Monday, October 15, 2012

How to Rearrange a Certificate Chain using OpenSSL


On one of my recent Exchange migration projects I ran into an issue after installing a certificate on a Network Load Balancing device and it took some Scooby Dooing to get it to install properly, so I thought I’d share how we resolved it.  The issue was that the NLB device was not installing the Certificate chain in the correct order and it was causing issues with any device that would not reorder the chain correctly, mostly Android devices.  The symptom was that any Android devices that had “Accept All SSL Certificates” unchecked were getting certificate errors.  Since my goal during a migration is to have little to no impact to the end-users, this was a problem for me.

Wednesday, October 10, 2012

Multiple Subnets on the Outside Interface of a Cisco ASA

Recently I had a customer provide a Cisco 2821 router along with a Cisco ASA 5520 to setup at a DR site.  The router was provided in case the ISP provided a small subnet for connecting the router to the ISP's equipment (usually a /29 or /30), and also gave another subnet that would provide the functional IP space for the customer's equipment (something like a /24).



This network in blue has been a reoccurring pattern over the last few years and I want to put forward the simple premise: Use the ASA by itself instead of putting a slow router in front of it.  Let me be clear there are perfect reasons to have a router in front, such as if you are running BGP to route the subnet you have, or to have another layer of control.  My point here is don't put a slow router in front of a faster firewall and don't start asking your boss to buy an expensive fast router just to add another hop...

HP Virtual Connect Password Recovery

Have you ever lost or forgotten the Virtual Connect Administrator credentials? I have been stumped working on equipment where I did not have the information available and I needed to get logged in.

First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.

This process will retain the original configuration while changing the Administrator password
  • Locate the backside of the chassis that you are needing to perform the password recovery from.
  • Remove the Virtual Connect Ethernet module from interconnect bay 1.

  • Remove the access panel from the Virtual Connect Ethernet module.
  • I would recommend that you record the Default Administrator password

HP Onboard Administrator Password Recovery or Reset

Have you ever lost or forgotten the Onboard Administrator credentials? I have had issues working on equipment where I did not have the information handy and I needed to get logged in.

First off I will begin by saying that "Yes" you must have physical access to the enclosure. Below is the easy method of performing the Lost Password Recovery process.

This process will retain the original configuration while changing the Administrator password
  • Connect your computer via serial cable to the Active Onboard Administrator
  • Use a program such as Putty or HyperTerminal to access the console via the serial connection.
  • Press and hold the Reset button on the Active Onboard Administrator for 5 seconds
  • Once the Reset has begun you will see the following screen

  •  Press the L key to start the Password Recovery process.


  • Write down the password displayed from the reset.
    • Option 2 would be to remove the device from the enclosure and read the factory sticker for the default password but if you are like me you would rather not remove the device.
  • Log into the Onboard Administrator to verify the password reset was successful.

  • Once logged in I would change the default password before you forget or loose your notes.
  • To change the password use the command set password

  • Your configuration should now be maintained and your password should be changed.


Saturday, October 6, 2012

Welcome to TechStump!

We are a small group of technical people with common interests that want to share and post our thoughts and opinions of our everyday experiences with technologies. A few of us decided that writing our thoughts down will help us to understand the technologies we use a little better.  We are taking to heart Albert Einstein's quote, "If you can't explain it simply, you don't understand it well enough."


The things we are going to try to accomplish with this blog:
  • Blog to help retain and clarify the knowledge that we have acquired during our everyday technical life.
  • Document the process of technical stumps that we face and how we solve them.
  • Provide useful information in an interesting or humorous manner to the other technical stump grinders.
  • Document best practices that work for us and hopefully others.
The material and information contained on this blog is for academic and educational purposes only. Titles and company affiliation for individuals who contribute to this blog are for identification purposes only. The opinions expressed are solely those of the blog post authors and do not represent the views of any organization that the post authors are affiliated with or with the opinions of any other author who publishes on this blog.  In other words, treat the info we provide "as is"...

We hope you enjoy the info and look forward to your feedback and comments...

-TechStump