make sharepoint (and asp.net) faster by bypassing internet certificate checks

NOTE that all that means less security.

Part 1: tell you machine that you are MS certificate domain

 Run -> drivers -> etc -> edit the "hosts" file.
add "127.0.0.1 crl.microsoft.com"
sometimes the machine will not let you to edit the file directly so just make a copy, edit it and paste it back.

Part 2: tell .Net to to check certificates

run this powershell script that will put something in the registry that tells .Net to to try and check the certificates, this is the PS:

get-ChildItem REGISTRY::HKEY_USERS | foreach-object {set-ItemProperty -path ("REGISTRY::\" + $_.Name + "\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing") -name State -value 146944}

NOTE that you will get multiple errors running this script, since it does not test which item in the final sub folder is valid. 

in order to test if the script worked you will need to go deep in to that sub folder and look for a value named "State" and see that its value is "146944". sorry but this is not the place to explain it, you're welcome to google it.

to do that do:
Run -> regedit -> HKEY_USERS -> something with a guid but without "Classes" in it -> the path up in the script



Part 3: tell your apps/websites to skip checks

this is a simple one, just add to the web.config under <runtime> these two:
    <bypassTrustedAppStrongNames enabled="true" />
    <generatePublisherEvidence enabled="false" />

Part 4: tell your machine to cut timeouts.

Control Panel > Search for Policy > click Edit Group Policy > Computer Configuration >  Windows Settings > Security Settings > Public Key Policies > double click Certificate Path Validation Settings > click Tab Network Retrieval > click top check box to turn all check boxes on > set the 2 timeout values to 1. see Graphic  below. (i also did it in "Revocation" tab)





Comments

Post a Comment

Popular posts from this blog

OverTheWire[.com] Natas Walkthrough - JUST HINT, NO SPOILERS

game portal: http://overthewire.org/wargames/natas/ PASSWORDS for each level are stored in /etc/natas_webpass/natasX I made this walkthrough for people like me, i needed some help, but didnt want the spoiler, so here i will give you all the information needed to pass each level, yet not the solution. For levels needed custom web request i made a different post for powershell and javascript  with how-to's, since is a piece of learning for itself, and also for those of us that play at work and have only powershell at their hands. Although its not a complete spoiler there, its quite most of the solution so try yourself 1st. Natas The Natas game is from basic to advances web hacking. Every few levels is about whole new exploitation (with some harder ones doing comeback later), so a lot of learning. If you're new, you're the reason i am writing so much even for the 1st level, just please google EVERY topic you see, since in the following levels i assume you know the
Read more

SOLVED The item could not be indexed successfully because the item failed in the indexing subsystem

if you got an error like this The item could not be indexed successfully because the item failed in the indexing subsystem. ( The item could not be indexed successfully because the item failed in the indexing subsystem.; Failed to recover content group; Aborting insert of item in Link Database because it was not inserted to the Search Index.; ; SearchID = 04081656-B51B-4DCD-96D4-6DB2D2CEEEE7 ) as well as these: The item could not be indexed successfully because the item failed in the indexing subsystem. ( The item could not be indexed successfully because the item failed in the indexing subsystem.; Caught exception when preparing generation GID[7]: (Previous generation (last=GID[6], curr=GID[7]) is still active. Cannot open GID[7]); Aborting insert of item in Link Database because it was not inserted to the Search Index.; ; SearchID = 92EB0180-C086-4853-BED8-F4878D9748AD ) the solution for me was to clear configuration cache (PS)  and then restart SP Search Services. THX to m
Read more

Asp.Net Ending Response options, Response.End() vs CompleteRequest()

this blog is for any1 who get the ThreadAbortException when caling Response.End(), and then tried the other options such as HttpContext.Current.ApplicationInstance.CompleteRequest() and found out that there was no replacement. i'll start with the bottom line: if you want to stop right now your response and send it as is you dont have any other option other than Response.End(), period and it's the right thing to throw that EX in that case. the answer is its because there is the "HTTP pipeline" and the "Asp.Net pipeline", and CompleteRequest() cuts the HTTP pipeline but not the Asp.Net one so everything that is from handlers forwars (including all page events) continues but your part, the asp one, stays in your hands so that no information will be lost, so ur suppose to manage your code currectly, since information lost is really a bad thing, although in most cases we use Response.End() we know what we are losing and we want it. see this short article ab
Read more