How to make your web site GDPR compliant using CookieHub

The new EU General Data Protection Regulation (GDPR) is already in place and affects all businesses serving users in the EU. The regulation cover many articles related to data protection, the right to privacy and information about how personal data is handled.

The regulation requires clear consent to any tracking that is used to profile user behavior which includes the use of tracking cookies. If you haven’t already implemented a cookie consent widget on your website you should not wait any longer. Continue reading

How to enable TLS 1.2 for ASP.NET 3.5 on Windows server 2012 R2

ASP.NET 3.5 is getting pretty old and the ideal solution would be to update to the latest ASP.NET version but let’s face it, there are some legacy systems already running 3.5 that are not easy to upgrade and most external services are closing support for the depreciated TLS 1.0 and TLS 1.1 protocols.

I searched for solutions online and most replies were indicating that there was no TLS 1.2 support in ASP.NET 3.5 and it would not be supported which is not true.

Microsoft released upgrade a while ago which added TLS 1.2 support for ASP.NET 3.5. Chances are that you already have it installed on the server but if not, you can download it here. If you get the error: “The update is not applicable to your computer.” it’s probably already installed. Continue reading

How to schedule Windows Update to install updates at certain time in Windows Server 2012

In previous releases of Windows Server, the updates were installed during a maintenance period and rebooted if required right after the update. The day and time was configurable so that this would have minimal effect during peak hours.

This however changed in Windows Server 2012. The default setting downloads the available updates and notifies the user and requires user action within one day. After one day the updates are installed as soon as possible and forces reboot on the server. On production servers this is not appropriate behaviour as it may force reboot at critical time causing very unpredictable downtimes.

Luckly this can be configured although it’s not located in same place as in previous versions of Windows Server. Here’s a step by step tutorial on how to configure the updates to automatically install at 3am on Sundays:

1. Open the Local Group Policy Editor

Either search for “Edit Group Policy” or open the gpedit MMC snap-in using Run

gpedit.msc

Continue reading

How to patch Windows server 2012 R2 to resolve the MS15-034 vulnerability

The vulnerability could allow remote code execution if an attacker sends a specially crafted HTTP request to an affected Windows system. All Windows servers 2008 R2 and 2012 are affected!

Windows Update seems to have done the trick automatically for my 2008 R2 servers but the 2012 servers are still affected after installing the latest updates.

How to check if you are affected?

If you have a Linux server lying around, type this command:

wget --header="Range: bytes=18-18446744073709551615" http://serverip/iis-85.png

Continue reading

How to install and configure WordPress hosted on Nginx with PHP-FPM on Debian based distros

Nginx is an open source web server. Users have been moving to Nginx because of the high performance and stability and as of February 2014, Nginx is hosting around 15% of all web servers according to Netcraft’s Web Server Survey. Nginx is a great option for hosting WordPress sites.

It’s assumed that you have already installed Nginx with PHP-FPM. If you haven’t already done that, you can use this tutorial: How to install Nginx with PHP and MySql support on wheezy

1. Create the database for WordPress

mysql -u root -p
CREATE DATABASE {database};
CREATE USER {username}@localhost;
GRANT ALL PRIVILEGES ON {username}.* TO {database}@localhost IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;
exit

Continue reading

How to enable/disable the VMware ESXi 5.x firewall

I just installed a fresh VMware ESXi 5.5 and configured the firewall using vSphere client to not allow remote connections. When testing the firewall I noticed that the rules weren’t working. There seems to be no way to see the status of the firewall or enable/disable it through vSphere but it turned out to be disabled by default.

To enable the firewall, log in to SSH and type this command:

esxcli network firewall set --enabled true

Continue reading

Export certificate and private key from a pfx file

When moving certificates from Windows servers to Linux you may need to export the private key and certificate from a pfx file. This is how it’s done:

1. Export the private key

openssl pkcs12 -in cert.pfx -nocerts -out cert.key.wpass

Replace cert.pfx with the certificate exported from Windows. The private key will be exported to cert.key.wpass including a password that you need to selecting in this step Continue reading