Networking and Protocol - chanandrew96/MyLearning GitHub Wiki
SSL & TLS
To check your device SSL & TLS setting, enable/disable SSL & TLS
You may reference to the PowerShell script Check_And_Toggle_SSL_TLS_Protocol.ps1
The script provided a simple GUI to easy checking and update
For the basic checking & modify script without GUI (SSL & TLS)
Reference to the PowerShell Script Check_SSL_TLS_Enabled.ps1
Enable Protocol
Use script below and change the value
In case there are already item exist, you may use the script in Disable Protocol to remove it first
| Script | Value | Sample |
|---|---|---|
| [PROTOCOL] | The protocol to modify | SSL 3.0 |
| [CLIENT/SERVER] | The side of protocol used to modify | Option: "Server" / "Client" |
| [ENABLE] | Enable or Disable the protocol | Option: "0" (Disabled) / "1" (Enabled) |
New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\[PROTOCOL]\[CLIENT/SERVER]" -Force | Out-Null
New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\[PROTOCOL]\[CLIENT/SERVER]" -Name "Enabled" -Value [ENABLE] -Type DWord -Force | Out-Null
read-host "Press ENTER to exit..."
Disable Protocol
| Script | Value | Sample |
|---|---|---|
| [PROTOCOL] | The protocol to modify | SSL 3.0 |
| [CLIENT/SERVER] | The side of protocol used to modify | Option: "Server" / "Client" |
Remove-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\[PROTOCOL]\[CLIENT/SERVER]" -Recurse -Force
read-host "Press ENTER to exit..."
SSL connection check
To check if the SSL connection is available between your device and other device (like your database server)
You may reference to the PowerShell script Test_SSL_Connection.ps1
Update Line 2 & 3 with your server information before execute
# Replace with you server/domain/IP address
$server = "SERVER_NAME"
# Replace with the port you would like to connect
$port = 11433
Create Self-Signed CA Certificate
To use SSL connection, CA Certificate must be installed
You may create self-signed CA Certificate for testing
Reference to the PowerShell script Generate_Self_Signed_CA_Cert.ps1 using RSA to create self-signed CA certificate
Modify value from line 2 - 7 for your certificate
$certName = "MySelfSignedCA"
$certFriendlyName = "My Self-Signed CA Certificate"
$certPassword = "Unisys2008"
$certDays = 3650
$certPath = "C:\temp\Self_SignedCA_Cert"
$exportCertpfxPath = "C:\temp\Self_SignedCA_Cert\${certName}.pfx"