setup remote ping check
Monitoring response-time via NSClient++
Add a command to NSClient++’s configuration file custom.ini:
command[check_ping]=C:\plugins\check_ping.exe -H $ARG1$ -w $ARG2$ -c $ARG3$
Add a command to NSClient++’s configuration file op5.ini
check_ping = cmd /c scripts\op5\check_ping.exe -H $ARG1$ -w $ARG2$ -c $ARG3$
Client asked to update our cert to their adfs. Couldn’t find a good way to troubleshoot this using google so started to examine all the configuration files in /etc/shibboleth.
Led me to federationmetadata.xml.
Found section keydescriptor that looked like a certificate so I added a new section with the new cert.
<KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MII......hidden......</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor>
Must have brew
brew install mtr –HEAD
https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
# "Modern" configuration, defined by the Mozilla Foundation's SSL Configuration # Generator as of August 2016. This tool is available at # https://mozilla.github.io/server-side-tls/ssl-config-generator/ SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Many ciphers defined here require a modern version (1.0.1+) of OpenSSL. Some # require OpenSSL 1.1.0, which as of this writing was in pre-release. SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 SSLHonorCipherOrder on SSLCompression off SSLSessionTickets off