András Tóth‘s professional blog
banditoth.net

Hey there 👋, I’m banditoth a .NET MAUI developer from Hungary.
I write about software development with .NET technologies.

You can find me on:
LinkedIn | Github | StackOverflow | X / Twitter | Threads

Tag: windows server

  • Prepare your Windows servers for Apple’s APNs certificate update

    Apple has announced an important change to the Certification Authority (CA) for Apple Push Notification service (APNs). The update to APNs server certificates will take effect in the sandbox environment on January 20, 2025, and in the production environment on February 24, 2025.

    To ensure uninterrupted push notification services, developers must update their application’s Trust Store to include the new SHA-2 Root: USERTrust RSA Certification Authority certificate before the respective cut-off dates.

    If You Use Firebase or Microsoft Azure Notification Service

    If your application uses Firebase Cloud Messaging (FCM) or Microsoft Azure Notification Hubs, you probably do not need to take any action. These services manage push notifications on behalf of your application, handling all necessary certificate updates internally. Google and Microsoft will ensure their backend services are updated with the new APNs root certificate, so you won’t need to manually update your Trust Store unless you have custom implementations that directly communicate with APNs.

    If you directly connect to Apple’s APNs with Windows Servers

    Then read on.
    It is essential that all Windows servers communicating with APNs trust both the old and new certificates to avoid any disruptions. Below are the steps to correctly import the new root certificate into your Windows servers.

    Steps to Update the APNs Certificate on Windows Servers

    Step 1: Download the New Root Certificate

    1. Open your web browser and navigate to the official certificate provider’s page: Sectigo Intermediate Certificates
    2. Locate and download the USERTrust RSA Certification Authority root certificate in .cer or .crt format.

    Step 2: Open Certificate Manager

    1. Press Win + R to open the Run dialog.
    2. Type certmgr.msc and press Enter.
    3. The Certificate Manager will open, allowing you to manage trusted certificates.

    Step 3: Import the New Root Certificate

    1. In Certificate Manager, expand the Trusted Root Certification Authorities folder.
    2. Right-click on the Certificates subfolder.
    3. Select All Tasks > Import.
    4. The Certificate Import Wizard will appear. Click Next.
    5. Browse to the location where you saved the downloaded certificate and select it.
    6. Click Next and follow the prompts to complete the import process.

    Step 4: Verify the Import

    1. After the import is complete, navigate to Trusted Root Certification Authorities > Certificates.
    2. Confirm that the USERTrust RSA Certification Authority certificate is listed.

    Step 5: Update Group Policy (for Domain-Joined Computers)

    If your Windows servers are part of a domain, updating the Group Policy will ensure that all connected machines receive the updated certificate.

    1. Open Group Policy Management Console.
    2. Create or edit an existing Group Policy Object (GPO).
    3. Navigate to Computer Configuration > Windows Settings > Security Settings > Public Key Policies.
    4. Right-click on Trusted Root Certification Authorities and select Import.
    5. Follow the wizard to import the new root certificate.
    6. Apply the GPO to all required machines and restart them if necessary.

    Sources

    https://developer.apple.com/news/?id=09za8wzy

    https://developer.apple.com/news/upcoming-requirements/?id=01202025a

  • Windows : Allow your programs through Windows Firewall

    This content has 4 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

    Search for applications with “firewall” keyword.
    On Windows 10 – You will need Windows Defender Firewall with Advanced Security.

    Click on “Inbound rules”, and on the right pane, select “New Rule..”.

    Select The Port Option

    If you want a specific port to unlock, select the port option. Select the correct transport protocol and port number on the next step

    You can name your rule. It is recommended to choose a name, that describes the application which uses this port.

    Your port now accessible on your local network. If you want to unlock a port to the Internet, you need to set up a port forward in your router’s settings.

  • Windows: “Leírás nélküli hiba történt”

    Windows: “Leírás nélküli hiba történt”

    This content has 6 years. Some of the information in this post may be out of date or no longer work. Please, read this page keeping its age in your mind.

    “Leírás nélküli hiba történt” mondják a Magyar Windows Server 2008-tól felfelé található verziói, felhasználó hozzáadásánál.

    A probléma előidézése a következőképpen: Szerveren megnyitjuk a Számítógép kezelést, azon belül a Felhasználók és Csoportok lapon a Felhasználóknál új felhasználót szeretnénk felvinni, akinek a jelszava soha nem jár le, és a felhasználó nem módosíthatja a jelszót (Ezeknek a variációját nem próbáltam,  de ebben az esetben mindenképpen találkozunk a problémával.)

    Amennyiben a jelszó túl könnyűnek számít, az adminisztrátor abban az esetben találkozik a fent említett hibaüzenettel.

    A Windows csoportházirendében van egy Password policiryre vonatkozó beállítás, amellyel engedélyezhetjük a könnyű jelszavak használatát, de ennek állítása nem ajánlott, főleg kiszolgálókon.

    Ajánlott megoldás: Válasszunk egy erős jelszót, amelyben kis- nagybetűk szerepelnek, számokkal együtt, és legalább 8 karakter hosszúak.