Best practices for buying a digital certificate for Exchange 2013

Similar Messages

• Best practice or successful deployments of certificates with Biztalk 2013

  Hi,
  I am the security resource for our org, not a BizTalk resource.
  As an organisation we are deploying BizTalk to work with a number of solutions.  For integrity and confidentiality we would like to use certificates for the BizTalk data flows.  Whilst I've found lots of articles on the BizTalk integration of the
  certificates, I'm struggling to find best practice/successful deployment documents on Biztalk+Certificates.
  Our BizTalk consultant is requesting that the S/MIME certificates have a group FQDN as the common name; normally an S/MIME certificate has an individual’s email address.  The engineers have attempted to do this using Microsoft's AD services internally
  by creating a new template, but as yet have not been successful.
  Any assistance or advice would be gratefully received.
  Thanks

  To the best of my knowledge, BizTalk does not impose any restrictions on certificate types.
  BizTalk uses certificates demanded by the Interface or provider. For e.g.: if consuming a web service over SSL, BizTalk only requires that the certificate be trusted either through a valid trust chain or explicitly. Similarly when required to present a certificate
  as part of a interface for purposes of client authentication, the certificate has to be available in the certificate store of the account associated with the BizTalk Host Instance. When exposing services, BizTalk does not care if the certificate used for SSL
  is self-signed or SAN based hosted on the NLB or external server, etc.
  The reason for asking for a SAN S/MIME certificate for use within BizTalk may be driven from the need to restrict the number of certificates required while accessing multiple e-mail accounts through the BizTalk POP adapter. Since the certificate configuration
  is at a port level, each port could technically have different user specific certificates all of which may be hosted under same certificate store. The problem arises if the Microsoft CA is configured in an Active Directory integrated mode where it will not
  permit multiple certificates to be issued against ONE Account. If however the CA is deployed in a Standalone mode then multiple user certificates can be issued without any connection to the underlying AD accounts and each can have a different e-mail address
  associated with it.
  Regards.

• My primary reason for buying an iPad is for travel in Europe.  I live in an area of the US where Verizon rules.  Is Verizon's 3G model good for international travel?  I'm hearing conflicting views.

  My primary reason for buying an iPad is for travel in Europe.  I live in an area of the US where Verizon rules.  Is Verizon's 3G model good for international travel?  I'm hearing conflicting views.  Any advice appreciated. 

  Verizon uses CDMA.
  The rest of the world uses GSM.
  The wifi will work, if you find a hotspot.
  The 3G will not, unless south Korea moves to Europe.

• How to create a Self-Signed Digital Certificate in Office 2013

  In office 2010 we had a "Digital Certificate for VBA Projects" tool for creating self-signed certificates.  How do we do this with the newer Office 2013 suite?

  Eugene,
  This answer is wrong.  The Answer from rLogic above is better.  Things in fact
  have changed.  The article: Digitally sign your macro project
   is fine for Office 2010 but not for Office 2013.  The article: Digitally sign your macro project  tells you to do this:
  Windows 7, Windows Vista, or Windows XP
  Click Start, point to All Programs, click Microsoft Office, click Microsoft
  Office Tools, and then click Digital Certificate for VBA Projects.
  The Create Digital Certificate dialog box appears.
  </section>
  But, you can't follow these instructions if you have office  2013. In Office
  2013 Digital Certificate for VBA
  no longer exists in the Microsoft
  Office Tools folder.  You  need to hunt for
  "C:\Program Files\Microsoft Office
  15\root\office15\SELFCERT.EXE"
  and then run that .exe by clicking on it.  Then you can follow the rest of the instructions
  in Digitally sign your macro project

• Best practice to implement different Xcelsius dashboard for different users

  I'm implementing an Xcelsius dashboard that requires to show each individual user with different content (e.g. When a user logins in, the dashboard shows her name and job title, her performance and her subordinate's performance).  I'm just wondering what's the best practice to implement scenario like this?  Thanks.

  Hi Thomas
  What you are looking at is "Row Level Security" within BusinessObjects and the options you have are determined by what type of data you are reporting off of (relational data, OLAP data, BW data, etc.)
  For instance, if you are using relational data with a Universe you could setup a database table with the BusinessObjects username to correspond with their e-mail address or other unique identifier. From there, you could add security to your universe using the @variable('BOUSER')
  That way, any objects created off of the universe (whether it is a Crystal Report, Web Intelligence, BI Web Service, QaaWS, LiveOffice, etc.) will filter the data based on this security model. So any Xcelsius dashboard based on this underlying data will also be filtered.
  And that is just one of the options you have, depending on your data source.

• Best practice to Deployment Oracle WebCenter Suite for enterpsie

  I have a lead with enterprise client; and we need to proposed to this client best practice to deploy high availability on cluster environment contains the following components:
  - oracle web center content: it will used for WebCenter portal (spaces) repository for x-trantent portal as well as it will used to build internet website using WCM
  - oracle WebCenter portal; to build x-intranet portal
  - oracle access manager for single sign on authentication
  - oracle web tier for HTTP server and web cache.
  i reviewed the enterprise deployment "http://docs.oracle.com/cd/E23943_01/core.1111/e12037/intro.htm" and contains rich information on the configuration.
  However; my question is could you provide us a best practice to deploy above components on a high availability cluster environment "on a Linux environment prefared" to support and tested around 20k users? By the way client already had oracle exadata 11g server and it will used for this deployment.

  AW,
  One way is creating EJBs.Please refer to the threads below for that
  https://forums.sdn.sap.com/click.jspa?searchID=2936002&messageID=1082087
  You can create a javabean and you can import that as a model .
  Check the following project which will generate javabean (MaX DB)
  https://www.sdn.sap.com/irj/sdn/softwaredownload?download=/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/business_packages/a1-8-4/simple_javabean_generator_project.zip
  This project will generate a javaben out of the tables in MAXDB.
  You can follow any one of the above.
  Regards,Anilkumar

• Any best practice/suggestion on giving Id's for UI Component

  Hi,
  I came to know that for better performance, id's on naming containers shall be less than 7 characters in length.
  What about UI Components other than container components?
  Is there any best practice available for giving Id's for UI Components and its length?
  Do we face any issue if we give ids with more than 7 characters (just to make the id meaningful one)?
  Thanks in Advance
  Raguraman

  a quotation from
  Oracle® Fusion Middleware Performance and Tuning Guide book
  11g Release 1 (11.1.1)
  E10108-02
  >
  The "id" attribute should not be longer than 7 characters in length. This is
  particularly important for naming containers. A long id can impact
  performance as the amount of HTML that must be sent down to the
  client is impacted by the length of the ids.

• Where is the best place to buy a replacement screen for late 2007 Macbook (3.1)?

  All,
  My screen needs to be replaced on my late 2007 Macbook.  I am willing to do the work myself, but need help in finding the correct model screen to buy.  Where would be the best place to buy?

  Depending on your geographical location, region, country, etc, part
  sources will vary. So this is an open question. An independent
  authorized Apple trained repair specialist or service facilitiy may
  be able to get the part(s) and do the service. That is an old MB
  and a regular Apple Store may be able to diagnose or estimate
  a repair cost; but it also could be too old for that route to repair.
  A best place to buy a part could be anywhere one is for sale;
  there are several online and some ship almost world-wide.
  If you are in north America, there are some who also may ship
  to other areas, but then there is shipping, taxes, duty fees, etc.
  You may be able to narrow down the part numbers and such
  by looking into online parts resellers, an example may be
  powerbookmedic.com, powermax.com, wegenermedia, etc.
  There may be a part number reference in iFixit.com guides.
  A service part such as main original hardware is more difficult
  than a replacement hard disk drive or optical drive. Availability
  varies, so without knowing where you are, I can't speculate as
  to that, or any price structure. Authorized repair centers may
  be found in the main online Apple links for service centers.
  Sorry to not be of much help

• Looking for best practices when creating DNS reverse zones for DHCP

  Hello,
  We are migrating from ISC DHCP to Microsoft DHCP. We would like the DHCP server to automatically update DNS A and PTR records for computers when they get an IP. The question is, what is the best practice for creating the reverse look up zones in DNS? Here
  is an example:
  10.0.1.0/23
  This would give out IPs from 10.0.1.1-10.0.2.254. So with this in mind, do we then create the following reverse DNS zones?:
  1.0.10.in-addr.arpa AND 2.0.10.in-addr.arpa
  OR do we only create:
  0.10.in-addr.arpa And both 10.0.1 and 10.0.2 addresses will get stuffed into those zones.
  Or is there an even better way that I haven't thought about? Thanks in advance.

  Hi,
  Base on your description, creating two reverse DNS zones 1.0.10.in-addr.arpa and 2.0.10.in-addr.arpa, or creating one reverse DNS zone 0.10.in-addr.arpa, both methods are all right.
  Best Regards,
  Tina

• Best Practices to update Cascading Picklist mapping for Account record type

  1. Most of the existing picklist values name in parent and related picklist has been modified in external app master list, so the same needs to be updated in CRMOD.
  2. If we need to update picklist value, do we need to DISABLE the existing value and CREATE a new picklist.
  3. Is there any Best Practices to avoid doing Manual Cascading picklist mapping for Account record type? because we have around 500 picklist values to be mapped with parent and related picklist.
  Thanks!

  Mahesh, I would recommend disabling the existing values and create new ones. This means manually remapping the cascading picklists.

• How to filter list of digital certificates for signing PDF

  Is it possible to change the configuration of Reader installation to filter the list of installed certificates that can be used for digitally signing documents?
  The filtered list will appear when users attempt to select a certificate for digitally signing a document.
  Thanks.

  Hi Carla,
  Unfortunately, Extended Key Usage is not one of the properties you can enforce.
  The things you can set are:
  appearanceFilter (i.e. enforce the use of a custom signature appearance)
  certspec(i.e. the signing certificate must meet some specific criteria)  <<<----- This is what you are more interested in, more below
  digestMethod(i.e. enforce the use of a specific cryptographic hashing algorithm)
  filter (i.e. enforce the use of a specific security handler if you want to use something other than the one built into Acrobat)
  legalAttestations (i.e. enforce the reason or purpose of the certifying signature)
  lockDocument (i.e. enforce any further changes to the document after the signature is applied)
  mdp (i.e. the rules for changing the document applied as part of a certifying signature)
  reasons (i.e. a list of one or more reasons the signer can use, as opposed to them adding their own)
  shouldAddRevInfo (i.e. force the inclusion on the revocation information (CRL or OCSP response) in the PDF file)
  subFilter (i.e. require the use of a specific signature format. This is very arcane)
  timeStampspec (i.e. require the use of a specific time stamp server)
  version (i.e the minimum version of Acrobat that can decipher the signature. the only two options are versions 6 or 8)
  The second item is the certspec, and this is what I've been pointing you towards. For the sake of discussion, think of everything you can read in a certificate as an extension. The serial number is an extension, the subject is an extension, the valid from date is an extension, etc. When a certificate is created, some of these extensions are required, other optional, and you can even add in extension that are not publicly defined, and only you will know about.
  Acrobat has the ability to enforce the signer to use a certificate that contains some, but not all of the known extensions. The extensions it can enforce are:
  issuer (i.e. require the use of a certificate that is issued by a specific Certificate Authority)
  keyUsage (i.e. require the signers certificate contain one or more of the nine possible values that can be included)
  oid (i.e. require that the Certificate Policy extension contain a specific value)
  subject (i.e. require that the document is signed by one specific person using one specific digital ID)
  subjectDN (i.e. require that the document is signed by one specific person, but they get to choose which digital ID to use)
  url (i.e. if a required digital ID is not available, where the signer can procure an acceptable digital ID)
  urlType (i.e. if the user is directed to the URL, should it be a web server where they can download a digital ID or a remote signing server where the digital ID stays on the remote server)
  That's it. If it's not one of these items then Acrobat cannot enforce that the item is available. Extended Key Usage is not on the list.
  Steve

• Bank of America Digital Certificates for Bank of America Direct & iphone 3G

  I did a quick search and didn't see anything that i think i am looking for.
  I am trying to access The Bank of America Direct Web Page. To do this from my work computer, I am given a Digital Certificate, that i download to my computer. I am then able to access the website, (after imputing usernames and passwords of course)
  At work i use an IBM (LENOVO) ThinkPad.
  I know i can export the digital certificte to other computers so that i can access the webpage from home or another desktop if i need to.
  Does any know if it is possible to export this digital certificate to the Phone 3G, so that the webpage can be accessed from the safari browser?
  Thank you
  Joe

  Thanks, but i beleive the BofA Direct website is separate from the general BofA personal account site.

• Purchasing a digital certificate for SCOM usage

  I am having problems with certificiates for SCOM (based on our infrastructure I believe not SCOM) and have asked some questions on it below -
  Digital certificate issues
  However I would like to break out one question and that is if I dont want to (read cant) use an internal CA at the moment where can I purchase two certificates for SCOM MS and gateway? When I look on the obvious sites such as Entrust and Thawte for instance
  it seems easy to order a web SSL certificate for instance but how would I go about ordering the type I need and what sort of information would I need to provide?
  Many thanks

  Hi,
  This can be a public CA such as VeriSign. Please check if the following post is helpful.
  http://social.technet.microsoft.com/Forums/systemcenter/en-US/7e8dde55-6e55-4109-8da5-85a93fa64ea0/using-a-thirdparty-for-ssl-cert-for-scom-gateway?forum=operationsmanagerdeployment
  Niki Han
  TechNet Community Support

• How to use digital certificate for client authentication in PCK

  My sap jca adapter need support digital certificate on client authentication. how to implement it in j2ee or pck?
  Message was edited by: Spring Tang

  refer the following links
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
  please let me know if u dont find relevant information

• Cheapest option for buying Visual Studio 2015 for development

  Last year I bought Microsoft Action Pack subscription thinking the software they give me will last forever, but all software downloaded have turned into Trial version as Microsoft says they were for internal use till subscription lasted.
  What is the best and cheapest option for buying Visual Studio 2015?
  Please advise
  This topic first appeared in the Spiceworks Community

  Last year I bought Microsoft Action Pack subscription thinking the software they give me will last forever, but all software downloaded have turned into Trial version as Microsoft says they were for internal use till subscription lasted.
  What is the best and cheapest option for buying Visual Studio 2015?
  Please advise
  This topic first appeared in the Spiceworks Community