Screen Connect Code Signing

Posted on by

Considerations:

  • Do yourself a favor and get a digicert. I first ordered a comodo cert and discovered that I couldn’t install it into the Azure Keystore.
  • I mostly followed the formal guide, however, I found some bits confusing, specifically the Creating a certificate signing request (CSR) and the app permissions

I based my process heavily on the guide @ Setup Microsoft Azure Key Vault with Verokey/DigiCert Code Signing Certificate

From the above URL:

Enter the details of the new Certificate. You will need to select Certificate issued by a non-integrated CA for the Type of CA.

The subject won’t be used for your certificate issued, but you do need to enter something in the field.

Click Not Configured for the Advanced Policy Configuration to show the new panel.

In the new Panel, For the Extended Key Usage field, add a new value to the end: 1.3.6.1.5.5.7.3.3

This is to enable code signing on the key/certificate.

You need to make the following selections for the Policy Configuration:

No for Exportable Private Key. This will then show more options under Key Type.

Select RSA-HSM or ECC-HSM and a compatible key size.

For RSA-HSM, you need to select a key size of 4096.

Click OK and Create your new Certificate.

You can then go back to the screen connect formal guide. When you get to the section:

Using your code-signing certificate with ScreenConnect

You need to create a new app registration in entra, however the formal guide has an error.

Create a secret by navigating to Certificates & secrets. Create a new client secret, and copy the Secret ID field.

The above line is incorrect, you want to copy the VALUE field as that is the password to the application. It is only displayed once so be sure to copy it!

The app might work with less permissions, but I couldn’t make it work without key vault administrator

Once you’ve created your application. Go back into Azure, back into your keyvault.

Go into the above button.

Select Key Vault Administrator

In the search box that pops up type in the name of your app

then go review and assign

Now wait 15min to ensure everything has applied.

To get the code signer URI:

Go back into your key vault:

click on the certificate, click on the thump print and it should give you the correct URI

Is the above box enter the values you’ve saved, NOTE: Azure Client Secret is the VALUE field from above NOT the SECRET ID.

Click install azure certificate and after a few minutes it should work.

3CX – Speed Dial Keys

Posted on by

I recently had to make 3CX replicate the functionality of a legacy phone system. The legacy phone system allowed staff to dial #00 to #99 and automatically connect to a pre set number. AKA speedials!

To make this work in 3CX v18 was more complicated than you’d expect. In my case, the client had 99 pre-saved speed dials. The official method of doing this is to create 100 outbound rules. To create each outbound rule is a manual process and very time consuming.

As 3CX can’t provide this functionality automatically I had to be a bit exotic to make it work.

Step1 – Create an extension for SpeedDial to use (lets use 100)

Step 2 – Create a new sip trunk. Set the SIP trunk to use the internal IP of the 3CX server. Set the authentication type to: Do not require – IP Based. Set the authentication ID to the number of the extension you created in step 1 and the password to the password in the phone provision section of the extension.

Under the options tab of the SIP trunk:

Scroll down and set: Select which IP to use in Contact and set it to Use this IP address. Set the IP to the IP of the 3CX server.

Step 3 – Create a new Direct in Dial rule, The DID has to be 4 digits long, the first two digits don’t matter but must be consistent with all your direct in dials. Set it to route calls to an external number. Enter the destination number.

Step 4 – Set an outgoing rule as follows. Ensure your speed dial outgoing rule is highest priority.

Lastly –

You should be able to dial #01. When you do, the outgoing rule will remove the # and add 75 so the number dialled will become 7501 internally.

3CX will then connect the call to the set outgoing number.

Why do it this way you might ask? inbound rules support export and import to CSV. As such you can bulk import Speed Dials using this method. It took 5 minutes to setup and save hours or effort. It’s also easy easy to maintain.

SEELE

Posted on by

SEELE (German for soul) is a secret and mysterious organization with influence over the World’s Governments and Organizations

Human Instrumentality Project

Posted on by

Our goal is the forced evolution of humanity.

By injecting a viral pathogen into the community we hope to push forward the rapid advancement of genetic modification via mrna technology.