Windows 10: Self Signed Cert on 2016 Windows server only creates cert valid for 6 weeks

Opened MMC.exe as adminAdded the Snap in for CertificationsOpen the menu Certifications > PersonalRight-Click on Personal and choose All Tasks > Request New CertificateClick Next, Choose the AD Enrollment Certificate PolicyClick Next, Choose Template Computers, then enrollThe Computer template is set to 1 year validity and 6 weeks Expiration .. I cannot modify this template - it is greyed out. So, I Duplicated this template to update the Validity to 2 years and renewal to 1 year. I used that template, and it was still set to expire in 6 weeks.Thou

:)

 

Creating a self-signed cert and trusting it for windows RDP (no domain)

I can use windows RDP to remote control my home PC (through a VPN), but I always get this warning:





Do I need to manually generate a self signed cert and install it?

Or has this already happened and can I trust the one that it is already providing?

Does "Don't ask me again for connections to this computer" do this?, or does this just check the name and bypass checking the certificate at all?

I still want to use the self signed certificate for verification. I just want my laptop to trust the self-signed cert.

I'm on windows 10.

 

Adding Self Signed Cert to Chrome ?

Hi

I run a local linux web server and it has a self signed certificate on it.
Every few days when I access it I get:

Your connection is not private Attackers might be trying to steal your information from 192.168.0.100 (for example, passwords, messages, or credit cards). Learn moreNET::ERR_CERT_AUTHORITY_INVALID

If I proceed, then it's fine for a few days.
Access is only available to this server from internal devices, it's not Internet facing.

Is there any way I can add that cert to Chrome so I no longer get these warnings ?
If so... How ?

Thanks

 

Adding Self Signed Cert to Chrome ?

Self signed certificates cannot be vouched for. Browsers do not trust them at all. They are used to enable encryption where otherwise you could be paying a pretty penny for a CA but with self-signed certs there is no verification to prove the certificate is legitimate hence the error message you are getting. The trust is pretty much zero with them. With trusted certificates they can be verified through the CA (certificate authority) and everything can be linked back without fail or question. Self signed certificates have no authority to govern and verify it's authenticity. Even though you are technically the authority and you can vouch for the certificate thats now how the standards of the internet work.

You can import certificates into your browser manually by going into your settings.
Also, you do know that you can configure the server to deny all incoming/outgoing connections other than the ones you choose? When you say your server is not internet facing is that because you don't know to configure your firewall or because you do and it's just through choice? If you're using Linux, just like any OS, you NEED to reguarly update both the system and the software installed. You could have unaddressed vulnerabilities.

Besides, just an FYI, I'm not sure you've heard about pivoting but it's basically what hackers use when they want to access internal networks that otherwise are not freely available externally. It's called pivoting because they compromise one target computer and then pivot from that onto the local network. And so your server doesn't have to be online in order to be compromised. All someone needs to do is get access to either your local network and/or a computer connected to it with an external connection and they can map your ENTIRE network, do whatever they want and then disappear. Also, if your server is installed on a computer with a built-in wireless adapter and/or other connectivity features they can be enabled and your computer instructed to access the nearest wireless connection. Hell, your compromised system can then also be made to hack wireless networks.

I might be running away from the topic here and so I shall return back to it.
Import the cert and you should be fine.