Author: Lisa

Sausage Egg McMuffins, quasi AIP

Cassava flour rolls, vegan cheese, and ground pork with spices to somewhat mimic sausage.

Ingredients:

2 cups cassava flour
1 Tbsp baking powder
1 tsp salt
3 eggs
1/4 cup coconut oil
2 Tbsp maple syrup
2 tsp yeast
1 cup warm water

Combine water, maple syrup, and yeast. Allow to sit for about ten minutes until it is very frothy.
Mix dry ingredients, combine with wet ingredient, allow to rise for an hour. Shape into rolls and allow to rise for 30 minutes.
Bake at 350 for 25-30 minutes

Green Banana Hash

I made green banana hash tonight to go with our pork chops and broccoli. Microwaved four green bananas for five minutes (cut off ends, cut along back to cut through the peel, then microwave). I let them sit about ten minutes to cool down, then removed the peel. Diced into small pieces and then smashed some to make really small pieces. Added a little salt, then sauteed in coconut oil until crispy. They’re really good – and with bright green bananas, they do a very good impression of potatoes.

Venafi Cert Issuance Fails after Windows 2022 Upgrade

Certificate Issuance Fails

After requesting a certificate, the request immediately fails with the error:

Failed to post CSR with error: Unknown certificate profile type.

I think it is just a coincidence, but wanted to document the scenario in case it comes up again. The application makes web calls to a vendor API to issue certs. The API calls, after the upgrade, were failing.

In this scenario, a call was being made to {base_url}/api/ssl/v1/types, the connection failed. Since the list of valid certificate profiles could not be retrieved, the request failed saying the certificate profile was unknown.

GET https://hard.cert-manager.com/api/ssl/v1/types?organizationId=####

Looking at a debug trace, the following flow was observed:

  • Authentication headers sent: login=<REDACTED>, password=<REDACTED>, customerUri=<REDACTED>
  • Transport-level failure (no HTTP status returned on the failing attempt)
    • Symptoms: “Decrypt failed with error 0X90317” followed by “The underlying connection was closed: The connection was closed unexpectedly.”
    • Context: Revocation checks reported “revocation server was offline,” then the client proceeded; long idle/keep-alive reuse likely contributed to the close.

 

Connection reuse vs server keep-alive: Apache is advertising Keep-Alive: timeout=3. The .NET client is reusing long-idle TLS connections via the proxy; by the time it sends application data, the server/proxy has already closed the session, leading to “underlying connection was closed” errors.

Revocation checks through the proxy: The .NET trace shows “revocation server was offline” before proceeding. That extra handshake work plus proxy blocking CRL/OCSP can increase latency and contribute to idle reuse issues.

.NET SChannel quirks: Older HttpWebRequest/ServicePoint behaviors (Expect100-Continue, connection pooling) can interact poorly with short keep-alive servers/proxies.

Luckily, this is a .NET application, and you can create custom configuration files for .NET apps. In the file with the binary, look for a text file named BinaryName.exe.config

If none exists, create one. The following disables the proxy:

<?xml version=”1.0″ encoding=”utf-8″?>
<configuration>
<system.net>
<!– Turn off use of the system proxy for this app –>
<defaultProxy enabled=”true”>
<proxy usesystemdefault=”false” />
</defaultProxy>
</system.net>
</configuration>

 

Client Connections to HTTPS IIS Site Fail After Upgrade to Windows Server 2022

Client connections to the HTTPS IIS site failed with the following error:

Secure Connection Failed

An error occurred during a connection to certmgr-dev.uniti.com.

PR_CONNECT_RESET_ERROR

Error code: PR_CONNECT_RESET_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem.

 

The IIS site was set to “accept” client certificates.

  • Client Certificates = Accept means IIS/HTTP.sys will try to retrieve a client certificate only if the app touches Request.ClientCertificate (or a module that maps/validates client certs). That retrieval is done via TLS renegotiation in TLS 1.2.
  • On Server 2022, browsers prefer TLS 1.3. TLS 1.3 does not support the old renegotiation used to fetch a client cert mid‑request. When your app/module at “/” accesses the client cert, IIS attempts renegotiation, fails, and the connection is reset.

Setting Client Certificates to “Ignore” prevents IIS from attempting to renegotiate, so the site loads. This obviously isn’t a solution if you want to use client certificates to authenticate … but we’re authenticating through Ping, so don’t actually need the client certs.

Green Banana Pancakes

Another attempt to make a less inflammatory version of pancakes – this recipe was superb. Fluffy pancakes (not light and fluffy, almond flour makes a denser, heavier pancake), very tasty, and incredible paired with cherry juice and cherries.

Ingredients:

  • 2 green bananas, steamed and mashed
  • 1 cup almond flour
  • 2 tbsp cassava flour
  • 1 tbsp maple syrup
  • 1 tsp baking powder
  • 1/2 tsp salt
  • 3/4 cup almond milk
  • 1 egg, beaten
  • 2 tbsp coconut oil or olive oil

Method:

Steam the bananas in the microwave (about 5 minutes) or boil them (20 minutes). Allow to cool, peel, and then mash.

Mix the dry ingredients together. Mix the wet ingredients together and combine with mashed bananas. Slowly combine the wet and dry ingredients.

Allow batter to sit for 10 minutes (almond flour will absorb moisture, so it will thicken as it rests)

Over medium low heat, cook pancakes. Pour some batter into the pan. When bubbles start to form and not pop, flip and cook for a few more minutes.

For a sauce, I heated juicy frozen cherries. The cherry juice was drizzled over the pancakes, and the cherries were served on top.