Posted on

Creare la firma per la posta elettronica

Create un  file html vuoto. Es :

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<meta name="format-detection" content="telephone=no">
<title>Mia Firma</title>
<style></style>
</head>
<body></body>
</html>

IMMAGINI

NON INSERIRE IMMAGINI che siano .jpg, .gif, .bppm o altro. Questo perché creano problemi in fase di ricezione al destinatario e il più delle volte i client moderni bloccano risorse esterne e chiedono di volta in volta il consenso al download.

E’ facile aggirare il problema, preparare l’immagine o le immagini che vogliamo utilizzare con le dimensioni finali che vogliamo e bisogna trasformarle in codice html, ci sono molti convertitori online es: https://html.imageonline.co/ (oppure cercare su Google “image to html converter”).

Verrà restituito il codice o una pagina html contenente il tag che ci interessa, è un tag ‘<img’ molto lungo solitamente. Maggiore è la complessità dell’immagine maggiore sarà la lunghezza del tag ma non preoccupiamocene, copiamolo e incolliamolo all’interno del file .html della firma che stiamo creando.

<body>
<img src="data:image/png;base64,iVBORw0KGgoAAA........................
................." alt="logo.png" style="max-width:100%;">

FONT

utilizzare font generici (sanf-serif ad esempio) installati su tutti i pc (considerare tutti i casi, Windows 7 e 10, Linux, Mac le varie versione, ma anche Android e iOS).

Se si ha necessità di un font particolare o uguale su tutte le piattaforme utilizzare GOOGLE FONT (se si ussero i file dei font caricati in firma ci sarebbero 2 problemi: primo più scomoda messere su firma nei client secondo i client vedrebbero i font come elemento esterno chiedendo di volta in volta il consenso al download).

Andare su https://fonts.google.com/, scegliere il font desiderato ed incorporarlo con il metodo ‘Embed’ ‘@import’.

Esempio:

<head> 
<meta http-equiv="content-type" content="text/html; charset=utf-8"> 
<meta name="format-detection" content="telephone=no"> 
<title>Mia Firma</title>
<style>
      @import url('https://fonts.googleapis.com/css2?family=Lato&display=swap');
     .firma { color: #104160; font-size:14px; font-size:16px; line-height:22px; font-family: 'Lato', sans-serif; }
</style>

ISTRUZIONI

  1. La firma deve essere scritta in normale html, il problema viene da Outlook per Windows che utilizza un vecchissimo render hmtl per cui NON conviene utilizzare tabelle complesse o particolari elementi grafici strutturali (piuttosto utilizzare metodo immagini).  Testare in ogni modo la funzionalità almeno su thunderbird e outlook per Win (outlook Mac purtroppo utilizza un altro motore html)
  2. Utilizzare i tag html più comuni (<b>, <a>, <i>, <br />, <span>, <div> ecc ecc) in modo da garantire la compatibilità con tutti gli editor.

NOTE

  • Se si utilizzano tag <table> non preoccuparsi se su thunderbird nella fase di scrittura messaggio i contorni delle tabelle sono tratteggiati di rosso, una volta inviati non appaiono, sono solo righe dell’editor in fase di scrittura.

ESEMPIO

Firma semplice, struttura verticale una riga sotto l’altra, una normale firma insomma (tag <img> molto lungo, ma come spiegato prima è la versione html dell’immagine):

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> 
<meta name="format-detection" content="telephone=no"> 
<title>Mia Firma</title> 
<style>  @import url('https://fonts.googleapis.com/css2?family=Lato&display=swap');      
.firma { color: #104160; font-size:14px; font-size:16px; line-height:22px; font-family: 'Lato', sans-serif; } 
</style>
</head> 
<body>
<div class="firma">
<b>MIA AZIENDA SRL - VENDITA ELETTRONICA </b><br />
40000 Ozzano dell'Emilia (Bologna), via MiaVia4, 7<br />
Tel +39 06 0000000000  Cell +39 335 000000000<br />
<a href="mailto:myemail@miosito.it">:myemail@miosito.it</a><br />
<a href="mailto:myemail.pec@miodito.it">myemail.pec@miodito.it</a><br />
<a href="ttp://www.miosito.it">www.miosito.it</a>
</div>
<br />
<img src="data:image/png;base64,iVBORw0KGgoAAA............
.................. ................." alt="logo.png" style="max-width:100%;">

</body>
</html>

 

Posted on

Configure a Point-to-Site VPN connection via Openvpn on Azure

Create a virtual network

  1. Sign in to the Azure portal.
  2. In Search resources, service, and docs , type virtual network.
  3. On the Virtual Network page, select Create.
  4. On the IP Addresses tab, configure the values

Subnet: If you use the default address space, a default subnet is created automatically.

  • Subnet name: In this example, we named the subnet “FrontEnd”.
  • Subnet address range: The address range for this subnet.

On the Security tab, at this time, leave the default values:

  • DDos protection: Basic
  • Firewall: Disabled

So we will have this configuration (as example) :

  • Address space: 10.1.0.0/16
    Subnet name: FrontEnd
  • Subnet address range: 10.1.0.0/24

Create a virtual network gateway

  1. In the Search the Marketplace field, type ‘Virtual Network Gateway’

SKU: Select the gateway SKU from the dropdown. For Openvpn you need to select VpnGw1 because

Gateway subnet address range: This field only appears if your VNet doesn’t have a gateway subnet. If possible, make the range /27 or larger (/26,/25 etc.)

In this example :

GatewaySubnet: 10.1.1.0/27

Certificates

Certificates are used by Azure to authenticate clients connecting to a VNet over a Point-to-Site VPN connection. You have two options : use a root certificate that was generated with an enterprise solution (recommended), or generate a self-signed certificate.

Generate and export certificates for Point-to-Site using PowerShell

Two steps : generate root certificate; generate client certificate.

root certificate

From a computer running Windows 10 or Windows Server 2016, open a Windows PowerShell console in Admin mode.

Use the following example to create the self-signed root certificate. The following example creates a self-signed root certificate named ‘TestVPNRootCert’ that is automatically installed in ‘Certificates-Current User\Personal\Certificates’.

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=TestVPNRootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign

You can view the certificate by opening certmgr.msc, or Manage User Certificates.

client certificate

Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate.

From a computer running Windows 10 or Windows Server 2016, open a Windows PowerShell console in Admin mode. Identify the self-signed root certificate that is installed on the computer. This cmdlet returns a list of certificates that are installed on your computer.

Get-ChildItem -Path "Cert:\CurrentUser\My"

As output you will see a string and a name for every certificate installed on your machine.

For example :

AED812AD883826FF76B4D1D5A77B3C08EFA79F3F CN=MyOldVPNRootCert

7181AA8C1B4D34EEDB2F3D3BEC5839F3FE52D655 CN=TestVPNRootCert

Declare a variable for the root certificate using the string from the previous step:

$cert = Get-ChildItem -Path “Cert:\CurrentUser\My\7181AA8C1B4D34EEDB2F3D3BEC5839F3FE52D655”

Modify and run the example to generate a client certificate. The result of the following example is a client certificate named ‘TestVPNClientCert’

New-SelfSignedCertificate -Type Custom -DnsName TestVPNClientCert -KeySpec Signature  -Subject "CN=TestVPNClientCert" -KeyExportPolicy Exportable  -HashAlgorithm sha256 -KeyLength 2048  -CertStoreLocation "Cert:\CurrentUser\My"  -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

The client certificate that you generate is automatically installed in ‘Certificates – Current User\Personal\Certificates’ on your computer.

Export the root certificate public key (.cer)

To obtain a .cer file from the certificate, open Manage user certificates. Locate the self-signed root certificate, typically in ‘Certificates – Current User\Personal\Certificates’, and right-click. Click All Tasks, and then click Export. This opens the Certificate Export Wizard.

Select No, do not export the private key, and then click Next

On the Export File Format page, select Base-64 encoded X.509 (.CER)., and then click Next.

For File to ExportBrowse to the location to which you want to export the certificate. For File name, name the certificate file. Then, click Next.

Click Finish to export the certificate. You’ll find a file .cer in location selected.

Export the client certificate

To export a client certificate, open Manage user certificates. The client certificates that you generated are, by default, located in ‘Certificates – Current User\Personal\Certificates’. Right-click the client certificate that you want to export, click all tasks, and then click Export to open the Certificate Export Wizard.

Select Yes, export the private key, and then click Next. IMPORTANT!!!!

On the Export File Format page, leave the defaults selected. Make sure that Include all certificates in the certification path if possible is selected

On the Security page, you must protect the private key, using a password.

On the File to ExportBrowse to the location to which you want to export the certificate. For File name, name the certificate file. Then, click Next.Click Finish to export the certificate.

Add the client address pool

The client address pool is a range of private IP addresses that you specify. The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. Use a private IP address range that does not overlap with the on-premises location that you connect from, or the VNet that you want to connect to.

Open virtual network gateway configuration page, navigate to the Settings section of the virtual network gateway page. In the Settings section, select Point-to-site configuration. Select Configure now to open the configuration page.

In the Address pool box, add the private IP address range that you want to use. VPN clients dynamically receive an IP address from the range that you specify.

For example : 172.16.0.0/24

Tunnel Type : OpenVpn

Authentication Type : Azure certificate

In root certificate section you have to put the root certificate name (in this example TestVPNRootCert).

Open the root certificate file (.cer) with a text editor, such as Notepad. Copy the text as in image and past it in “Public certificate data”

Save Point to Site Configuration.

Download vpn Client clicking on “Download vpn Client” 🙂

Install Openssl

https://slproweb.com/products/Win32OpenSSL.html

Extract the private key and the base64 thumbprint from the .pfx client certificate.

Using OpenSSL on your machine is one way. The profileinfo.txt file contains the private key and the thumbprint for the CA and the Client certificate

openssl pkcs12 -in “C:\myfolder\clientcert_vpn_test.pfx” -nodes -out “C:\myfolder\profileinfo.txt”

Configure openvpn client

Unzip the profile downloaded from virtual network point to site configuration. Next, open the vpnconfig.ovpn configuration file from the OpenVPN folder using Notepad. Open profileinfo.txt in Notepad and copy and paste in vpnconfig.ovpn the sections :

# P2S client certificate
# please fill this field with a PEM formatted cert
<cert>
$CLIENTCERTIFICATE
</cert>
# P2S client root certificate private key
# please fill this field with a PEM formatted key
<key>
$PRIVATEKEY
</key>

IMPORTANT :certificate and kay need to be insert in  openvpncon with  —- begin — and —-end —–