Search This Blog

Check eDellRoot Certificate and Rogue Certificate

The eDellRoot certificate was a hot topic back in November 2015. This post just summarizes the tools to use check this and other rogue certificate on your computer.

Detection

Steps to check if your computer (mainly the Dell laptop) is vulnerable by the eDellRoot certificate

  1. Use Internet Explorer or Chrome (Firefox has its own certificate store, so this test site doesn’t work).
  2. Go to https://edell.tlsfun.de/

Removal

If the bad eDellRoot certificate is found on your computer, use the Dell’s official remover to remove it.

Audit the root CA stores

Furthermore, you can scan and audit the trusted root CA stores – both Microsoft (using by IE and Chrome) and Mozillla (using by Firefox), with the following tools:

  • RCC from http://trax.x10.mx/apps.html
  • the upcoming version of Sigcheck from Mark Russinovish at Microsoft
    • Mark Russinovich announced this on Twitter
    • As 12/22/2015, this version of Sigcheck is still in beta. Not yet available. I will post an update when the final version is available in public.

Recommended Topologies for VMware vSphere 6.0.x

VMware has a KB (KB2108548) that summarizes the recommended topologies for vSphere 6.0.x deployment on the Platform Services Controller (PSC) and vCenter Server. I’s a good read.

My pick will be one of the following topologies in most of the deployment – simple configuration with sufficient redudance.

2015-12-21_10-41-22

2015-12-21_10-42-49

Blogger Editor - Open Live Writer Update 1

In my recent post, I was glad that Open Live Writer is available, but it had a problem with Blogger authenticate. Today I found this in its issue tracker.

Following the instruction posted in the issue tracker, I opened Open Live Writer and closed, and then reopened. A new option “Google Blogger” is avaialble in the blog type. After entering the my Blooger URL and authrorizing the access, I am writing this post in Open Live Writer!!! The version is 0.5.1.2. Thank you for the great work!

2015-12-21_09-08-15

The next feature I want is to support “Labels”, like many people requested. The good news is that they are working on it. I will keep an eye on this and post on the next update when it’s available.

Calculate After-Tax Mortgage Rate

Knowing the after-tax mortgage rate can help to determine whether prepaying the mortgage makes sense. Here is the formula.

After-tax mortgage rate = mortgage rate * ( 1 - federal income tax bracket )

To find your federal tax bracket, see this or this.

For example, the mortgage rate is 4%, the federal income tax bracket is 28%
the after-tax mortgage rate = 4% * ( 1 - 28% ) = 2.88%

The rate probably is lower, because you can also deduct the mortgage interest on your state income tax return.

Install VMware Root Certificate Into Your Browser

If you use the default VMware Certificate Authority (VMCA) came with vSphere 6 (see this about VMCA) , you will receive the untrusted certificate warning when connecting to vCenter via vSphere Web Client.

You can download and import the VMCA root certificate into your browser to fix the warning. Here is how.

  1. Browser to your VCSA home page

  2. Click “Download trusted root CA certificates” on the lower rightenter image description here

  3. Rename the file “download” to “download.zip”

  4. Unzip “download.zip”
    “filename.r0” is the Certificate Revocation List (CRL) in DER format
    “filename.0” is the root CA certificate in PEM format.

  5. Import the .0 file to your browser’s “Trusted Root Certification Authorities” in IE or Advanced, View Certificates, Authorities in Firefox.

vSphere 6 Certificate Authority

VMware Certificate Authority (VMCA) is a component in the Platform Services Controller (PSC) of vSphere 6 vCenter Virtual Server Appliance (VCSA).

What does VMCA do?

  • issues certificates for
    • VMware solution users
    • machine certificates for machines on which services are running
    • ESXi host certificates when adding the ESXi host to vCenter Server
  • you don’t have to use VMCA as the certificate authority and certificate signer

What does VMware Endpoint Certificate Store (VECS) do?

  • a local (client-side) repository for certificates, private keys, and other certificate information
  • you must use VECS to store all vCenter certificates and keys
  • ESXi certificates are stored locally on each host and not in VECS

Certificate Management

  • vSphere 6 ships with a new Certificate Manager tool for vCenter for Windows and VCSA

Use WinSCP to Transfer Files in vCSA 6.7

This is a quick update on my previous post “ Use WinSCP to Transfer Files in vCSA 6.5 ”. When I try the same SFTP server setting in vCSA 6.7...