Cisco UCS “Error creating TP . failed to verify certificate chain, error: Failed to split certificate chain”

The first time I saw this error message in UCSM when creating a TrustPoint by installing a Intermediate CA Certificate, I was lost…I have not idea on what the system is complaining about…

Turns out the system wants to have both Intermediate and Root CA put in together in sequence, like below:

—–BEGIN CERTIFICATE—–
<Intermediate Certificate Contents>
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
<Root Certification Authority Certificate Contents>
—–END CERTIFICATE—–

Get rid of IE11 on Windows 10 (only if absolutely need to)

Update: I kinda regret removing IE11 and wrote this post now. I had to bring it back to fix some weird issue…Without IE11, there are just stuffs stop working on windows 10. If you absolutely need to remove IE11, the use this post. Otherwise, just keep it to avoid unnecessary issues.

Microsoft has it not-so-painful to get rid of IE11 in Windows 10, jusing the “Control Panel\All Control Panel Items\Programs and Features” and then “Turn Windows features on or off”. However after reboot following the IE11 removal, there would be issue with openning html links in Outlook and Onenote for example, even new Edge Chromium is set as the default browser already… Here is a screenshot of the warning message…

Microsoft-Outlook-Your-organizations-polices-are-preventing-us-from-completing-this-action-for-you.jpg

The message is not intuitive at all. What it should really say is “there is no application to handle the HTML link”…

To fix it (for me at least on Windows 10 Pro v1909 Build 18363.752):

  1. Close the outlook/onenote/whatever application has the html link
  2. Open Registry Editor and find following key3.PNG
  3. Make sure the “(Default)” property is set with value “htmlfile”
  4. Modify the value as needed but do backup the registry first
  5. Navigate to following path in the registry editor2
  6. There should not be key “open” and its sub-key “command” listed. If there are, then it is a different issue for you and this post won’t help you.
  7. Create the key “open”, sub-key “command” and set the “(Default)” property to use Edge Chromium.3.PNG
  8. Close the Registry Editor and try the html links again.

 

NOTE: The html link should open in your preferred default browser set in Windows 10. It could be Firefox, Chrome or Edge Chromium regardless of the value set in step 7 above.

Auto Hide bookmark toolbar in Firefox v75

As of Firefox 69, the browser will no longer load userChrome.css by default. The toolkit.legacyUserProfileCustomizations.stylesheets preference needs to be manually set to true to restore this ability.

Until Firefox v72, the old trick was still functioning. With the help from Reddit and Github, here below are the steps to accomplish the same in Firefox v75 (most likely works for v72-74 as well):

  • Go to about:support within Firefox
  • Under Profile Directory, click on Open Directory
  • Create a folder called “chrome” without quotes
  • Enter chrome, right click and create a new text file. Name it “userChrome.css” without quotes
  • Copy and paste the CSS code below into userChrome.css
  • Restart Firefox (make sure “show bookmark toolbar” is checked already)

#PersonalToolbar{
--uc-bm-height: 20px; /* Might need to adjust if the toolbar has other buttons */
--uc-bm-padding: 2px; /* Vertical padding to be applied to bookmarks */
}

:root[uidensity="compact"] #PersonalToolbar{ --uc-bm-padding: 1px }
:root[uidensity="touch"] #PersonalToolbar{ --uc-bm-padding: 6px }

#PersonalToolbar:not([customizing]){
margin-bottom: calc(2px - var(--uc-bm-height) - 2 * var(--uc-bm-padding));
transform: rotateX(90deg);
transform-origin: top;
transition: transform 135ms linear 600ms !important;
z-index: 1;
}

#PlacesToolbarItems > .bookmark-item{ padding-block: var(--uc-bm-padding) !important; }

/* SELECT BOOKMARKS TOOLBAR BEHAVIOR */
/* Comment out or delete either one of these to disable that behavior */


/* Show when urlbar is focused */
#nav-bar:focus-within + #PersonalToolbar{
transition-delay: 100ms !important;
transform: rotateX(0);
}


/* Show when cursor is over the toolbar area */
#navigator-toolbox:hover > #PersonalToolbar{
transition-delay: 100ms !important;
transform: rotateX(0);
}

#PersonalToolbar:not([customizing]){margin-bottom: calc(-1px - var(--uc-bm-height) - 2 * var(--uc-bm-padding));}

Credit: https://github.com/MrOtherGuy/firefox-csshacks/blob/master/chrome/autohide_bookmarks_toolbar.css

Import Saved Logins to Firefox using csv/json file.

If you like me who want to take advantage of the Firefox Lockwise for password management, then check the procedures below to import logins to Firefox using csv file.

Likely you would need a pre-v70 Firefox install if your current firefox is updated. This might be due to the new lockwise.

Steps to Prepare your CSV file and convert to JSON format:

    1. Make sure the headers of CSV file, which contains all your logins, are “hostname”, “username”, “password”, like screenshot in the link.
    2. Convert the CSV file to the JSON format. There are multiple tools and scripts online to assist. I used miller tool on linux to do the conversion.
    3. mlr --icsv --ojson --jlistwrap cat sample.csv

Steps to import the logins:

  1.  On the Pre-v70 Firefox, enable the command line in Browser Console by access “about:config” and set “devtools.chrome.enabled” to be true.
  2. Open the Browser Console by pressing Ctrl+Shift+J
  3. Paste the code below to the Browser Console:
  4. When prompted, paste the content of your json file.

signons = '[{"username":"xxx","password":"xxx","hostname":"https://"},{more-logins}]';
if (logins = prompt("Logins JSON: [{},{}]",signons)){
try {
logins = JSON.parse(logins);
ChromeUtils.import("resource://gre/modules/LoginHelper.jsm");
LoginHelper.maybeImportLogins(logins);
} catch(e){ console.log(e); }
}

Now you would need to login to the Firefox account so the logins can be synced, which means you would be able to access them in your Firefox account lockwise. Once synchronization is done, you could delete the Pre-v70 firefox from your computer.

Reference&Credit:

https://support.mozilla.org/en-US/questions/1265250#answer-1239491

3G on Cisco 819 Router

After two days of researching and testing, finally it is working. It was not any configuration difficulty but some technology confusion. Plus the configuration sample cisco provides doesnot really work…Here below is my working configure with Telus SIM Card.

chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 30 "OK"
!
!Tried "ATDT*99*1#" and made no difference
!
interface Cellular0
description PrimaryWAN
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer string hspa-R7
dialer watch-group 1
no peer default ip address
async mode interactive
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended nat-list
permit ip 10.100.100.0 0.0.0.127 any
!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
!
ip nat inside source list nat-list interface Cellular0 overload
!
line 3
script dialer hspa-R7
modem InOut
no exec
transport input all
transport output all
!

Under exec mode, create/modify the profile for GSM to match the telus requirement.

cellular 0 gsm profile create 1 isp.telus.com

L2TPv3 Tunnel

Recently got the question: how can we solution a DR site for a medium business customer? Top of my head is Fabric Path or TRILL but not likely they are going to buy and upgrade their infrastructure. So we had to go cheap. I then start to manipulate L2TPv3 tunnel setup in GNS3.

topology

Since it is lab, why not go fancy: L2TPv3 “mesh” over IPsec!!!

I spent too much time on manipulating configuration already so just attached the configuration file below for your reference. If you think there is content from your publishing, then that is probably because I was reading yours during my troubleshoot…So please contact me if you prefer to have your name listed for credit 🙂

+++++++++++++++ISP++++++++++++++++++
hostname ISP
!
interface Loopback0
ip address 10.0.4.4 255.255.255.255
!
interface FastEthernet 0/0
ip address 4.1.1.4 255.255.255.0
speed 100
full-duplex
no shut
interface FastEthernet 0/1
ip address 4.2.2.4 255.255.255.0
speed 100
full-duplex
no shut
!
interface FastEthernet1/0
ip address 4.3.3.4 255.255.255.0
speed 100
full-duplex
no shut
!
router ospf 1
router-id 10.0.4.4
network 0.0.0.0 255.255.255.255 area 0
+++++++++++++++HQ++++++++++++++++++
hostname HQ
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
!
interface FastEthernet 0/0
ip address 4.1.1.1 255.255.255.0
speed 100
full-duplex
no shut
!
router ospf 1
router-id 10.0.1.1
network 0.0.0.0 255.255.255.255 area 0
!
l2tp-class L2TPV3class
authentication
password L2TPV3
!
pseudowire-class HQ2R2
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
interface FastEthernet0/1
description HQ_LAN_R2Branch
no ip address
no shut
no cdp enable
xconnect 10.0.2.2 100 encap l2tpv3 manual pw-class HQ2R2
l2tp id 100 200
l2tp hello L2TPV3class
!
pseudowire-class HQ2R3
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
interface FastEthernet1/0
description HQ_LAN_R3Branch
no ip address
no shut
no cdp enable
xconnect 10.0.3.3 101 encap l2tpv3 manual pw-class HQ2R3
l2tp id 103 301
l2tp hello L2TPV3class
+++++++++++++++Branch2++++++++++++++++++
hostname Branch2
!
interface Loopback0
ip address 10.0.2.2 255.255.255.255
!
default inter fa0/0
interface FastEthernet 0/0
speed 100
full-duplex
ip address 4.2.2.2 255.255.255.0
no shut
!
router ospf 1
router-id 10.0.2.2
network 0.0.0.0 255.255.255.255 area 0
!
l2tp-class L2TPV3class
authentication
password L2TPV3
!
pseudowire-class R22HQ
encapsulation l2tpv3
protocol none
ip local interface Loopback0
!
interface FastEthernet1/0
description R2Branch_LAN_HQ
no ip address
no shut
no cdp enable
xconnect 10.0.1.1 200 encap l2tpv3 manual pw-class R22HQ
l2tp id 200 100
l2tp hello L2TPV3class
!
+++++++++++++++Branch3++++++++++++++++++
hostname Branch3
!
interface Loopback0
ip address 10.0.3.3 255.255.255.255
!
interface FastEthernet 0/0
speed 100
full-duplex
ip address 4.3.3.3 255.255.255.0
no shut
!
router ospf 1
router-id 10.0.3.3
network 0.0.0.0 255.255.255.255 area 0
!
l2tp-class L2TPV3class
authentication
password L2TPV3
!
pseudowire-class R32HQ
encapsulation l2tpv3
protocol none
ip local interface Loopback0
default inter fa1/0
interface FastEthernet1/0
description R3Branch_LAN_HQ
no ip address
no shut
no cdp enable
xconnect 10.0.1.1 301 encap l2tpv3 manual pw-class R32HQ
l2tp id 301 103
l2tp hello L2TPV3class
!
++++++++++++HQ IPSec Configure+++++++++++++++
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key 1tunnel2connect address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set HQ-TRANSFORM esp-3des esp-sha-hmac
!
crypto map HQ2Others 100 ipsec-isakmp
set peer 4.3.3.3
set transform-set HQ-TRANSFORM
match address 110
crypto map HQ2Others 200 ipsec-isakmp
set peer 4.2.2.2
set transform-set HQ-TRANSFORM
match address 100
!
access-list 100 permit ip host 4.4.4.1 host 4.2.2.2
access-list 110 permit ip host 4.4.4.1 host 4.3.3.3
!
interface FastEthernet0/0
crypto map HQ2Others
!
++++++++++++Branch2 IPSec Configure+++++++++++++++
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key 1tunnel2connect address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set R2-TRANSFORM esp-3des esp-sha-hmac
!
crypto map R22HQ 100 ipsec-isakmp
set peer 4.1.1.1
set transform-set R2-TRANSFORM
match address 100
!
access-list 100 permit ip host 4.2.2.2 host 4.1.1.1
!
interface FastEthernet0/0
crypto map R22HQ
!
++++++++++++Branch3 IPSec Configure+++++++++++++++
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key 1tunnel2connect address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set R3-TRANSFORM esp-3des esp-sha-hmac
!
crypto map R32HQ 100 ipsec-isakmp
set peer 4.1.1.1
set transform-set R3-TRANSFORM
match address 100
!
access-list 100 permit ip host 4.3.3.3 host 4.1.1.1
!
interface FastEthernet0/0
crypto map R32HQ