I am using the FortiClient SSLVPN lightweight application for SSL VPN access to client networks. In the GUI you don’t have options to export the configured profiles as you have with the full-featured FortiClient SSLVPN. The profiles for the lightweight version are stored in the registry, so you can export and import from there. The registry location is:
The management of wireless networks can be done via the Windows command “netsh wlan”. This command is especially useful when using Windows 8. You can use other “netsh” subcommands to retrieve other system information, like “netsh lan” to get information about your Wired AutoConfig Service settings.
The following table describes some options for “netsh wlan”.
|show profiles||show all save profiles|
|delete profile name=”profile name”||delete a specific profile|
|show profile name=”profile name” key=clear||retrieve saved WPA2 PSK|
|show wlanreport||report showing recent wireless session information|
|export profile “profile name” folder=c:\export||export a profile with all settings to the directory c:\export|
|add profile filename=”c:\export\filename” user=all||import a profile with all settings to all users profiles|
|show profile “profile name”||display information on the specific wifi network|
|show interfaces||shows a list of the wireless LAN interfaces on the system|
|show all||display information on all currently available wifi networks|
|set profileorder name=”profile name” interface=”Wi-Fi” priority=1||change the priority of a wifi network|
There are a lot more useful commands available. You can always use the question mark to get more options.
While configuring Office365 as the messaging (SMTP) server within Aruba ClearPass, I needed to upload the certificate from the StartTLS session to the certificate trust list from ClearPass. I had to export the certificate for smtp.office365.com via the following OpenSSL command:
openssl s_client -showcerts -starttls smtp -crlf -connect smtp.office365.com:587
After running the command, you will see some output like shown in the image.
I copied the both parts between BEGIN CERTIFICATE and END CERTIFICATE to two different text editore files and saved them with the extension .cer. Next I was able to upload both certificates to the certificate trust list in ClearPass and configure the message server with StartTLS Connection Security
Creating a web server certificate request is very easy when using a Windows CA server. There is one disadvantage. The requested certificate is directly stored in the user store (by default) or the local computer store, if specified during the request. The disadvantage is that you cannot export the requested certificate including the private keys. During the request the option to Mark keys as exportable is grayed out.
There is a way to mark the keys as exportable when using a Windows CA server. You need to create a new Web Server Certificate template. You can use the existing Web Server Certificate Template as default and copy the current settings. To do so, you just:
That is all you need to do. You can now request a new certificate with the newly create certificate template. After the certificate is issued and installed on the user or local computer store, you can export the certificate including the private key.