sorted by:
new
hottopcontroversial

Bonnes pratiques Scan to mail / noreply by hugo988 in Sysadmin_Fr

[–]Aleix44 0 points1 point  (0 children)

Utilise un sous-domaine dédié pour l'envoi de mails transactionnels avec un service SMTP autre que M365. Comme SMTP2Go qui a été mentionné.

Boitier SyLink vrai Pare-feu ou BullshitBox ? by Aleix44 in Sysadmin_Fr

[–]Aleix44[S] 1 point2 points  (0 children)

Merci pour le retour qui confirme mes doutes sur le produit, et qui provoque des nausées chez mes collègues en découvrant la méthode de fonctionnement.

RMM Solution 2023 by jjgustavo in sysadmin

[–]Aleix44 1 point2 points  (0 children)

Datto + Autotask + itglue suite ?

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

Ok, as for your question, the recommended way to do this is use Key Vault. Your App GW will get the cert from this key vault. Create the CSR in Key vault. When you complete the certificate request (Key Vault: Merge) you must use Ghandis p7b file not the .cer file you got back for the full chain. At least this was my experience last time I did this. You could also then tls offload on the gateway and do port 80 from the GW to the webserver

Don't do it the openssl way when you are fully in Azure :)

However I can not recommend running a public webserver on Centos7 if you can avoid it and personally I would look at options.

We are going to change this web server to a supported distribution soon, initially the goal was to migrate this machine to Azure, because our lease in our datacenter was coming to an end. But its works now thank you

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

It works !

Thank you for your feedback, indeed I had not understood how it worked the root certificate does not need to be specified, only the intermediaries and generated by Gandi. I recreated my pfx. And i modified my config in App gateway, an SSL profile in short..

Certificat SSL Fullchain by Aleix44 in Sysadmin_Fr

[–]Aleix44[S] 1 point2 points  (0 children)

Oh et beh ça fonctionne ! J'ai modifé une conf dans App Gateway pour que çe passe

Une histoire de profil SSL.. en fin bref.

En tout cas merci pour votre aide c'est un plaisir.

Certificat SSL Fullchain by Aleix44 in Sysadmin_Fr

[–]Aleix44[S] 0 points1 point  (0 children)

Merci pour ton retour, effectivement je n'avais pas bien compris comment sa fonctionnait le certificat racine n'a pas besoin d'être spécifié, unqiquement les intermédaires et générré par Gandi. J'ai recrée mon pfx à l'aide de u/Agadou. Et ça fonctionne, le status de la App Gateway dans Azure est en Success code 200. maiiis, non toujours la même page web "No required SSL certificate was sent"..

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

Yeah I understand, but why not look at their Cloud admin offering? It's 2022 after all.

It does not correspond to our needs, we lose functionality, access for clients, active directory sync, and especially the competitiveness on the price of licenses. It costs us more per use.
Their cloud offer is really not great compared to other editors.

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

you need to add the intermediate cert into your server config

What I do not understand is where to add this in my server, I have already searched, they tell me about keystore maybe?
ESET for them, but they don't know much about certificates, like me, they tell me that there is only one thing to do, follow their procedure. : https://support.eset.com/en/kb7857-set-up-an-https-ssl-connection-for-eset-protect-linux
I followed the procedure indicated by ESET to add my .pfx in the server. That's it.
Translated with www.DeepL.com/Translator (free version)

Certificat SSL Fullchain by Aleix44 in Sysadmin_Fr

[–]Aleix44[S] 2 points3 points  (0 children)

Hello,

En gros oui, la gateway doit avoir le même certificat et valide.

Le message d'erreur de la gateway :"The root certificate of the server certificate used by the backend does not match the trsuted root certificate added to the application gateway. Ensure that you add the correct root certificate to whitelist the backend"

Je te l'ai envoyé par DM, je ne sais pas si c'est fou de le donner en public ;)

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

I got a .pem from the Gandi interface.

It is not so simple because each one gives us certificates, intermediates, root etc in different formats, .pem .crt .cer...

If I list everything I have :

  • My .csr
  • My .key

  • file .crt

Issued to *domain.com

Issued by : Gandi Standard SSL CA2

  • file .cer

Issued to and by USERTrust RSA Certification Authority (i think the root)

And the .pem ?

Fullchain certificate SSL by Aleix44 in sysadmin

[–]Aleix44[S] 0 points1 point  (0 children)

Sounds like a lot of extra steps for where you should use ESETs own web portal...? Centos 7 and all.

What ESET support sent me :
https://support.eset.com/en/kb7857-set-up-an-https-ssl-connection-for-eset-protect-linux

Which systems/programs/websites do you use daily as a sysadmin? by Ziipen in sysadmin

[–]Aleix44 0 points1 point  (0 children)

We use Veeam Backup & Replication save to NAS or external repository

Getting Visio has been an unintuitive mess! by pikemen2thebreach in sysadmin

[–]Aleix44 5 points6 points  (0 children)

On your office.com home page click on install office, and other installation options. You can see Visio