JavaScript to Encrypt with Certificate
I have been having touble debugging this code. It fails on "this.encryptForRecipients". Please help!! I have double (triple) checked my typing, and I can't seem to find anything incorrect, excepting that I have one item in 'oGroup', not an array.... I am currently trying to execute this from the console, before i create a folder level JS. I would prefer to use oEntity with out firstName, lastName, and fullName.
Thank you all for yout help!
var cerPath = "/C/Documents and Settings/rrh/Desktop/Sample/";
var cerFile = "01PCH004.cer";
var oCert = security.importFromFile("Certificate", cerPath + cerFile);
var oEntity = {firstName:"Fred", lastName:"Smith", fullName:"Fred Smith", certificates:oCert, defaultEncryptCert:oCert};
this.encryptForRecipients({oGroups:[{userEntities:oEntity, permissions:{allowPrinting:"highQuality"}}],
bMetaData : true});
InvalidArgsError: Invalid arguments.
Doc.encryptForRecipients:7:Console undefined:Exec
undefined
-rogge
The variable oEntity was not an array. Brackets were added to make the variable a one element array:
var oEntity = [{firstName:"Fred", lastName:"Smith", fullName:"Fred Smith", certificates:oCert, defaultEncryptCert:oCert}];
Similar Messages
-
File to SOAP (Synchronous) with certificates Encryption and Descryption
Hi,
Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
Thanks,
Naidu.For file to soap sync scenario without using BPM, you need to use the following adapter modules.
http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
For applying certificates, you need to configure SSL on java stack.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
Regards,
Prateek -
Does Adobe Reader for iOS and Android Support Encryption with PKI Solution?
Hello there,
I have been searching for an answer whether or not Adobe Reader for iOS and Android can read encrypted PDF files by public key infrastructure solution (encrypted by a public key, to be decrypted by its private key pair), but to date I have not found the answer. From the Adobe web site, I understand that Adobe Reader for Android supports to read encrypted document by AES256 but it does not mention about PKI. I had to guess that it does not support encryption with PKI but I would just like to get a formal answer, and would like to know whether Adobe Reader Mobile will support it.
Thanks!
MasayaHi there,
Now we have Acrobat DC Mobile but I am still wondering if encryption/description using PKI solution (digital certificates) is supported. Could anyone let me know? Thank you.
Masaya -
Configuration/Setup for securing PI messages with certificates
Hello Experts,
I'm looking for some guidance/suggestions/direction in regards to installing and using certificates when exchanging data with trading partners via PI 7.0. It's something new to us and it's been a bit of a struggle.
In scenario 1, we want to send to, and receive from, xml documents with a partner. We currently send from our PI system, but want to receive the messages back thru an F5 network (?) which would decrypt the message and pass it along to PI. This also takes care of load-balancing.
In scenario 2, we want to exchange EDI messages using the AS2 Adapter from Seeburger. Again, messages would be sent from PI and received by the F5 network.
The F5 would act as the SSL termination point (if that's the correct term), and pass the decrypted message to PI via a normal http transfer.
We are storing our partners' certificates within PI, and configuring the communication channels to use them. Is this correct? Do they need to be stored on the F5 as well? Do we then give them our certificate from the F5, or do they need a certificate from our PI server, or both?
I guess what I'm looking for is some straight-forward SSL 101 documentation, especially where it applies to middleware like the F5. Thanks in advance for any help you can give.Hi,
Just a quick note on the certificates; if you want to encrypt messages sent from PI you need the public key of the receiver stored in PI (J2EE key store) with which to encrypt the messages. When receiving files back from partners, they would need to encrypt the messages with the public key of F5 certificate. F5 would then use its private key to decrypt the message before passing to PI.
So, yes, you are correct to store the certificates of your partners in PI which will be used in encryption of outbound messages. F5 would only need the private keys of the certificate that your partners have encrypted with, no need for PI certificates to be stored in F5 (unless you also need digital signatures).
Hope this helps.
Br,
Kenneth -
Ability to sign emails with certificates
Hi all,
I was just wondering if anyone had been able to setup their email on the iphone (I am using a mobile me account which syncs - I don't know the terminology) with digital signatures.
I have setup my macbook that, when I compose an email, I can sign it with a free certificate I got from Comodo.
I was wondering if there was a way of setting up the iphone so that I can also sign the messages I compose when I am about?
I had a look at the iphone configuration utility (briefly) but got scared that I might change some other setting and break my phone (everything else is working so nicely).
Is there any guides as to how set this up (am happy to look at the iphone utility if I could get all the current settings I have loaded onto it and then just change the required changes). I don't know if this is even allowed in the device...
Any information would be helpful
Cheers
AusQBallHi Sean,
Thanks for replying but I am not sure that the application does quite what I am after...
I am not trying to add an image with my signature on it but rather add a cryptographic signature which allows the recipient to know that it came from me. My knowledge on this topic is a little sketchy but I think that, for it to work, a hash of the entire message would need to be calculated and then encrypted with a private key found in my signature certificate (which only I have). The recipient can then check that the message has not been altered using the public key (provided in the email and signed by a certificate authority) to confirm that the hashes match.
Please reply if I have misunderstood something with the application.
Also thank you for looking into this for me. Any help is appreciated.
Cheers
AusQBall -
Example provided is on 1941 ISR routers with 15.2(2)T1 software. One router has 15.3(1)T.
IKEv2 with pre-shared key comes up fine.
IKEv2 with certificates gives auth exchange fail error
IKEv1 with same certificates comes up fine.
The above were Microsoft CA certificates.
I tried with IOS CA certificates, still auth exchange fail error.
Same results with 3945 and 2911 routers on IOS 15.1(2)TThis is details of how I got it working.
sho tech ipsec
------------------ show version ------------------
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 29-Feb-12 20:40 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
happy uptime is 30 minutes
System returned to ROM by power-on
System restarted at 20:26:58 UTC Fri Mar 1 2013
System image file is "flash0:c2900-universalk9-mz.SPA.152-2.T1.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1621AJFU
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:
License UDI:
Device# PID SN
*0 CISCO2911/K9 FTX1621AJFU
Technology Package License Information for Module:'c2900'
Technology Technology-package Technology-package
Current Type Next reboot
ipbase ipbasek9 Permanent ipbasek9
security securityk9 Permanent securityk9
uc None None None
data None None None
Configuration register is 0x2102
------------------ show running-config ------------------
Building configuration...
Current configuration : 6483 bytes
! Last configuration change at 20:56:07 UTC Fri Mar 1 2013 by csfc
! NVRAM config last updated at 20:55:05 UTC Fri Mar 1 2013 by csfc
! NVRAM config last updated at 20:55:05 UTC Fri Mar 1 2013 by csfc
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname happy
boot-start-marker
boot-end-marker
security passwords min-length 6
logging buffered 51200 warnings
no logging console
enable secret 4 4Q5iiIH2YznVeGHA3p6Qjm8oBj4LWNDTHjsG21MxgXU
no aaa new-model
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
ip domain name csfc.com
ip name-server 192.168.1.3
no ip cef
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint dc-ca
enrollment terminal
subject-name cn=happy.csfc,c=us
revocation-check none
crypto pki certificate map CRT 10
issuer-name co csfc
crypto pki certificate chain dc-ca
certificate 3F51979A000000000012
3082038E 30820333 A0030201 02020A3F 51979A00 00000000 12300A06 082A8648
CE3D0403 02303B31 13301106 0A099226 8993F22C 64011916 03636F6D 31143012
060A0992 268993F2 2C640119 16046373 6663310E 300C0603 55040313 0564632D
6361301E 170D3133 30333031 31383532 35365A17 0D313530 33303131 38353235
365A3022 310B3009 06035504 06130275 73311330 11060355 0403130A 68617070
792E6373 66633059 30130607 2A8648CE 3D020106 082A8648 CE3D0301 07034200
0429D4D8 F89E295B F7AF826F 86A3F29D EF48FCFF D2374B0F D39CD393 620D3EFD
D484BFA4 3ED08E16 7FDF839D 0FF85690 26C0545C 1B56EC17 7A2E6C1D 5D1A6CD8
DDA38202 36308202 32300B06 03551D0F 04040302 06C0301D 0603551D 0E041604
142DCC8D 554A4853 C4C03B3D 2400E3EA 459406B5 AE301F06 03551D23 04183016
80142389 F56583FC B73D3F11 79A47EAB 96721E76 81AA3081 BB060355 1D1F0481
B33081B0 3081ADA0 81AAA081 A78681A4 6C646170 3A2F2F2F 434E3D64 632D6361
2C434E3D 44432C43 4E3D4344 502C434E 3D507562 6C696325 32304B65 79253230
53657276 69636573 2C434E3D 53657276 69636573 2C434E3D 436F6E66 69677572
6174696F 6E2C4443 3D637366 632C4443 3D636F6D 3F636572 74696669 63617465
5265766F 63617469 6F6E4C69 73743F62 6173653F 6F626A65 6374436C 6173733D
63524C44 69737472 69627574 696F6E50 6F696E74 3081B406 082B0601 05050701
010481A7 3081A430 81A10608 2B060105 05073002 8681946C 6461703A 2F2F2F43
4E3D6463 2D63612C 434E3D41 49412C43 4E3D5075 626C6963 2532304B 65792532
30536572 76696365 732C434E 3D536572 76696365 732C434E 3D436F6E 66696775
72617469 6F6E2C44 433D6373 66632C44 433D636F 6D3F6341 43657274 69666963
6174653F 62617365 3F6F626A 65637443 6C617373 3D636572 74696669 63617469
6F6E4175 74686F72 69747930 3C06092B 06010401 82371507 042F302D 06252B06
01040182 37150881 98D47A81 B6D74A87 A98B18DF C60887B8 D4794787 BCE00C86
9D892C02 01640201 11301306 03551D25 040C300A 06082B06 01050508 0202301B
06092B06 01040182 37150A04 0E300C30 0A06082B 06010505 08020230 0A06082A
8648CE3D 04030203 49003046 022100E7 E5814B90 CE6EABE2 B12C818A 6323160D
632C0551 B765DA29 0CA4BAAC 27325F02 2100E516 11985F3E CDB23FE7 BB91C836
74C457BB 5EA87ED6 3D9DCF41 AE4CDD40 A28F
quit
certificate ca 2C8A76A7904BB4B341B3AAFA9ED387D3
308201DC 30820183 A0030201 0202102C 8A76A790 4BB4B341 B3AAFA9E D387D330
0A06082A 8648CE3D 04030230 3B311330 11060A09 92268993 F22C6401 19160363
6F6D3114 3012060A 09922689 93F22C64 01191604 63736663 310E300C 06035504
03130564 632D6361 301E170D 31333031 32333135 32383435 5A170D31 38303132
33313533 3834345A 303B3113 3011060A 09922689 93F22C64 01191603 636F6D31
14301206 0A099226 8993F22C 64011916 04637366 63310E30 0C060355 04031305
64632D63 61305930 1306072A 8648CE3D 02010608 2A8648CE 3D030107 03420004
EFA5B6B5 BC89C22A B91DDDBB 60034DB9 21655D71 3965177D 9D5956D0 8C45ABC9
38EB4175 44AA06DC 19B94DAB 368AC06C 35077B97 24BE5879 758256FA 03838F2F
A3693067 30130609 2B060104 01823714 0204061E 04004300 41300E06 03551D0F
0101FF04 04030201 86300F06 03551D13 0101FF04 05300301 01FF301D 0603551D
0E041604 142389F5 6583FCB7 3D3F1179 A47EAB96 721E7681 AA301006 092B0601
04018237 15010403 02010030 0A06082A 8648CE3D 04030203 47003044 022010BD
C2ADC8B7 C2C05DB2 CFE2E78A B3A47E2E 8A3193CA 607E4AE3 EEF105F0 42CE0220
056C951C 45ECD966 DFA9BADB 9F1CC71E 8F029C12 F94593A6 21B50A49 C1E62581
quit
license udi pid CISCO2911/K9 sn FTX1621AJFU
username csfc privilege 15 secret 4
username admin privilege 15 secret 4
username Happy privilege 15 secret 4
redundancy
crypto ikev2 proposal prop-1
encryption aes-cbc-256
integrity sha256
group 19
crypto ikev2 policy policy1
proposal prop-1
crypto ikev2 profile default
match certificate CRT
identity local dn
authentication local ecdsa-sig
authentication remote rsa-sig
authentication remote ecdsa-sig
pki trustpoint dc-ca
no crypto ikev2 diagnose error
no crypto ikev2 http-url cert
crypto ikev2 certificate-cache 750
crypto ikev2 fragmentation mtu 1400
crypto logging ikev2
crypto ipsec transform-set SEC esp-aes esp-sha256-hmac
crypto ipsec profile default
set transform-set SEC
set ikev2-profile default
interface Tunnel0
no ip address
interface Tunnel1
ip address 192.168.100.1 255.255.255.0
tunnel source GigabitEthernet0/1
tunnel destination 192.168.11.42
tunnel protection ipsec profile default
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.40 255.255.255.0
duplex full
speed auto
interface GigabitEthernet0/1
ip address 192.168.11.41 255.255.255.252
duplex full
speed auto
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 192.168.2.0 255.255.255.0 Tunnel1
no cdp advertise-v2
control-plane
banner login ^CCPLEEEESE!^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
password
login local
transport input ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
scheduler allocate 20000 1000
sntp server 192.168.1.3 version 3
end
------------------ show crypto tech-support ------------------
------------------ show crypto isakmp sa count ------------------
Active ISAKMP SA's: 0
Standby ISAKMP SA's: 0
Currently being negotiated ISAKMP SA's: 0
Dead ISAKMP SA's: 0
------------------ show crypto ipsec sa count ------------------
IPsec SA total: 2, active: 2, rekeying: 0, unused: 0, invalid: 0
------------------ show crypto isakmp sa detail ------------------
Codes: C - IKE configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal
T - cTCP encapsulation, X - IKE Extended Authentication
psk - Preshared key, rsig - RSA signature
renc - RSA encryption
IPv4 Crypto ISAKMP SA
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
IPv6 Crypto ISAKMP SA
------------------ show crypto ipsec sa detail ------------------
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 192.168.11.41
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.11.41/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (192.168.11.42/255.255.255.255/47/0)
current_peer 192.168.11.42 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 271, #pkts encrypt: 271, #pkts digest: 271
#pkts decaps: 275, #pkts decrypt: 275, #pkts verify: 275
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#pkts no sa (send) 0, #pkts invalid sa (rcv) 0
#pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
#pkts invalid prot (recv) 0, #pkts verify failed: 0
#pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
#pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
##pkts replay failed (rcv): 0
#pkts tagged (send): 0, #pkts untagged (rcv): 0
#pkts not tagged (send): 0, #pkts not untagged (rcv): 0
#pkts internal err (send): 0, #pkts internal err (recv) 0
local crypto endpt.: 192.168.11.41, remote crypto endpt.: 192.168.11.42
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
current outbound spi: 0x1DF8CFFA(502845434)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0xBF473CF2(3209116914)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 5, flow_id: SW:5, sibling_flags 80000040, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4181836/3479)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x1DF8CFFA(502845434)
transform: esp-aes esp-sha256-hmac ,
in use settings ={Tunnel, }
conn id: 6, flow_id: SW:6, sibling_flags 80000040, crypto map: Tunnel1-head-0
sa timing: remaining key lifetime (k/sec): (4181837/3479)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
outbound ah sas:
outbound pcp sas:
------------------ show crypto session summary ------------------
------------------ show crypto session detail ------------------
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Tunnel1
Uptime: 00:02:00
Session status: UP-ACTIVE
Peer: 192.168.11.42 port 500 fvrf: (none) ivrf: (none)
Phase1_id: cn=grumpy.csfc,c=us
Desc: (none)
IKEv2 SA: local 192.168.11.41/500 remote 192.168.11.42/500 Active
Capabilities:(none) connid:3 lifetime:23:58:00
IPSEC FLOW: permit 47 host 192.168.11.41 host 192.168.11.42
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 275 drop 0 life (KB/Sec) 4181836/3479
Outbound: #pkts enc'ed 271 drop 0 life (KB/Sec) 4181837/3479
------------------ show crypto isakmp peers ------------------
------------------ show crypto ruleset detail ------------------
Mtree:
199 VRF 0 11 192.168.11.41/500 ANY Forward, Forward
299 VRF 0 11 192.168.11.41/4500 ANY Forward, Forward
200000199 VRF 0 11 ANY/848 ANY Forward, Forward
200000299 VRF 0 11 ANY ANY/848 Forward, Forward
6553700000000000101 VRF 0 2F 192.168.11.41 192.168.11.42 Discard/notify, Encrypt
6553700000000000199 VRF 0 2F 192.168.11.41 192.168.11.42 Discard/notify, Discard/notify
------------------ show processes memory | include Crypto IKMP ------------------
260 0 5432 880 18424 3 3 Crypto IKMP
------------------ show processes cpu | include Crypto IKMP ------------------
260 0 6 0 0.00% 0.00% 0.00% 0 Crypto IKMP
------------------ show crypto eli ------------------
Hardware Encryption : ACTIVE
Number of hardware crypto engines = 1
CryptoEngine Onboard VPN details: state = Active
Capability : IPPCP, DES, 3DES, AES, IPv6, GDOI, FAILCLOSE, HA
IPSec-Session : 0 active, 3200 max, 0 failed
------------------ show cry engine accelerator statistic ------------------
Device: Onboard VPN
Location: Onboard: 0
:Statistics for encryption device since the last clear
of counters 1826 seconds ago
0 packets in 0 packets out
0 bytes in 0 bytes out
0 paks/sec in 0 paks/sec out
0 Kbits/sec in 0 Kbits/sec out
0 packets decrypted 0 packets encrypted
0 bytes before decrypt 0 bytes encrypted
0 bytes decrypted 0 bytes after encrypt
0 packets decompressed 0 packets compressed
0 bytes before decomp 0 bytes before comp
0 bytes after decomp 0 bytes after comp
0 packets bypass decompr 0 packets bypass compres
0 bytes bypass decompres 0 bytes bypass compressi
0 packets not decompress 0 packets not compressed
0 bytes not decompressed 0 bytes not compressed
1.0:1 compression ratio 1.0:1 overall
Last 5 minutes:
0 packets in 0 packets out
0 paks/sec in 0 paks/sec out
0 bits/sec in 0 bits/sec out
0 bytes decrypted 0 bytes encrypted
0 Kbits/sec decrypted 0 Kbits/sec encrypted
1.0:1 compression ratio 1.0:1 overall
------------------ show cry isakmp diagnose error ------------------
Exit Path Table - status: disable, current entry 0, deleted 0, max allow 10
------------------ show cry isakmp diagnose error count ------------------
Exit Trace counters
------------------ show crypto call admission statistics ------------------
Crypto Call Admission Control Statistics
System Resource Limit: 0 Max IKE SAs: 0 Max in nego: 1000
Total IKE SA Count: 0 active: 0 negotiating: 0
Incoming IKE Requests: 0 accepted: 0 rejected: 0
Outgoing IKE Requests: 0 accepted: 0 rejected: 0
Rejected IKE Requests: 0 rsrc low: 0 Active SA limit: 0
In-neg SA limit: 0
IKE packets dropped at dispatch: 0
Max IPSEC SAs: 0
Total IPSEC SA Count: 0 active: 0 negotiating: 0
Incoming IPSEC Requests: 0 accepted: 0 rejected: 0
Outgoing IPSEC Requests: 0 accepted: 0 rejected: 0
Phase1.5 SAs under negotiation: 0
sho ip int bri
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.1.40 YES NVRAM up up
GigabitEthernet0/1 192.168.11.41 YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
Tunnel0 unassigned YES unset up down
Tunnel1 192.168.100.1 YES NVRAM up up
happy#
happy#sho crypto pki cert verb
Certificate
Status: Available
Version: 3
Certificate Serial Number (hex): 3F51979A000000000012
Certificate Usage: Signature
Issuer:
cn=dc-ca
dc=csfc
dc=com
Subject:
Name: happy.csfc
cn=happy.csfc
c=us
CRL Distribution Points:
ldap:///CN=dc-ca,CN=DC,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=csfc,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
Validity Date:
start date: 18:52:56 UTC Mar 1 2013
end date: 18:52:56 UTC Mar 1 2015
Subject Key Info:
Public Key Algorithm: rsaEncryption
EC Public Key: (256 bit)
Signature Algorithm: SHA256 with ECDSA
Fingerprint MD5: BF234623 9E7F2C73 EBE07B0A 9E89FC76
Fingerprint SHA1: DB8A8D50 23D9E2DD AC2ED2DC 5A857569 279F44D5
X509v3 extensions:
X509v3 Key Usage: C0000000
Digital Signature
Non Repudiation
X509v3 Subject Key ID: 2DCC8D55 4A4853C4 C03B3D24 00E3EA45 9406B5AE
X509v3 Authority Key ID: 2389F565 83FCB73D 3F1179A4 7EAB9672 1E7681AA
Authority Info Access:
Extended Key Usage:
1.3.6.1.5.5.8.2.2
Associated Trustpoints: dc-ca
Storage: nvram:dc-ca#12.cer
Key Label: happy.csfc.com
Key storage device: private config
CA Certificate
Status: Available
Version: 3
Certificate Serial Number (hex): 2C8A76A7904BB4B341B3AAFA9ED387D3
Certificate Usage: Signature
Issuer:
cn=dc-ca
dc=csfc
dc=com
Subject:
cn=dc-ca
dc=csfc
dc=com
Validity Date:
start date: 15:28:45 UTC Jan 23 2013
end date: 15:38:44 UTC Jan 23 2018
--More-- Subject Key Info:
Public Key Algorithm: rsaEncryption
EC Public Key: (256 bit)
Signature Algorithm: SHA256 with ECDSA
Fingerprint MD5: 1F937411 4DB57036 73D54124 E50E83FC
Fingerprint SHA1: E78FE0BF DF5F168A 67860C48 78EC427C 66FE551A
X509v3 extensions:
X509v3 Key Usage: 86000000
Digital Signature
Key Cert Sign
CRL Signature
X509v3 Subject Key ID: 2389F565 83FCB73D 3F1179A4 7EAB9672 1E7681AA
X509v3 Basic Constraints:
CA: TRUE
Authority Info Access:
Associated Trustpoints: dc-ca
Storage: nvram:dc-ca#87D3CA.cer
happy#sho crypt key mypubkey all
% Key pair was generated at: 18:44:07 UTC Mar 1 2013
Key name: eckey
Key type: EC KEYS
Storage Device: private-config
Usage: Signature Key
Key is not exportable.
Key Data:
30593013 06072A86 48CE3D02 0106082A 8648CE3D 03010703 4200049A 28E9709A
2F81DEE9 9ED27787 B790D3B4 487B3F2D DBA06E95 43298A54 19A3B0B7 E9107223
5CB9F3CD 9D8BD0E9 9AB9FFC4 698C1912 CBADC469 9E7CD6D3 46E5A2
% Key pair was generated at: 18:49:21 UTC Mar 1 2013
Key name: happy.csfc.com
Key type: EC KEYS
Storage Device: private-config
Usage: Signature Key
Key is not exportable.
Key Data:
30593013 06072A86 48CE3D02 0106082A 8648CE3D 03010703 42000429 D4D8F89E
295BF7AF 826F86A3 F29DEF48 FCFFD237 4B0FD39C D393620D 3EFDD484 BFA43ED0
8E167FDF 839D0FF8 569026C0 545C1B56 EC177A2E 6C1D5D1A 6CD8DD
happy# sho crypto ike2 v2 session detail
IPv4 Crypto IKEv2 Session
Session-id:1, Status:UP-ACTIVE, IKE count:1, CHILD count:1
Tunnel-id Local Remote fvrf/ivrf Status
3 192.168.11.41/500 192.168.11.42/500 none/none READY
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: ECDSA, Auth verify: ECDSA
Life/Active Time: 86400/339 sec
CE id: 1084, Session-id: 1
Status Description: Negotiation done
Local spi: 239BE9D173BFD509 Remote spi: C7A295975E26147B
Local id: cn=happy.csfc,c=us
Remote id: cn=grumpy.csfc,c=us
Local req msg id: 0 Remote req msg id: 2
Local next msg id: 0 Remote next msg id: 2
Local req queued: 0 Remote req queued: 2
Local window: 5 Remote window: 5
DPD configured for 0 seconds, retry 0
NAT-T is not detected
Cisco Trust Security SGT is disabled
Child sa: local selector 192.168.11.41/0 - 192.168.11.41/65535
remote selector 192.168.11.42/0 - 192.168.11.42/65535
ESP spi in/out: 0xBF473CF2/0x1DF8CFFA
AH spi in/out: 0x0/0x0
CPI in/out: 0x0/0x0
Encr: AES-CBC, keysize: 128, esp_hmac: SHA256
ah_hmac: None, comp: IPCOMP_NONE, mode tunnel
IPv6 Crypto IKEv2 Session
happy#sho crypto ikev2 session sa detail
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
3 192.168.11.41/500 192.168.11.42/500 none/none READY
Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: ECDSA, Auth verify: ECDSA
Life/Active Time: 86400/386 sec
CE id: 1084, Session-id: 1
Status Description: Negotiation done
Local spi: 239BE9D173BFD509 Remote spi: C7A295975E26147B
Local id: cn=happy.csfc,c=us
Remote id: cn=grumpy.csfc,c=us
Local req msg id: 0 Remote req msg id: 2
Local next msg id: 0 Remote next msg id: 2
Local req queued: 0 Remote req queued: 2
Local window: 5 Remote window: 5
DPD configured for 0 seconds, retry 0
NAT-T is not detected
Cisco Trust Security SGT is disabled
IPv6 Crypto IKEv2 SA
happy#sho crypto ikev2 sa detail stats
Crypto IKEv2 SA Statistics
System Resource Limit: 0 Max IKEv2 SAs: 0 Max in nego: 1000
Total IKEv2 SA Count: 1 active: 1 negotiating: 0
Incoming IKEv2 Requests: 34 accepted: 34 rejected: 0
Outgoing IKEv2 Requests: 50 accepted: 50 rejected: 0
Rejected IKEv2 Requests: 0 rsrc low: 0 SA limit: 0
IKEv2 packets dropped at dispatch: 0
Incoming IKEV2 Cookie Challenged Requests: 0
accepted: 0 rejected: 0 rejected no cookie: 0
happy#exit -
I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL> -
Windows Server 2008 R2 with multiple Roles OS Rebuild, Need help with Certificates.
Hi,
I have rebuilt a Server for my client and I require help with certificates..
I am unsure exactly what to do to get this server working as it was.
Example, The Windows Server 2008 R2 has Microsoft Exchange, DNS, DHCP, ADDS, FileServices,Network Policy and access Services and Webservices roles installed on a single box.
Since the Server OS Rebuild I am getting 2 issues that pop up usually when Outlook in opened on a client Workstation,
I have not dont anything certificate wise to the server since OS Install, and the messages I get and best described here
I seen on a backdrive, a few certificate files I dont know if we can use these files for anything but we have the following files of drive E (Backup)
e:\server.xxxx.com.au\gd_iis_intermediates.p7b
e:\server.xxxx.com.au\server.xxxx.com.au.crt
e:\ssl\2013-2018.cer
1st Message is about a Proxy certificate I dont get this often but saw it today and my client clicked ok too quickly.
I have seen it and didnt see it again after trying to close outlook and reopen
I looked up google images and tried to find it...
It's like this, (There is a problem with the proxy server's security certificate.
The security certificate is not from a trusted certifying authority.)
2nd Message is about Security Alert, Autodiscover.xxxx.com.au Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-X- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceed
[Yes][No][View Certificate ...]
3rd Message is very Close to the 2nd Message, is about Security Alert, xxxx-server.xxxx.local, Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-TICK- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceded
[Yes][No][View Certificate ...]
If you can help guide me thou this as I'm very new to setting up certificates. I had a friend tell me about something in DNS.. but he has been super busy and I want to learn what to do.
Thank-You.Hiya,
quite a lot has the same confusions as you do, so I've written a simple explanation on the subjet of certificates
http://jesperarnecke.wordpress.com/2014/03/22/certificates-simple-explanation/
Let me know if that helps you and if you need further assistance. -
How to update "Encrypt with UserKey" after Windows User Profile replacement?
A problem with my User Profile required that the files be backed up, the profile deleted, a new profile created and my files restored. I have several SSIS projects built in Visual Studio 2012 that use "EncryptSensitiveWithUserKey". I assume the
"UserKey" is based on the SID or GUID of my User Profile. Now when I open these projects I get the Warning:
Warning 2 Warning loading SSISProject.dtproj: Warning: Failed to decrypt sensitive data in project with a user key. You may not be the user who encrypted this project, or you are not using the same machine that was used to save the project. If the sensitive data is a parameter value, the value may be required to run the package on the Integration Services server. SSISProject.dtproj 0 0
Is there a way to reset the UserKey in an existing project to the key for my new Profile? Is the value derived and used for encryption stored in the .dtproj file? If so can I copy that value from a new SSIS project into the .dtproj file for my old projects?
There has to be some way to "transfer ownership" of an SSIS project.
There has to be some way to transfer "ownership" of SSIS projects between developers. Forget about my specific case of my profile being recreated. Let's say I built this SSIS project and was required to use Encrypt with UserKey. I leave
the company. They ask another developer to make changes to the project. My old "ownership" of the project should be somehow transferable to the new developer. It shouldn't be tied to my ID (which no longer exists at the company) in perpetuity. Microsoft
has to have some way to transfer "ownership" of SSIS Projects with "Encrypt with UserKey". It's such a common use case I can't believe they wouldn't provide for it.
No, there is no way . This option is the default and it is actually the worst option precisely because it is useless in team development environment. Use
EncryptSensitiveWithPassword option just like Arthur suggested and you should be fine.
SSIS Tasks Components Scripts Services | http://www.cozyroc.com/ -
Error in authentication with ldap server with certificate
Hi,
i have a problem in authentication with ldap server with certificate.
here i am using java API to authenticate.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
I issued the new certificate which is having the up to 5 years valid time.
is java will authenticate up to one year only?
Can any body help on this issue...
Regards
Rangasorry i am gettting ythe same error
javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
here when i am using the old certificate and changing the system date means i can get the authentication.
can you tell where we can concentrate and solve the issue..
where is the issue
1. need to check with the ldap server only
2. problem in java code only.
thanks in advance -
Cryptsetup: Swap encryption with supend-to-disk doesn't work
Hello Community,
i'm trying to get swap encryption with suspend-to-disk support to a working state.
On my system only the /home partition is encrypted with cryptsetup-LUKS.
I'm using the howto on "Using a swap file" (with /home/swapfile as swap file) in the wiki: https://wiki.archlinux.org/index.php/Dm … sk_support
I followed exactly the given instructions:
From /etc/mkinitcpio.conf
HOOKS="base udev autodetect encrypt block resume filesystems keymap fsck"
From /etc/default/grub
GRUB_CMDLINE_LINUX="pcie_aspm=force pcie_aspm.policy=powersave pcie_port=native ipv6.disable=1 init=/usr/lib/systemd/systemd resume=/dev/mapper/crypthome resume_offset=16721572"
From /etc/fstab:
/home/swapfile none swap defaults 0 0
The swapfile is working. Suspend-to-disk also works. But when resuming, I always get:
ERROR: failed to open encryption mapping
The device UUID=... is not a LUKS volume and the crypto= parameter was not specified
running hook [resume]
Waiting 10 seconds for /dev/mapper/crypthome
ERROR: resume: hibernation device /dev/mapper/crypthome not found
Then the system recovers the filesystem of / and later after the passphrase input of /dev/mapper/home it is forced to recover the filesystem of /home.
Shouldn't I get a passphrase input when running the [resume] hook?
Where is the problem I have missed?
Thanks in advance!
Last edited by indianahorst (2014-01-23 17:39:31)ball wrote:It seems that you've specified your home partition for the resume parameter, that is wrong. It should be the swap partition: https://wiki.archlinux.org/index.php/Su … parameters
No. Have you read my posting completely?
I don't use a swap partition. I'm using a Swapfile on my encrypted home partition. See the link in the first posting and go to "Using a swap file". -
Hello All,
Seem to be having a problem recently. Whenever I attach any external drive to my Desktop I receive the following error in Even Viewer. I never encrypted any of the drives in question with bitlocker.
Encrypted volume check: Volume information on \\?\Volume{7cc70383-5d6b-11e0-855c-001c25a5a540} cannot be read.
Event ID: 24620
And I cannot access my drive information. At first i thought it may be an issue with one of the drives I have partially encrypted with TrueCrypt but I tried several other unencrypted drives and I receive the same error and I cannot access the
data on my drives.
I tried to access the Bit Locker Recovery tool program (downloaded the VISTA Version since there was no Windows 7 Version that I could find), but it did not allow me to install the recovery tool to attempt some kind of fixing.
The strange thing is that I do not have Windows 7 Ultimate installed (which from what I understand is the only way to have Bitlocker). I have windows 7 professional and I never encrypted my drives with bitlocker, 1 out of the 3 drives is partially
encrypted with TrueCrypt, the other 2 are not encrypted with anything.
The stranger thing is that I can plug the external drives to another laptop and I can access the data fine with no problem or errors. I searched the forum for simliar problems, but did not see any responses with fixes to this issue.
The only thing I can think of is that my Desktop downloaded and installed a bunch of Windows Updates within the last 4-5 days.
heres is the update list
http://farm6.static.flickr.com/5304/5890096650_431b0f3627_b.jpg
Any assistance in attempting to figure this out would be appreciated.Hi,
According to the error message, it should use
BitLocker Repair Tool to fix it, refer:
http://technet.microsoft.com/en-us/library/cc734057(WS.10).aspx
What error message did you receive when you use BitLocker repair Tool?
I notice one drive is encrypted with TrueCrypt, please use that program to unencrypt the drive for test.
If it doesn’t work, since the issue didn’t appear before, you can try to perform a system restore to see the result.
Hope that helps.
Regards,
Leo
Huang
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
How can I retrieve the password hint of an external drive encrypted with FileVault 2?
Hi,
I'm running on 10.7.3, I have an external HDD that is fully encrypted with FileVault 2. When encrypting an external drive, FileVault 2 doesn't provide a recovery key, but it gives you the opportunity to give a hint at the time you enter the password. My question is: how can I get this hint?
I'm asking because I can't mount the drive anymore. I keep getting prompted to enter the password, and although I believe I'm sure what the password is, it keeps getting refused. The weird thing is that I have never been asked this password because the drive has always been automatically mounted after reboots, I guess because the password was in my Keychain. I have no idea why it no longer auto-mounts and none of the passwords I tried worked.
In Disk Utility, when I tried to "verify" the locked volume, Disk Utility logs an error in system.log with no other user visible action. I filed a bug with Apple about this (#11286871) but I'm still waiting to hear back from them. The error logged is:
Apr 20 22:53:17 nowwhat Disk Utility[1508]: -[__NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: diskIdentifier)
Apr 20 22:53:17 nowwhat Disk Utility[1508]: (
0 CoreFoundation 0x00007fff915bffc6 __exceptionPreprocess + 198
1 libobjc.A.dylib 0x00007fff87a37d5e objc_exception_throw + 43
2 CoreFoundation 0x00007fff915bfdfa +[NSException raise:format:arguments:] + 106
3 CoreFoundation 0x00007fff915bfd84 +[NSException raise:format:] + 116
4 CoreFoundation 0x00007fff9157cf3b -[__NSCFDictionary setObject:forKey:] + 219
5 DFA 0x000000010a1aa1b8 DFA + 25016
6 DFA 0x000000010a1ad701 DFA + 38657
7 DFA 0x000000010a1a61de DFA + 8670
8 CoreFoundation 0x00007fff915af75d -[NSObject performSelector:withObject:] + 61
9 AppKit 0x00007fff8e507cb2 -[NSApplication sendAction:to:from:] + 139
10 AppKit 0x00007fff8e507be6 -[NSControl sendAction:to:] + 88
11 AppKit 0x00007fff8e507b11 -[NSCell _sendActionFrom:] + 137
12 AppKit 0x00007fff8e506fd4 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2014
13 AppKit 0x00007fff8e586d04 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 489
14 AppKit 0x00007fff8e505bde -[NSControl mouseDown:] + 786
15 AppKit 0x00007fff8e4d06e0 -[NSWindow sendEvent:] + 6306
16 AppKit 0x00007fff8e46916d -[NSApplication sendEvent:] + 5593
17 AppKit 0x00007fff8e3ff1f2 -[NSApplication run] + 555
18 AppKit 0x00007fff8e67db88 NSApplicationMain + 867
19 Disk Utility 0x0000000104c4e475 Disk Utility + 9333
20 Disk Utility 0x0000000104c4e270 Disk Utility + 8816Even if you succeed with the difficult instructions to do this, if you are running Mavericks (10.9.x) on your Mac, count on it to start over with a whole new backup of your Mac, so you will have two separate backup files for the Mac on the Time Capsule.
Realistically, few of us ever need to go back months or years to retrieve a file from Time Machine. My recommendation would be to keep the external hard drive around for a few months until you have a good backup history established for the Mac....and then delete the backups from the drive and use it as a spare hard drive. -
I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.
Sorry no, if you don't knnow the encrypted password, then you can't use that backjup.
-
Office 2010 created PDF only bringing up Work with Certificates option with Signing
When creating PDF documents with Microsoft Word 2010, the only Sign option showing is Work With Certificates and is greyed, I Need To Sign and Get Others to Sign is missing. My previous PC with Windows 7/Office 2010 and Reader Xi was able to sign documents. I'm also able on my old XP machine to create a dummy pdf in Word 2010 and sign it in Reader, and on my Windows8/Office 2013/Reader Xi PC. Any idea as to where this might have been broken?
With the PDF file created in 2013, I Ctrl+D'd to get the security settings as it's commonly suggested that electronic signatures is failing because of a setting there, however I'm still able to sign it with Signing: Not Allowed and get the full signing menu instead of the Work With Certificates.Hi,
If you meet any problems when using our products, you can post the question here. Please post one question in a single thread, and the question should be posted in the proper forum.
The current forum is for Office 2010 - Planning, Deployment, and Compatibility.
Just as Don mentioned, you may have multiple questions and some of them are not well placed, post them to the correct forum to get the specific support.
Regards,
Melon Chen
TechNet Community Support
Maybe you are looking for
-
Photoshop CS6 is not installing properly and i am unable to locate the application
HELP ME!!!! My trial Photoshop CS6 is not installing properly and i am unable to locate and open the application on my mac. I am just going around in circles from file to file and back to the starting "intall" icon
-
Relinking media...please s.o.s
In my FCPX Project there was a clip missing because I removed the hard disk where it was originally placed...but the same file is in my hard disk...BUT I don't know how can I tell to my project that this file is here and make the final cut x replace/
-
Need to download Acrobat 11 STANDARD
My company purchased 22 licenses for Acrobat 11 STANDARD. Where can I get the software?
-
HT1338 How do I retrieve documents off of a jump drive?
I am trying to get my husbands resume off of his jump drive. I plug in the drive and nothing happens.
-
How can I locate a lost iphone 5s?
How can I locate my lost iphone5s?