability Advanced WCF Service Contract • Data Contract • Instance Management • Operations • Faults • Transactions • Concurrency Management • Queued Services • Security • Service Bus • Basic HTTP Auth Andere .NET Remoting • Message Queuing (MSMQ) • Protocol Buffers • ActiveMQ • Disruptor.NET • TIBCO Rendezvous • CQRS • Rebus User Interface WPF Data Binding • Resources • Transforms and Effects • 2D Drawing • 3D Drawing • Routed Events • Routed Commands • ICommandSource • Triggers • Behaviors • Visual State Manager • Theming • Layout • Templates • Popups • Dependency Object • Fonts • Composition API • MVVM Frameworks • Navigation Windows Forms INotifyPropertyChanged • DataBinding • Validation • PRISM DevExpress DataAnnotation • TaskbarButtonService, ApplicationJumpListService, NotificationService • Asynchronous Commands Xamarin DependencyService • Custom Renderer • Shaped Buttons Parallel Programming Common Processor • Locking Data Parallelism Parallel Loops • Parallel Aggregation Task Parallelism Parallel Tasks • Futures • Dynamic Task Parallelism • Pipelines Akka.NET Logging • Persistence • Dependency Injection • Cluster • Remote ECMAScript Languages ECMAScript • TypeScript • Elm • LESS Infrastruktur Node • Yeoman • Bower • Grunt • Jasmine • Karma • Protractor • Hapi • Redux AngularJS Validation • Testing Angular Modules • Animations • Attributes • Styles • Deployment • Dependency Injection • HTTP Client • Lifecycle • Pipes • Routing and Navigation • Security • Structural Directives (ngIf, ngFor, ngSwitch) • Testing • Forms Validation Other Knockout • RequireJS • PhoneGap/Cordova • React • fantasy-land • typed-contract • parsimmon SharePoint Notes Fields • Lists • Content Types • Workflow • Business Connectivity Services • Search • Managed Metadata • AngularJS • Publishing/Approval • LINQ to SharePoint Nintex Custom Activities 70-488 • 70-489 Design and Implement Search • Implement Business Connectivity Services (BCS) • Implement Implement User Profiles and Customize Social Workload • Implement ECM and WCM • Design for Performance and Troubleshooting • Implement Managed Metadata Service (MMS) Microsoft CRM Reporting and Dashboards • SharePoint Integration • Authentication • Entity Handling • Workflows • Queries Security Forms Authentication • Membership and Role Provider • Zertifikate • OAuth • OpenID • Windows Identity Foundation Dateiformate CSV • Excel • Word • PDF • Email Azure Notes Azure Pack • Single Sign-on • Data Storage • Logging • Tracing • Service Bus • HDInsight • Orleans Infrastructure Services Virtual Machines • Virtual Machine Networking • Virtual Machine Storage • Virtual Networks 70-533  • 70-534 Active Directory • Static IP Adresses • ACLs • Network Security Groups • Availability Sets • VPN • Load Balancing • CDN • Media Services • Multi-Factor Auth. Muster Architektur Entwurfsmuster • Architekturmuster • Patterns of Enterprise Application Architecture Daten Analysemuster • Datenbank-Muster Verteilte Systeme Enterprise Integration Patterns • SOA • Big Data • Cloud • Stability & Capacity Management Organisationsmuster • Refactoring • Lizenzmuster Antimuster Antimuster • Dark Patterns • SQL Antipatterns Powershell Grundlagen Subversion (SVN) • CmdletBinding • Parameter (Sets) • Return Type • Module • Exception Handling DSC Common Information Model (CIM) • Resources • Configuration and Parameters • Local Configuration Manager (LCM) • Credentials • SMB Pull Server • HTTP Pull Server Android ROM Flashen • Unit Testing • Assistant Machine Learning Neuronale Netze Propagierungsfunktionen • Aktivitätsfunktionen • Lernmethoden • Pattern Associator • Rekurrente Netze • Kompetitive Netze • Kohonennetze • Constrain Statisfaction Netze Tensorflow Linear Regression • Logistic Regression • Softmax Regression • Hidden Markov • K-Means Clustering • Self-Organizing Map • Autoencoder • Q-policy neural network • Perceptron • Convolutional Neuronal Network • Recurrent Neuronal Network • Seq2Seq • Ranking Core Server Hyper-V • Active Directory User Groups • Active Directory Domain Services • Active Directory Federation Services • DHCP • IIS • DNS • RDP • WSUS • User Permissions • IP • SMB • DHCP • IPAM • Sonstige Bot Framework Rich Messages • SSL Zertifikat generieren SelfSSL7[1] selfssl /N "cn=localhost;cn=example.com" /V "EXPIRATIONTIMEINDAYS" /I /S "IISSITENAME" /X /F "KEYLOCATION\key.pfx" /W "PASSWORD" /T Makecert makecert -r -n "CN=localhost" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -sv localhost.pvk localhost.cer cert2spc localhost.cer localhost.spc pvk2pfx -pvk localhost.pvk -spc localhost.spc -pfx localhost.pfx Für ObjectIDs (EKU-Codes) siehe KB287547 OpenSSL[2] openssl genrsa -out localhost.key 2048 openssl req -new -x509 -key localhost.key -out localhost.cert -days 3650 -subj /CN=localhost PowerShell # create root zertificate $rootCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "Root CA Name"; # export root certificate [System.Security.SecureString]$rootcertPassword = ConvertTo-SecureString -String "znft5yeL34pxCu3nATlt1gMazX0NM8FVvr9yZOhcS79yJm8kUVjhA17UuWkQOb0u" -Force -AsPlainText; [String]$rootCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($rootcert.Thumbprint)"; Export-PfxCertificate -Cert $rootCertPath -FilePath 'root-authority.pfx' -Password $rootcertPassword; # private key Export-Certificate -Cert $rootCertPath -FilePath 'root-authority.crt'; # public key # use root certificate to sign gateway certificate $gatewayCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "*.example.com","*.example.org" -Signer $rootCert; # export gateway certificate [System.Security.SecureString]$gatewayCertPassword = ConvertTo-SecureString -String "Xc8FlsHq8hmLnKXk4AaD8ug6HYH2dpSWLjwg9eNeDIK103d3akbd0OccgZZ6bL48" -Force -AsPlainText; [String]$gatewayCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($gatewayCert.Thumbprint)"; Export-PfxCertificate -Cert $gatewayCertPath -FilePath gateway-certificate.pfx -Password $gatewayCertPassword; # private key Export-Certificate -Cert $gatewayCertPath -FilePath gateway.crt; # public key See also: ACMESharp QuickStart "Let's Encrypt" Azure Web Apps the Free and Easy Way Self-Signed Zertifikat für IIS [3] Root-Zertifikat erstellen makecert -n "CN=root.lan.ddg" -r -sv root.pvk root.cer Zertifikat öffnen und nach Trusted Root Certification Authorities importieren Server-Zertifikat erstellen und in IIS importieren makecert -sk "Local Certificate" -iv root.pvk -n "CN=localhost" -ic root.cer -sr localmachine -ss my -sky exchange -pe Anschließend in IIS das Binding der Website ändern, so dass das neue Zertifikat verwendet wird. start inetmgr Zertifikate für SharePoint Zertifikaterstellung mit PowerShell param( [Parameter(Mandatory=$True)] [string]$CertificateName ) # paths $ExeMakeCert = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\makecert.exe" $ExeCertManager = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\certmgr.exe" $CertPath = "$env:UserProfile\MyCertificates" $CertName = $CertificateName + ".cer" # create the certificate $CertificateFullPath = Join-Path -Path $CertPath -ChildPath $CertName & "$ExeMakeCert -replace -pe -ne ""CN=www.dirry.eu"" -b 01/01/2025 -e 01/01/2025 -ss my -sr -localMachineName -sky exchange -sp ""Microsof RSA SChannel Cryptographic Provider"" -sy 12 $CertificateFullPath" # get certificate thumbprint $AppCertificate = Get-PfxCertificate -FilePath $CertificateFullPath # add certificate to local machine root & "$ExeCertManager /add $CertificateFullPath /s /r localMachine root" # export private key for certificate Get-ChildItem cert:\\localmachine\my | Where-Object { $_.Thumbprint -eq $AppCertificate.Thumbprint } | ForEach-Object { $CertPfxName = (Get-Item -Path $CertificateFullPath).BaseName $CertPfxName += ".pfx" $CertExportPath = Join-Path -Path $CertPath -ChildPath $CertPfxName $CertFileByteArray = $_.Export("PFX", $CertPassword) [System.IO.File]::WriteAllBytes($CertExportPath, $CertFileByteArray) } Import in web.config <configuration> <appSettings> <add key="ClientId" value="223CFE50-182E-4C3C-A9B5-09BD4B55F404" /> <add key="ClientSigningCertificatePath" value="c:\...\MyCertificate.pfx" /> <add key="ClientSigningCertificatePassword" value="My T0p Secre7 Passw0rd" /> </appSettings> </configuration> Erstellung einer S2S STS Erstellung einer Server-to-Server Security-Token-Service: Create a realm/tenancy Cretae realm-qualified app identifier Register app vertificate as trusted token issuer Register security principal used by app # get references to site's auth realm $spweb = Get-SPWeb "http://sp.mydomain.com/" $realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site # if no App GUID was passed in, create one if([string]::IsNullOrEmpty($AppGuid)) { $AppGuid = [Guid]::NewGuid().ToString() } $fullAppIdentifier = $AppGuid + '@' + $realm # get certificate $certificate = Get-PfxCertificate $certificateFullPath #register app vertificate as trusted by SharePoint site $secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $AppDisplayName -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier #register app principal $appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName $AppDisplayName SSL/TLS und X.509 http://www.zytrax.com/tech/survival/ssl.html Dateiformate Dateiformate Erweiterung Erklärung *.cer Windows Zertifikat (enthält die gleichen Informationen wie *.pfx, jedoch ohne Private Key) *.pvk Private Key *.pfx X.509 Zertifikat mit Private Key im PKCS12 Format (mit Passwort gesichert) *.spc Software Publisher Certificate Tools zum Verwalten von Zertifikaten Anwendung Beschreibung vertlm.msc MMC-Konsole für LocalMachine Zertifikate certmgr.msc MMC-Konsole für CurrentUser Zertifikate certreq.exe Zertifikatimport certutil.exe Test-Certificate Testet ein Zertifikat auf Gültigkeit New-SelfSignedCertificate Erstellt ein neues Self-Signed-Zertifikat New-SelfSignedCertificate -DnsName test.com, www.test.com, localhost -CertStoreLocation cert:\LocalMachine\My cert: Zertifikatprovider siehe auch: PKI Client Cmdlets in Windows PowerShell. In: Technet. Microsoft, abgerufen am 27. August 2013.  X.509 Attribute X.509 Attribute[4] Certificate Attribute Description Subject: CN the certificate owner’s common name (www.yoursite.com oder yoursite.com) Subject: E the certificate owner’s email address Subject: T the certificate owner’s locality Subject: ST the certificate owner’s state of residence Subject: O the organization to which the certificate owner belongs Subject: OU the name of the organizational unit to which the certificate owner belongs Subject: C the certificate owner’s country of residence Subject: STREET the certificate owner’s street address Subject: ALL the certificate owner’s complete distinguished name Issuer: CN the certificate issuer’s common name (www.yoursite.com oder yoursite.com) Issuer: E the certificate issuer’s email address Issuer: T the certificate issuer’s locality Issuer: ST the certificate issuer’s state of residence Issuer: O the organization to which the certificate issuer belongs Issuer: OU the name of the organizational unit to which the certificate issuer belongs Issuer: C the certificate issuer’s country of residence Issuer: STREET the certificate issuer’s street address Issuer: ALL the certificate issuer’s complete distinguished name Serial the certificate’s serial number SignatureAlg the algorithm used by the Certificate Authority to sign the certificate BeginDate the date at which the certificate becomes valid EndDate the date at which the certificate becomes invalid PublicKey the certificate’s public key FriendlyName the certificate’s friendly name KeyUsage: ALL indicates the purposes for which the certificate’s public key can be used KeyUsage: Digital Signature this certificate’s public key can create digital signatures KeyUsage: NonRepudiation this certificate’s public key can be used for non-repudiation KeyUsage: KeyEncipherment this certificate’s public key can encipher keys KeyUsage: DataEncipherment this certificate’s public key can encipher data KeyUsage: KeyAgreement this certificate’s public key can ensure that other public keys match their certificates. Used in certificate management. KeyUsage: KeyCertSign this certificate’s public key can sign key certificates KeyUsage: CRLSign this certificate’s public key can sign Certificate Revocation Lists KeyUsage: EncipherOnly this certificate’s public key can only encipher keys or data KeyUsage: DecipherOnly this certificate’s public key can only decipher keys or data BasicConstraints behaves as though the fCA tag was specified BasicConstraints: fCA determines whether the subject of this certificate can act as a Certificate Authority (1 if true, 0 if false) BasicConstraints: pathLength the number of CA certificates that can follow this certificate in a certification path. Policies returns all of the Object Identification Numbers of the certificate's policies in a comma separated string PolicyConstraints: requireExplicitPolicy indicates whether an explicit policy is required PolicyConstraints: inhibitPolicyMapping indicates whether policy mapping is inhibited Engine: Name the name of the signature engine that created the certificate Internetquelle Qualsys SSL Labs. Abgerufen am 23. Mai 2014 (englisch, SSL Tester).  Rick Strahl: Using Let's Encrypt with IIS on Windows. 22. Februar 2016, abgerufen am 17. Juni 2016.  Einzelnachweise Setting up SSL made easy… In: IIS Blog. 16. April 2010, abgerufen am 26. September 2013.  OpenSSL. Abgerufen am 22. April 2014 (englisch).  How to: Create and Install Temporary Certificates in WCF for Transport Security During Development. In: Developer Network. Microsoft, abgerufen am 26. September 2013 (englisch).  http://publib.boulder.ibm.com/infocenter/forms/v3r0m0/index.jsp?topic=/com.ibm.help.forms.doc/Designer_User_Manual/i_bpfd_g_certificate_attributes.html