Dynamically Creating a CSR & Private Key in .NET

This one was a bit tricky–it took me two days to figure this out, and when I figured it out I didn’t even realize I was close to the solution.  When I initially started working on this, I was looking into using an OpenSSL port to windows called OpenSSL.NET.  The pure ASCII look of this page should be a good indication of how many other alternatives there are out there.  Eventually I found The Legion of Bouncy Castle, and stumbled onto a solution.  Initially I discredited looking at this option too thoroughly due to the name–but again, because of the lack of how many good alternatives out there it became a steady contender.

Read the rest of this post »

October 31, 2011 • Tags: , , , , • Posted in: Technology • 3 Comments

Enabling SSL in Epicor ITSM

We’ve recently granted access to Epicor to an outside company.  After opening up access over SSL for the company, we found that our setup was not quite right.  In addition to hitting a checkbox, there are a couple XML files you need to edit.

Read the rest of this post »

November 1, 2010 • Tags: , • Posted in: Technology • No Comments

Installing Shibboleth

We are currently evaluating Shibboleth, a SAML 2.0 standards based Single Sign On (SSO) suit for our web applications. The installation is fairly gritty. This post started out as notes for myself, however it rapidly became apparent that these notes would be useful to others.  I also noticed that this installation was taking multiple days, and that it would be too long for a single post. I will be doing a series of posts on how to do this setup.

Read the rest of this post »

SSL Odities

We have been having a little trouble with our SSL certificate for our public website since the website redesign.  On the surface, everything seemed fine.  Various versions of IE and Firefox would display the website correctly, on both Mac and PC through an SSL connection.  Oddly enough however, when viewed with Safari on SSL we would get this fairly standard error:

This certificate was signed by an unknown authority.

Our certificate was clearly working on 3 out of 4 browsers (Firefox worked on both PC and Mac), yet safari seemed to be a stick in the mud.  After searching the internet for a solution for this, it seemed like all solutions for this dealt with the more common problem of this happening on all browsers, not just safari.

After poking through our Trusted Root Certification Authorities, it became apparent that our certificate for www.mica.edu was not actually listed there–despite the certficate being present and working for some browsers.

In order to fix this, we simply removed and reinstalled our certificate from Thawte.

April 10, 2009 • Tags: , , • Posted in: Technology • No Comments