I got access denied when trying to do a certutil -backupKey. I already have Domain Admin and access to the CA cert (Read, Issue/Manage Certificates, Manage CA, Request Certificates). What Am I missing? I need to export the backup with the private key.
> Certutil: -backupKey command FAILED: 0x8007005 <WIN32:5> Certutil:
> Access is denied
You'll need to use an account with Enterprise admin. Domain admin is not enough (as I just spent 3 hours figuring out...)
Related
I'm trying to domain join my AWS redhat linux machine to Azure AD. I've made all the required configuration following this document.
Error Message
sshd[18242]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.101.xx.xx user=user#SAMPLE.DOMAIN.COM
sshd[18242]: pam_sss(sshd:account): Access denied for user user#SAMPLE.DOMAIN.COM: 6 (Permission denied)
sshd[18213]: error: PAM: User account has expired for user#SAMPLE.DOMAIN.COM from 10.101.xx.xx
My ec2 windows machine was successfully domain joined and I'm able to login using my username.
Can someone please help me what configuration I might be missing here?
Hope you granted the 'AAD DC Administrators' group sudo privileges on the RHEL VM, please make sure you use any of member account that is part 'AAD DC Administrators' group for join domain.
I'm trying to connect to my server where I have Magento installed.
I loaded the key on my windows cmd with ssh-add, and then connected with:
ssh -pPORT user#server
and I get:
Permission denied (publickey).
How can I fix this? I can't run chmod 600 on windows and already checked the permissions on the key file and are 'full control'
A permission denied, as commented, means SSH does connect, but does not find the right public key to validate the private one used locally.
Try ssh -Tv -pPORT user#server to see what key is used locally.
Then make sure your public key is copied to the remote server, in ~user/.ssh/id_rsa.pub (replace "user" by the actual user account name you need in your case)
This error usually means your key hasn't been added to the authorized keys list on the host machine. You can either manually add the public key to the server, or use the following command from the machine you're using to connect to the server.
ssh-copy-id -pPORT user#server
This will require you to enter the users password first time, but will then copy your public key onto the host/server to allow key based authentication next time you login.
I'm trying to add a CA to the login keychain for getting SSL support for safari\Google chrome browser.I use the below security command
sudo security add-trusted-cert -r trustRoot -k "/Users/maya/Library/Keychains/login.keychain" "/tmp/certs/test.cer"
The cert got added to login keychain successfully, but the the browser is not able to recognize certificate authority, getting the error 'ERR_cert_authority_invalid'.
Thanks,
I have generated Composer identity via.
$ composer identity issue -p hlfv1 -n parcel-network -i admin -s adminpw -u administrator -a '<namespace>#administrator'
An identity was issued to the participant '<namespace>#administrator'
The participant can now connect to the business network with the following details:
userID = administrator
userSecret = kwrDcuzuGvre
Command succeeded
Now, how do I create "credentials" to connect to business network ?
The possible work around is to download the wallet, and then create credentials via "composer identity import". But I think this is not correct way.
Thanks !
There is a typo in the second command, adminstrator (in composer network ping) vs the issued identity administrator.
I want to import a pfx using cmd. I am using certutils for that. But I am getting a prompt asking to trust the certificate. I want to automatize import so I want to skip the warning prompt. How can I accomplish that?
I am using command
certutil -f -user -p PASSWORD -importpfx c:\cert.pfx
The reason you got a prompt dialog is that you are trying to add a "CA certificate" into the "Trusted Root Certification Authorities" store. In fact, when you use "certutil -f -user -p PASSWORD -importpfx c:\cert.pfx" to import a PFX certificate, two actions happen:
Add a personal certificate(which includes the private key) into the "Personal" store.
Add a CA certificate into the "Trusted Root Certification Authorities" store.
It is the second action that cause the UAC to prompt a warning dialog, since you are trying to add one CA certificate into the "Trusted Root Certification Authorities" store and this means that any web host that holds this certicate will be trusted in the future, this is a very important action and should be treated very discreetly by the user, shouldn't it? So the UAC will warn the user to comfirm this action.
There is only one way to suppress the warning dialog, that is "you don't add the CA certificate into the "Trusted Root Certification Authorities" store by doing so:
certutil -f -user -p PASSWORD -importpfx c:\cert.pfx NoRoot
Add personal certificate into "Personal" store will not prompt any warning dialog. However, by this way, the web host that holds the CA certificate will not be trusted any more and this can be very frustrating if you use HTTPS to access the web host.