A certificate for encryption??

I had a tag come down on my screen last night about a certificate.. for encryption signatures etc.. it wouldn't let me shut down or do anything except click ok.. I don't know what this is.. or if it is safe.. I have tried to call several Apple support places but I have exceeded my 90 days from purchase and was never told about the support for my apple that I could only have if I purchased it when I purchased my computer.. so.. I'm throwing it out there.. could anyone enlighten me?!?!  thanks

Just send him a signed email message. He will receive your public key and can install it in his keychain.

Similar Messages

  • Mail uses wrong certificate for encrypting S/MIME messages

    Encrypted email I send using Mail Version 4.2 (1077) under OS X 10.6.2 to my work account cannot be decrypted. It appears that Mail is using the signing certificate, rather than the encryption certificate, to encrypt the email.
    The internal Certificate Authority at my employer has issued two certificates to me: A signing and an encryption certificate. Both certificates are properly stored in my keychain.
    The encryption certificate carries a 0x20 in the key usage field to designate the certificate to be used for encipherment purposes. The signing certificate carries a 0x80 in the key usage field to designate the certificate to be used for digital signatures.
    I understand that the S/MIME standard stipulates that for encrypting messages, the certificate with 0x20 in the key usage field should be used by the mail application.
    However, messages I sent are encrypted using the signing certificate (0x80 in the key usage field) and therefore cannot be decrypted on the receiving end. I examined the encrypted email using an [application|http://www.eriugena.org/blog/?p=57] to extract the serial number of the certificate used for encryption.
    We are using Outlook 2003 as our mail application at work.
    Has anybody ever come across this problem? Am I missing something - is there a way to tell Mail what certificate to use for encryption?
    Thanks,
    -Michael.

    I'm have a problem that sounds related.
    Both my wife and I created self signed mail certificates, and sent email to each other and trusted each others certificates. We were then able to send encrypted emails back and forth and our emails showed up as having trusted digital signatures.
    Then, we both purchased Verisign email certificates, and installed them in our keychains, deleting the old self-signed certificates, and repeated the process of establishing a chain of trust.
    This worked fine for me running Snow Leopard but did not work for her on Leopard. Her emails to me appear to be signed by both the old self-signed certificate and to include the new verisign certificate. Looking at the message source there is only one application/pkcs7-signature block, but in the UI it is showing both certificates.
    I don't understand how the self-signed certificate is showing up at all, since it has been deleted from her keychain.

  • Select certificate for encrypted eMail

    Hi folks,
    I am running the latest version of Snow Leopard 10.6.4 and now have a problem with eMail encryption.
    I am using this feature since quite a long time without any problems, but with an old Thawte Certificate (free of charge).
    This certificate is now expired and I created, downloaded and imported a new personal certificate from StartSSL (their root certs are included in SL) into keychain.
    All fine, but if I write an eMail and press the encrypt button, it still uses the old Thawte certificate, which is not the intention to do so. I already tried to create an identity in key chain by clicking the right mouse button, entered my eMail adfress, selected the new StartSSL cert, restartetd Mail, but the same result.
    Does anybody have an idea, how to select this new certificate and not the old one ??
    I don't want to delete the old Thawte cert, because I need to access my archive containing eMail encrypted with it.
    Many tx, any idea would be very appreciated.
    Cheers
    Kbe

    Hi,
    Problem is resolved now. i have done below two changes.
    --> used KeyUsage=0xA0 in inf file.
    --> imported certificate through certreq -accept. Earlier i was importing cert from mmc.
    I think second point resolved my problem. i even didn't think that mmc & command can make this difference.
    Dhiraj

  • Update Secure Certificate for Mail (Identification and Encryption)

    Hello...
    Can you help?
    I have several email addresses; all of which have valid secure certificates (stored by default automatically in Key Chain).
    Whereas previously the certificates did not feature my name, new ones have been issued which do.
    So... my question is as follows:
    How do I point Mail to use the new certificates that have my name engrained within, opposed to the older ones which do not?
    Thank you, in advance.
    A

    Hi ... I have been struggling with exactly this point, too. Try out the new Leopard feature called "New preferred Identity". For this open keychain, go to my certificates and control-click on each certificate individually as choose "new preferred identity". Here you can type the e-mail address and choose one of your certificates to be used "preferably". This is the official Apple way of doing it and you may read further information in the support section. Please let me know if it works with you!
    In any case, it hasn't worked for me. I had to delete all old certificates for the same e-mail address and keep only the most recent one with my real-life name in it (you can delete right in keychain). After restart mail.app only uses the new certificate for signing e-mails.
    You would expect that deleting the old certificate destroys your ability to read the older encrypted e-mails. But the good news is that everytime you open an e-mail with your old certificate mail.app will add the old certificate back to keychain and you can again read your encrypted e-mails which used the 'public' key from the old certificate. Although mail.app will add the old certificates again it will continue to use the new certificate. I call this a work-around because really the "new identity preference" should have worked.
    I hope I helped you.
    Valentin.

  • Can't get Mail to recognize Thawte certificate for signing and encrypting

    I got a certificate from Thawte and double clicked on the p12 file. This installed the certificate in the login section of the Keychain. I read in several places that it must be in the X509Anchors chain in order to work. However, whenever I try to import it or copy it there I can't get past the authentication screen. I give it the password to decrypt the p12 file and that works, but then it asks for a password for the X509Anchors keychain. I'm giving it my login password, but that doesn't work. What am I doing wrong?

    You shouldn't have to do anything with the X509Anchors keychain. The X509Anchors keychain contains certificate authority (CA) certificates, i.e., certificates associated with CA's that sign certificates. In it you'll find various CA certificates for thawte among others.
    After you've successfully imported your thawte cert into your login chain, restart mail (I don't think you need to restart keychain access, but it wouldn't hurt).
    Now when you compose a message, you should see encrypt and sign buttons to the right and below the subject line. This of course assumes the email address configured in mail is the same as the one in the thawte certificate.

  • How to get a certificate for SQL server (Virtual machine) on Azura

    Hi 
    I am lost and I don't know what to do have a certificate available for SQL2014 (Data warehousing virtual machine Size A7).
    My purpose is to connect to SQL server via Power Query and Engagement Studio  with Encryption connection option ticked. 
    I have looked at a lot of pages via Google and I wish there is a clear step-by-step guide for me to follow. This is a MS Cloud with a predefined virtual machine. There should be some guide. Can you point me to the right direction please? 
    I have a 

    Hi,
    Here are some related links below for you:
    a real certificate for a virtual machine
    https://social.msdn.microsoft.com/Forums/azure/en-US/7c48763f-fb04-46c6-a6e6-c21740d007cf/a-real-certificate-for-a-virtual-machine?forum=WAVirtualMachinesforWindows
    Configuring a custom domain name for an Azure cloud service
    http://azure.microsoft.com/en-us/documentation/articles/cloud-services-custom-domain-name/
    Create a Service Certificate for Azure
    https://msdn.microsoft.com/library/azure/gg432987.aspx?f=255&MSPPError=-2147217396
    Since we are not familiar with Azure, if the information above is not helpful, please post another thread in Azure forums and post a feedback regarding your requirement:
    http://feedback.azure.com/forums/34192--general-feedback
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • WS Policy problem for encryption

    Hello,
    1- I'm using osb 10g3 and I have problems to configure ws policy for encryption.
    I have configured weblogic realm security to provide my keystore and also certificat path provider to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    java.security.cert.CertPathBuilderException: [Security:090686]The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    (i'm using soapui and for testing my proxy and the policy used is encrypt.xml policy
    Edited by: user11144716 on Jul 28, 2009 6:19 AM

    Can you post more details, like the annotations you used or the policy?

  • WS Policy problem for encryption at proxy side

    Hello ,
    I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
    I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    Trace:
    java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
    Thanks !

    Hello ,
    I'm using osb - weblogic 10g3 and I have problem to configure ws policy for encryption in my proxy.
    I have configured weblogic reaml security to provide my keystore, also certificat path to register my trusted key
    and PKI credential mapper .but I have always the same soap fault :
    Trace:
    java.security.cert.CertPathBuilderException: Security:090686The CertificateRegistry could not build a certificate path for the subject key identifier
    My certif X509V3 public key
    . This indicates that either someone is trying to access the server with an untrusted subject key identifier or that the administrator has forgotton to register a certificate with this subject key identifier in the CertificateRegistry.
    Someone can help me to configure this step ?
    The policy is enable at the proxy side. and the the registry is set to trust my certificate (.pem).
    Thanks !

  • Certificate-based Encryption

    I encrypt my PDF file with certificate.
    Can I read encrypted PDFs by using Certificate-based Encryption on Adobe Reader for Android? If not, is there a prevision for that happens?

    Our mobile versions of Adobe Reader do not support certificate based encryption, but it is something we have heard from customers, and are considering it for the future as we catch up with the essential features.

  • What is the option client certificate for user authentication used for?

    Hi All,
    I have to work on a FTPS - XI -SAP scenario.
    I can see an option for client certificate for user authentication when security is enabled for the FTP adapter. what exactly is this option used for?
    P.S: I went through sap help but couldnt quite understand.

    Thanks a lot Mark.
    So for a FTPS -> XI -> SAP scenario the following settings are required.
    1. I have to create a certificate in Visual Admin for the XI server , send a csr to a CA and get it signed by them, and i have to add this to the ssl_service view.
    2. I have to hand over the public key to the FTPS server & this key will be used for encryption of the file
    the above 2 steps are mandatory.
    If i choose to use the client certificate option , i have to get the client certificate from the FTPS server and add it into the TrustedCAs list. This certificate is just to imply that the client is what it claims to be.
    Will this certificate be used for encryption?
    To make it clear let me put it this way. The certificate created in the XI Server is used for encryption and also for ascertaining that the its what it claims to be.
    The clients certificate option is used only to make sure that the client is what its claiming to be & this is not used for encryption?

  • WLS 5.1 certificate issue: encrypted private key

    My organization has acquired some certificates for use with WLS. However, the private
    keys for these certs were inadvertently encrypted with a password. We have a mix
    of 5.1 and 6.1 servers. We got the keys working with our 6.1 servers, but 5.1
    is a little tougher. How can we use these keys with our 5.1 servers?

    I dont think 5.1 supports password encrypted private keys
    Jason Norman wrote:
    My organization has acquired some certificates for use with WLS. However, the private
    keys for these certs were inadvertently encrypted with a password. We have a mix
    of 5.1 and 6.1 servers. We got the keys working with our 6.1 servers, but 5.1
    is a little tougher. How can we use these keys with our 5.1 servers?

  • How many MDM certificates for different MDM servers can be generated under one  Apple Developers  Subscription

    Hello All
    Please say how many MDM certificates for different MDM servers can be generated under one Apple Developers Subscription?
    Thanks in advance

    So no Meraki MDM?
    Supports Multiple VPP accounts, completely free, fully encrypted, and quite secure.
    Otherwise, you might want to take a look at the mdm that Spiceworks has.

  • Lync 2013 Certificates for DR Pool

    Hello, I'm kind of new to Lync 2013 so I could use a little guidance.....  
    My question is regarding edge server certificates for my DR site. We have 2 geographic locations, one for Prod, and one for DR in an active/passive arrangement. The pools are paired for resiliency.
    The prod site is up and running, everything is functioning as it should. We recently decided to deploy Lync in DR. The prod site is using sip.x.com in DNS and SRV records for access edge. Knowing that we cannot use the same DNS
    name for the DR pool, I have used sip_DR.x.com. It is recommended to use the same cert for all edge servers. Does that mean I should use the same cert for both pools? If so, should I then add the SAN sip_dr.x.com to my existing UC cert from digicert, and
    import it to all my edge servers in both pools, or should I have a separate cert for DR? Or, would I request a duplicate cert from digicert and generate the request from one of my edge servers in the DR pool?
    Any help you can provide will be greatly appreciated.
    Thank you. 

    The same cert requirement is for all Edge servers in an Edge pool. You can use a new certificate for the DR Edge pool.
    Take a look at Jeff Schertz' blog: http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
    "The exact same certificate must be used on all common interfaces across the pool, regardless of whether DNS load balancing or hardware load balancing is utilized.  This means that the original certificate request must provide the ability to export
    the private key as the exact same certificate and private key pair must be able to be exported from one Edge server into all other Edge servers.  This is required so that in the event of a failover any existing sessions can be moved to another server
    in the pool and the data can still be decrypted by the same certificate that was used to encrypt the session just prior to the failover."
    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

  • How we can get SSL certificate for any site?

    i want to know how can get SSL certificate for any website and what is the main benefit for particular website with the help of this certificate.

    Hi,
    Would you please let me know edition information of the SBS server? Was it SBS 2008 or SBS 2011?
    Based on your description, I’m a little confused with your question. Did you mean that want to know why need
    SSL certificate for website?
    Certificate Services and SSL protect sensitive information by encrypting the data sent between client browsers
    and your server.
    An SSL Certificate is used for two reasons (1) to validate the remote server to the client before the client sends any data to that server (2) to encrypt the data between the client and server over an un-secure network (ie. the Internet). You can use
    a self-issued certificate or a third-party trusted certificate. For more details, please refer to following articles and check if can help you.
    Managing Certificates
    SSL and Certificates
    Understanding Self-Issued
    Certificates in SBS 2003 & SBS 2008
    Installing a GoDaddy Standard
    SSL Certificate on SBS 2008
    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
    does not guarantee the accuracy of this information.
    If anything I misunderstand or any update, please don’t hesitate to let me know.
    Hope this helps.
    Best regards,
    Justin Gu

  • Certificate for E-mail

    Hello,
    I am using Windows 2003 certificate server to create an internally signed certificate to use with outlook. My understanding is that I will need the public and private keys to build my PKI and send encrypted e-mail.
    I have created an x.509 certificate with the following usage Digital Signature, Certificate Signing, Off-line CRL Signing, CRL Signing
    My questions are: what is the next step? How can I import this into outlook?
    I have  imported it into IE successfully and manually placed it in several stores. So from what I've read outlook should see it in the store, but instead, outlook prompts me with:
    " No certificates meet the application criteria".
    Also, how to I get the private Key? When I export the certificate, the Wizard ends with
    Export Keys "No"
    Exclude All Certificates in the Certification Part "No"
    So can I I build my PKI?
    Thanks for any help on this...
    Miguel Fra / Falcon ITS
    Computer & Network Support , Miami, FL
    Visit our Knowledgebase Sharepoint Site

    Miguel,
    You seem to be having some trouble understanding some of the concepts involved in deploying a PKI solution here, and the information you have provided in your post isn't really enough to help troubleshoot any problem you're having.
    Here are the basic steps you need to follow to get a certificate issued that can be used for S/MIME:
    1. Install Certificate Services as an Enterprise CA.
    2. Duplicate the User certificate template.
    3. On the Extensions tab, select Application Policies and click Edit.
    4. Remove the Client Authentication and Encrypting File System policies, leave the Secure Email policy.
    5. Assign the appropriate Read and Enroll permission on the Security tab.
    6. Save the new template with a descriptive name.
    7. Publish the template at the CA.
    8. Enroll for a new certificate.
    9. Configure Outlook to use the certificate.
    You shouldn't have to manually install the certificate as the process of enrollment itself should be sufficient. Its really hard to anwer your questions since I've got no idea how you performed the enrollment in the first place, what application policies are included in the certificate, etc. As far as your question about exporting the keys, if you want to be able to export the private key, you need to ensure that option is selected on the Request Handling tab of the template prior to enrolling for the certificate.
    Some other things you need to consider are:
    1. If this certificate is going to be used for encrypting email as well as signing, have you configured one or more key recovery agents? If you haven't and the user loses their certificate, they will no longer be able to access encrypted email they've sent that is stored in their Sent Items folder.
    2. I've mentioned this in one of the other threads you have on this topic but it is worth mentioning again, no one outside of your organization is going to trust your PKI so unless you distribute your root certificate and any intermediate certificates any signed email that gets sent to someone outside your org will show that there's a problem with the signature which kind of defeats the purpose of using signed email in the first place.
    3. You also have to consider the fact that no one outside of your organization will be able to retrieve a Certificate Revocation List (CRL) which will also cause problems with the signature.
    Standing up a PKI is not a trivial task and standing one up to simply issue a few S/MIME certificates especially without fulling understanding how a PKI works, nor how to properly design, deploy, and support one is both overkill and a recipe for disaster. I know that you mentioned in one of the other threads that your customer is insisting on standing up Certificate Services to issue these certificates, however, if I were in your shoes, I'd continue to strongly discourage them from going down this path and strongly encourage them to simply purchase the required certificates from an external vendor. And I've been working with Certificate Services for years and do large scale, enterprise wide deployments for a living. You aren't doing your customer any favours by bowing to their wishes and even if they get everything up and running, how in the world are they going to be able to properly maintain and administer the PKI after you've completed the deployment and are no longer around?
    Sorry for the long winded response but IMO you really need to reconsider the whole approach here. Sometimes, the best solution is to simply tell the customer they're wrong and that you won't participate and what is bound to be a failed deployment.
    Paul Adare
    CTO
    IdentIT Inc.
    ILM MVP

Maybe you are looking for