Benutzer:MovGP0/Zertifikate

aus Wikipedia, der freien Enzyklopädie
Zur Navigation springen Zur Suche springen
   MovGP0        Über mich        Hilfen        Artikel        Weblinks        Literatur        Zitate        Notizen        Programmierung        MSCert        Physik      
Programmierung
Programmierung

Administration • Links • Vorgehensmodelle • NuGet • Transformations • MSBuild • Raspberry • Cheatsheets • Git • Mathematica

C♯
Program Flow

Multithreading and asynchronous processing • Multithread management • Program flow • Events and callbacks • Exception handling

Types

Type creation • Type consumentation • Encapsulation • Class hierarchies • Reflection • Object life cycle • String manipulation

Debugging and Security

Input validation • Encryption • Assembly Management • Debugging • Diagnostics

Data access

I/O operations • Data consumtion • LINQ • Data serialization • Collections

Theory

Functional • Lambda Calculus • Category Theory

F♯
Basics

Data Structures • Classes • Generics • Units of Measure • Exception Handling • Pipes • Recursion • Pattern Matching • Lazy Evaluation • Asynchronous and Parallel Programming • Number Representations • Arithmetic Operators • Conversion Functions • Queries

Quantitative Finance

Math.NET • Statistics • Root Finding Algorithmns • Data Visualisation • Option Pricing • Volatility • Order Types and Market Data • Volatility Trading

Python

Classes • Loops • Anonymous Types • Lambda Expressions • Queries (LINQ) • Iterators (yield)

PHP

 

T-SQL / SQL Server
T-SQL Fundamantals

Select • ProgrammingPitfallsQuery from Multiple TablesGroups and SummariesAdvanced SelectAggregation and WindowingInsert, Update, DeleteStringsDate and TimeNumbersTransactions, Locking, Blocking, DeadlockTablesViewsLarge Tables and DatabasesIndexesStored ProceduresUser-Defined Functions and TypesTriggersError HandlingQuery Performance and TuningHintsIndex Tuning and StatisticsXMLFiles, Filegroups, IntegrityBackupRecoveryPrincipals and UsersSecurables, Permissions, AuditingObjects and Dependencies

SQL Server
Performance Tuning

Memory Performance AnalysisDisk Performance AnalysisCPU Performance AnalysisBaseline CreationQuery Performance MetricsQuery Performance AnalysisIndex Architecture and BehaviorIndex AnalysisDatabase Engine Tuning AdvisorKey LookupsStatistics, Data Distributuon, and CardinalityIndex FragmentationExecution Plan GenerationExecution Plan Cache BehaviorParameter SniffingQuery RecompilationQuery Design AnalysisReduce Query Resource UseBlocking and Blocked ProcessesCauses and Solutions for DeadlocksRow-By-Row ProcessingMemory-Optimized OLTP Tables and ProceduresDatabase Performance TestingDatabase Workload OptimizationSQL Server Optimization Checklist

Service Broker

MessageContractQueueService.NET IntegrationRouteSecurity

 

DatatypesUnit TestingDependency InjectionPartitioning

.NET
General

LINQReactive ExtensionsEntity FrameworkODataWindows Workflow FoundationThreadingLoggingUnit TestingDependency InjectionDocumentationWinForms

Performance

LockingCoding Style and Class Design.NET FrameworkPerformance CountersEvent Tracing (ETW) • Windows PhoneCode SafetyTeam

ASP.NET
Common

OWIN • Razor • WebForms • MVC • WebAPI

Core

Configuration • Data Protection API • Dependency Injection • Routing

Attack Vectors

HTTPS • HSTS • HPKP • CSP • CSRF • Anti-XSS • CORS • Open Redirection • Click-Jacking

Libraries

OpenID • Azure AD

Messaging
WCF Basics

ServicesAddressesContractsHostingBindingsEndpointsMetadata ExchangeBehaviour ConfigurationClient-Side ProgrammingArchitectureChannelsTransport-Level SessionsReliability

Advanced WCF

Service ContractData ContractInstance ManagementOperationsFaultsTransactionsConcurrency ManagementQueued ServicesSecurityService BusBasic HTTP Auth

Andere

.NET RemotingMessage Queuing (MSMQ) • Protocol BuffersActiveMQDisruptor.NETTIBCO RendezvousCQRSRebus

User Interface
WPF

Data BindingResourcesTransforms and Effects2D Drawing3D DrawingRouted EventsRouted CommandsICommandSourceTriggersBehaviorsVisual State ManagerThemingLayoutTemplatesPopupsDependency ObjectFontsComposition APIMVVM FrameworksNavigation

Windows Forms

INotifyPropertyChangedDataBindingValidationPRISM

DevExpress

DataAnnotationTaskbarButtonService, ApplicationJumpListService, NotificationServiceAsynchronous Commands

Xamarin

DependencyServiceCustom RendererShaped Buttons

Parallel Programming
Common

ProcessorLocking

Data Parallelism

Parallel LoopsParallel Aggregation

Task Parallelism

Parallel TasksFuturesDynamic Task ParallelismPipelines

Akka.NET

LoggingPersistenceDependency InjectionClusterRemote

ECMAScript
Languages

ECMAScript • TypeScript • Elm • LESS

Infrastruktur

Node • Yeoman • Bower • Grunt • Jasmine • Karma • Protractor • Hapi • Redux

AngularJS

Validation • Testing

Angular

Modules • Animations • Attributes • Styles • Deployment • Dependency Injection • HTTP Client • Lifecycle • Pipes • Routing and Navigation • Security • Structural Directives (ngIf, ngFor, ngSwitch) • Testing • Forms Validation

Other

Knockout • RequireJS • PhoneGap/Cordova • React • fantasy-land • typed-contract • parsimmon

SharePoint
Notes

FieldsListsContent TypesWorkflowBusiness Connectivity ServicesSearchManaged MetadataAngularJSPublishing/ApprovalLINQ to SharePoint

Nintex

Custom Activities

70-488

70-489

Design and Implement SearchImplement Business Connectivity Services (BCS)Implement Implement User Profiles and Customize Social WorkloadImplement ECM and WCMDesign for Performance and TroubleshootingImplement Managed Metadata Service (MMS)

Microsoft CRM

Reporting and DashboardsSharePoint IntegrationAuthenticationEntity HandlingWorkflowsQueries

Security

Forms AuthenticationMembership and Role ProviderZertifikateOAuthOpenIDWindows Identity Foundation

Dateiformate

CSVExcelWordPDFEmail

Azure
Notes

Azure Pack • Single Sign-on • Data Storage • Logging • Tracing • Service Bus • HDInsight • Orleans

Infrastructure Services

Virtual Machines • Virtual Machine Networking • Virtual Machine Storage • Virtual Networks

70-533

 •

70-534

Active Directory • Static IP Adresses • ACLs • Network Security Groups • Availability Sets • VPN • Load Balancing • CDN • Media Services • Multi-Factor Auth.

Muster
Architektur

EntwurfsmusterArchitekturmusterPatterns of Enterprise Application Architecture

Daten

AnalysemusterDatenbank-Muster

Verteilte Systeme

Enterprise Integration PatternsSOABig DataCloudStability & Capacity

Management

OrganisationsmusterRefactoringLizenzmuster

Antimuster

AntimusterDark PatternsSQL Antipatterns

Powershell
Grundlagen

Subversion (SVN)CmdletBindingParameter (Sets)Return TypeModuleException Handling

DSC

Common Information Model (CIM)ResourcesConfiguration and ParametersLocal Configuration Manager (LCM)CredentialsSMB Pull ServerHTTP Pull Server

Android

ROM FlashenUnit TestingAssistant

Machine Learning
Neuronale Netze

PropagierungsfunktionenAktivitätsfunktionenLernmethodenPattern AssociatorRekurrente NetzeKompetitive NetzeKohonennetzeConstrain Statisfaction Netze

Tensorflow

Linear RegressionLogistic RegressionSoftmax RegressionHidden MarkovK-Means ClusteringSelf-Organizing MapAutoencoderQ-policy neural networkPerceptronConvolutional Neuronal NetworkRecurrent Neuronal NetworkSeq2SeqRanking

Core Server

Hyper-VActive Directory User GroupsActive Directory Domain ServicesActive Directory Federation ServicesDHCPIISDNSRDPWSUSUser PermissionsIPSMB • DHCP • IPAMSonstige

Bot Framework

Rich Messages



SSL Zertifikat generieren

[Bearbeiten | Quelltext bearbeiten]
SelfSSL7[1]
selfssl /N "cn=localhost;cn=example.com" /V "EXPIRATIONTIMEINDAYS" /I /S "IISSITENAME" /X /F "KEYLOCATION\key.pfx" /W "PASSWORD" /T
Makecert
makecert -r -n "CN=localhost" -b 01/01/2000 -e 01/01/2099 -eku 1.3.6.1.5.5.7.3.3 -sv localhost.pvk localhost.cer
cert2spc localhost.cer localhost.spc
pvk2pfx -pvk localhost.pvk -spc localhost.spc -pfx localhost.pfx

Für ObjectIDs (EKU-Codes) siehe KB287547

OpenSSL[2]
openssl genrsa -out localhost.key 2048
openssl req -new -x509 -key localhost.key -out localhost.cert -days 3650 -subj /CN=localhost
PowerShell
		# create root zertificate 
		$rootCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "Root CA Name";

		# export root certificate 
		[System.Security.SecureString]$rootcertPassword = ConvertTo-SecureString -String "znft5yeL34pxCu3nATlt1gMazX0NM8FVvr9yZOhcS79yJm8kUVjhA17UuWkQOb0u" -Force -AsPlainText;
		[String]$rootCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($rootcert.Thumbprint)";
		Export-PfxCertificate -Cert $rootCertPath -FilePath 'root-authority.pfx' -Password $rootcertPassword; # private key
		Export-Certificate    -Cert $rootCertPath -FilePath 'root-authority.crt';                             # public key

		# use root certificate to sign gateway certificate
		$gatewayCert = New-SelfSignedCertificate -CertStoreLocation cert:\localmachine\my -DnsName "*.example.com","*.example.org" -Signer $rootCert;

		# export gateway certificate
		[System.Security.SecureString]$gatewayCertPassword = ConvertTo-SecureString -String "Xc8FlsHq8hmLnKXk4AaD8ug6HYH2dpSWLjwg9eNeDIK103d3akbd0OccgZZ6bL48" -Force -AsPlainText;
		[String]$gatewayCertPath = Join-Path -Path 'cert:\localMachine\my\' -ChildPath "$($gatewayCert.Thumbprint)";
		Export-PfxCertificate -Cert $gatewayCertPath -FilePath gateway-certificate.pfx -Password $gatewayCertPassword; # private key
		Export-Certificate    -Cert $gatewayCertPath -FilePath gateway.crt;                                            # public key

See also:

Self-Signed Zertifikat für IIS [3]

[Bearbeiten | Quelltext bearbeiten]
Root-Zertifikat erstellen
makecert -n "CN=root.lan.ddg" -r -sv root.pvk root.cer

Zertifikat öffnen und nach Trusted Root Certification Authorities importieren

Server-Zertifikat erstellen und in IIS importieren
makecert -sk "Local Certificate" -iv root.pvk -n "CN=localhost" -ic root.cer -sr localmachine -ss my -sky exchange -pe

Anschließend in IIS das Binding der Website ändern, so dass das neue Zertifikat verwendet wird. 

start inetmgr

Zertifikate für SharePoint

[Bearbeiten | Quelltext bearbeiten]

Zertifikaterstellung mit PowerShell

[Bearbeiten | Quelltext bearbeiten]
param(
	[Parameter(Mandatory=$True)]
	[string]$CertificateName
)

# paths
$ExeMakeCert = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\makecert.exe"
$ExeCertManager = "$env:ProgramFiles\Microsoft Office Servers\15.0\Tools\certmgr.exe"
$CertPath = "$env:UserProfile\MyCertificates"
$CertName = $CertificateName + ".cer"

# create the certificate
$CertificateFullPath = Join-Path -Path $CertPath -ChildPath $CertName
& "$ExeMakeCert -replace -pe -ne ""CN=www.dirry.eu"" -b 01/01/2025 -e 01/01/2025 -ss my -sr -localMachineName -sky exchange -sp ""Microsof RSA SChannel Cryptographic Provider"" -sy 12 $CertificateFullPath"

# get certificate thumbprint 
$AppCertificate = Get-PfxCertificate -FilePath $CertificateFullPath

# add certificate to local machine root
& "$ExeCertManager /add $CertificateFullPath /s /r localMachine root"

# export private key for certificate
Get-ChildItem cert:\\localmachine\my | Where-Object { $_.Thumbprint -eq $AppCertificate.Thumbprint } | ForEach-Object {
    $CertPfxName = (Get-Item -Path $CertificateFullPath).BaseName
    $CertPfxName += ".pfx"
    $CertExportPath = Join-Path -Path $CertPath -ChildPath $CertPfxName
    $CertFileByteArray = $_.Export("PFX", $CertPassword)
    [System.IO.File]::WriteAllBytes($CertExportPath, $CertFileByteArray)
}

Import in web.config

[Bearbeiten | Quelltext bearbeiten]
<configuration>
   <appSettings>
      <add key="ClientId" value="223CFE50-182E-4C3C-A9B5-09BD4B55F404" />
      <add key="ClientSigningCertificatePath" value="c:\...\MyCertificate.pfx" />
      <add key="ClientSigningCertificatePassword" value="My T0p Secre7 Passw0rd" />
   </appSettings>
</configuration>

Erstellung einer S2S STS

[Bearbeiten | Quelltext bearbeiten]

Erstellung einer Server-to-Server Security-Token-Service:

  1. Create a realm/tenancy
  2. Cretae realm-qualified app identifier
  3. Register app vertificate as trusted token issuer
  4. Register security principal used by app
# get references to site's auth realm
$spweb = Get-SPWeb "http://sp.mydomain.com/"
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site

# if no App GUID was passed in, create one
if([string]::IsNullOrEmpty($AppGuid)) {
   $AppGuid = [Guid]::NewGuid().ToString()
}
$fullAppIdentifier = $AppGuid + '@' + $realm

# get certificate
$certificate = Get-PfxCertificate $certificateFullPath

#register app vertificate as trusted by SharePoint site
$secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $AppDisplayName -Certificate $certificate -RegisteredIssuerName $fullAppIdentifier

#register app principal 
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spweb -DisplayName $AppDisplayName

SSL/TLS und X.509

[Bearbeiten | Quelltext bearbeiten]

Dateiformate

[Bearbeiten | Quelltext bearbeiten]
Dateiformate
Erweiterung Erklärung
*.cer Windows Zertifikat

(enthält die gleichen Informationen wie *.pfx, jedoch ohne Private Key)

*.pvk Private Key
*.pfx X.509 Zertifikat mit Private Key im PKCS12 Format

(mit Passwort gesichert)

*.spc Software Publisher Certificate

Tools zum Verwalten von Zertifikaten

[Bearbeiten | Quelltext bearbeiten]
Anwendung Beschreibung
vertlm.msc MMC-Konsole für LocalMachine Zertifikate
certmgr.msc MMC-Konsole für CurrentUser Zertifikate
certreq.exe Zertifikatimport
certutil.exe
Test-Certificate Testet ein Zertifikat auf Gültigkeit
New-SelfSignedCertificate Erstellt ein neues Self-Signed-Zertifikat

New-SelfSignedCertificate -DnsName test.com, www.test.com, localhost -CertStoreLocation cert:\LocalMachine\My

cert: Zertifikatprovider

siehe auch: PKI Client Cmdlets in Windows PowerShell. In: Technet. Microsoft, abgerufen am 27. August 2013.

X.509 Attribute

[Bearbeiten | Quelltext bearbeiten]
X.509 Attribute[4]
Certificate Attribute Description
Subject: CN the certificate owner’s common name (www.yoursite.com oder yoursite.com)
Subject: E the certificate owner’s email address
Subject: T the certificate owner’s locality
Subject: ST the certificate owner’s state of residence
Subject: O the organization to which the certificate owner belongs
Subject: OU the name of the organizational unit to which the certificate owner belongs
Subject: C the certificate owner’s country of residence
Subject: STREET the certificate owner’s street address
Subject: ALL the certificate owner’s complete distinguished name
Issuer: CN the certificate issuer’s common name (www.yoursite.com oder yoursite.com)
Issuer: E the certificate issuer’s email address
Issuer: T the certificate issuer’s locality
Issuer: ST the certificate issuer’s state of residence
Issuer: O the organization to which the certificate issuer belongs
Issuer: OU the name of the organizational unit to which the certificate issuer belongs
Issuer: C the certificate issuer’s country of residence
Issuer: STREET the certificate issuer’s street address
Issuer: ALL the certificate issuer’s complete distinguished name
Serial the certificate’s serial number
SignatureAlg the algorithm used by the Certificate Authority to sign the certificate
BeginDate the date at which the certificate becomes valid
EndDate the date at which the certificate becomes invalid
PublicKey the certificate’s public key
FriendlyName the certificate’s friendly name
KeyUsage: ALL indicates the purposes for which the certificate’s public key can be used
KeyUsage: Digital Signature this certificate’s public key can create digital signatures
KeyUsage: NonRepudiation this certificate’s public key can be used for non-repudiation
KeyUsage: KeyEncipherment this certificate’s public key can encipher keys
KeyUsage: DataEncipherment this certificate’s public key can encipher data
KeyUsage: KeyAgreement this certificate’s public key can ensure that other public keys match their certificates. Used in certificate management.
KeyUsage: KeyCertSign this certificate’s public key can sign key certificates
KeyUsage: CRLSign this certificate’s public key can sign Certificate Revocation Lists
KeyUsage: EncipherOnly this certificate’s public key can only encipher keys or data
KeyUsage: DecipherOnly this certificate’s public key can only decipher keys or data
BasicConstraints behaves as though the fCA tag was specified
BasicConstraints: fCA determines whether the subject of this certificate can act as a Certificate Authority (1 if true, 0 if false)
BasicConstraints: pathLength the number of CA certificates that can follow this certificate in a certification path.
Policies returns all of the Object Identification Numbers of the certificate's policies in a comma separated string
PolicyConstraints: requireExplicitPolicy indicates whether an explicit policy is required
PolicyConstraints: inhibitPolicyMapping indicates whether policy mapping is inhibited
Engine: Name the name of the signature engine that created the certificate

Internetquelle

[Bearbeiten | Quelltext bearbeiten]

Einzelnachweise

[Bearbeiten | Quelltext bearbeiten]
  1. Setting up SSL made easy… In: IIS Blog. 16. April 2010, abgerufen am 26. September 2013.
  2. OpenSSL. Abgerufen am 22. April 2014 (englisch).
  3. How to: Create and Install Temporary Certificates in WCF for Transport Security During Development. In: Developer Network. Microsoft, abgerufen am 26. September 2013 (englisch).
  4. http://publib.boulder.ibm.com/infocenter/forms/v3r0m0/index.jsp?topic=/com.ibm.help.forms.doc/Designer_User_Manual/i_bpfd_g_certificate_attributes.html
Abgerufen von „https://de.wikipedia.org/w/index.php?title=Benutzer:MovGP0/Zertifikate&oldid=237981129