Knowledge Base - .NET, C#, SQL Server 2005, PHP and Actionscript 2.0 / 3.0 etc

Now this is a really easy one and something I was expecting to be a little more difficult.

To renew a cert in IIS - open up the IIS manager and view the properties of the site you need to renew the cert on. Select the directory security tab and open the certs. If it is a renew go throught the process of creating a cert request.

Use this cert request to generate the private key from the vendor. Once the vendor has sent the cert back, paste the content into a text file and then change the extension to ‘.cer’.

Pop this .cer on the server and then go back to the IIS panel where the request was made. Go through the process and select the .cer just uploaded.

THATS IT! Far too easy.

http://www.geotrust.com/support/generate-csr/

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR884

Sometimes .NET really winds me up. Why do they by default put things that could potentially give a hacker some information. I know security by obscurity is not the best way forward but why leave your front door open!

Anywho - it is really easy to get rid of:

Find or add the element <httpRuntime> in your web.config and add the attribute enableVersionHeader=”false”.

The msd documentation can be found here: http://msdn.microsoft.com/en-us/library/e1f13641.aspx

When Flash Player 9 goes into full screen mode, it pops up a little security message that tells the user how to exit full screen mode. It appears as white text on a semi-transparent black background so it is generally always visible (which is good). Still, I wondered if it could be obscured.

The message is always on top, so it is impossible to draw over it. But what if we tried distracting the user from the actual security message?

Original article:

http://www.bunnyhero.org/2008/05/10/scaring-people-with-fullscreen/