Monthly Archives: December 2013

Using a PFX formatted certificate on Cisco IOS

Rather than converting from pfx to pem format, why not just use a pfx?

With the way that pfx files are formatted, copying and pasting from a terminal is not possible, however if you can get the certificate transferred over FTP, it becomes much simpler :-)

The certificate has to have the full chain in it, and a passphrase.

conf t
ip ftp username <ftp username>
ip ftp password <ftp password>
end
copy ftp flash:

enter server name
enter source file name
enter destination file name

conf t
crypto pki trustpoint <trustpoint name>
fqdn <f.q.d.n>
subject-name cn=<f.q.d.n>
revocation-check crl
rsakeypair <trustpoint name>
exit
crypto pki import <certificate.pfx> pkcs12 flash:<certificate> <passphrase>
exit
wri mem

to show the certificate

show crypto pki trustpoints status

Allowing RDP on on Windows 2012r2 core

On Windows 2012r2 server core, the firewall is enabled with the public profile on installation, so just enabling RDP in sconfig does not allow RDP access.

You can enable RDP to pass through the firewall with the following powershell command

netsh advfirewall firewall set rule group="remote desktop" new enable=yes

Alternatively, you can enable RDP and configure the firewall with the following

cscript C:\Windows\System32\SCRegEdit.wsf /AR 0

Disabling IPv6 on Windows 2012 core

one simple powershell command

New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters -Name DisabledComponents -PropertyType DWord -Value 0xffffffff