– go to your certificate provider
– make sure to select “other” when downloading the certificate
– that will get you the intermediate certificate in a “.crt” format
– In the firewall itself just import CA certificate, select the file and you are now good to go

Ref : https://www.sslsupportdesk.com/ssl-installation-instructions-for-fortigate-vpn/

Tagged with:  

How to secure IIS

On 2 October 2015, in IT Procedure, Servers, by Himselff

I’ve merge together a couple of tweak i’ve found and validate with this SSL Testing Tool :

SSLLAB

Here is the Regtools :

1. Disabling the SSLv3



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000

2. Disabling Ciphers RC4



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]
"Enabled"=dword:00000000

Ref : https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices.pdf

Tagged with: