CERTIFCATE

Similar Messages

• How to set the Certifcate to use for SSL when more than one available?

  I apologise for bad wording of question.
  We have a 11g Directory Server and when we created the directory instance it generated a self-signed certificate. very nice.
  We have recently requested and installed a CA signed certifcate, so we now have TWO certificates in the directory certificate store. Default Certificate and the new Server-Cert (the CA signed one)
  LDAP clients STILL seem to be presented with the self-sgned certificate though.
  Simple question... how do I make my Server-Cert the 'default' certificate presented to LDAP clients ???
  I would rather not delete the self-signed cert if possible.
  I cant find any documented method to achieve this.

  # Listing Certificate
  $ /certutil -L -d <path>/slapd-abc/alias -P slapd-
  # Add Trust by adding CT
  $ certutil -M -n "GeoTrust DV SSL CA" -t CT,, -d <path>/slapd-abc/alias -P slapd-
  # Verify the setup.
  $ certutil -L -d <path>/slapd-abc/alias -P slapd-
  ( You should see the CT beside the relevant cerficate, making it default for SSL communication )
  GeoTrust DV SSL CA CT,,
  Link : http://docs.oracle.com/cd/E19656-01/821-1504/6nmg10b6g/index.html ( Look around for different steps for configuring SSL )
  JPrince

• How to get the number of issued active certifcates from a CA

  Hi,
  We have a PKI infrastructure still running on Windows Server 2003. How can I get the number of active certificates issued?  I have used the filter option on the issued certifcates node listing the certificates with expiry date after the current
  date, but this list only all the certs without the actual total number of certs.
  Any help is appreciated
  Thanks
  Johan Marais
  JkM6228

  On Wed, 22 Jan 2014 08:57:59 +0000, Martin Rublik wrote:
  certutil -config -view -out "Issued Distinguished Name" -restrict "Certificate Expiration Date > 22. 1. 2013" | findstr Rows
  It will dump CA database look for issued distinguished name (name in the subject of the certificate) and outputs only certificates expiring after 22.1.2013. The output is piped to findstr command that filters the total number of rows.
  There are a couple of problems with the above:
  1. Not every certificate will have a Subject name.
  2. This won't filter out certificates that have been revoked but are still
  time valid.
  3. I couldn't get the "findstr Rows" to return anything and when I look at
  the help for findstr I don't see that as an option for the command.
  This command worked for me, make sure you enter it all on a single line:
  certutil -view -restrict "Disposition=20,NotBefore<January 22 2013" -out
  SerialNumber | findstr /C:"Serial Number:" | findstr /r /n "^" | find /c :"
  Also, if you copy and paste from this post into the cmd window, be careful
  that the quotes and dashes don't get converted into the wrong type.
  Paul Adare - FIM CM MVP
  "for thing in $(fnord $(frob $(./gazonk foo bar baz bletch thud grunt)));
  do
  zot --wodchuck ${thing}; done"
  -- Stig Sandbeck Mathisen making a point about the beauty of shell scripts

• JavaScript to print certifcate not working in V3

  I have applied the solution provided by jbradley88 on
  09/21/2007 regarding printing certificates to my project.
  I can't get it to work in Captivate 3. Has anyone tried this
  in version 3?
  I publish the demo as flash, launch the .htm file and when I
  click on the "print certifcate" button nothing happens.
  It is a requirement from my client that the user must be able
  to print a 'certificate' at the end of the demo. So any help or
  alternative suggestions are gratefully received.
  Thanks in advance,
  Claire.

  Hi,
  Thanks for your reply.
  My client will be accessing the simulation via their LMS, so
  I guess it will be run from a web server of sorts. I guess I need
  to test it on their system (which I don't have access to yet) and
  not locally as I am doing now! sorry for being so dim and not
  thinking it through before posting the question. Thanks again for
  your help, much appreciated.

• RMI / SSL and self signed certifcate

  hi,
  is it possible to use RMI over SSL with an self signed certifcate? how? could i automatically install a self signed certificate on client side?
  or must i apply an certicficate from e.g. verisign?
  thx mike

  Define a dummy Trust Manager to skip server certificate verification in the RMISSLClientSocketFactory. For example,
  import javax.net.ssl.*;
  import java.security.cert.*;
  class DummyTrustManager implements X509TrustManager
      public void checkClientTrusted(X509Certificate[] x509CertificateArray, String string) throws CertificateException
      public void checkServerTrusted(X509Certificate[] x509CertificateArray, String string) throws CertificateException
      public boolean isClientTrusted( X509Certificate[] cert)
          return true;
      public boolean isServerTrusted( X509Certificate[] cert)
          return true;
      public X509Certificate[] getAcceptedIssuers()
          return new X509Certificate[0];
  }When you initialize your SSLContext in the RMISSLClientSocketFactory, use ctx.init(null, new TrustManager[]{new DummyTrustManager()}, null);
  import java.io.*;
  import java.net.*;
  import java.rmi.server.*;
  import javax.net.ssl.*;
  public class RMISSLClientSocketFactory implements RMIClientSocketFactory, Serializable
      static private SSLSocketFactory _defaultSSLSocketFactory;
      static
          try
              SSLContext ctx = SSLContext.getInstance("TLS");
              ctx.init(null, new TrustManager[]{new DummyTrustManager()}, null);
              _defaultSSLSocketFactory = ctx.getSocketFactory();
          catch (Exception ex)
          if (_defaultSSLSocketFactory==null)
              _defaultSSLSocketFactory =(javax.net.ssl.SSLSocketFactory)javax.net.ssl.SSLSocketFactory.getDefault();
      public Socket createSocket(String host, int port)  throws IOException
          return _defaultSSLSocketFactory.createSocket(host, port);

• ISE Client Provisioning of Certifcates

  I am trying to setup an ISE deployment to allow me to connect to an SSID for client provisioing only. The provisioing should install a certificate from the CA server and setup the new SSID eap-tls authentication settings. I have two questions in regards to this.
  First can I provision a device without going through the device registration process?
  Second is that on my iPad I don't ever get to the provisioing piece. It pops up the device registration page and skips right to me installing the Root CA certifcate and then never allows me to actually register the device. On my windows 8 laptop I register the device and it starts provisioing the client but fails while provisioning. Any ideas on what to look for on why that happens?
  My ISE nodes all have good certificates and the SCEP CA is setup along with the CAP for my identity source sequence.
  At a loss could use some help.

  The provisioning works just fine if I am only trying to provision it for PEAP authentication and not EAP-TLS.

• How to install certifcate to tmg when create web listener

  how to install certifcate to tmg when create web listener

  Short comment that may help, if you've added the cert while the TMG MMC is open you need to refresh the MMC on the node second to the top (right-click on server/array name and select refresh) or simply restart the MMC.
  Then create the web listener as desired.
  As always you need a cert with the EKU of server authentication (regular web server cert will do) with the corresponding private key and the cert needs to be trusted on the computer where TMG is installed.
  Hth, Anders Janson Enfo Zipper

• RV120W QUICKVPN Server's certifcate doesn't exist on your local computer

  Hi everybody
  I'm trying to set up the vpn connection with my rv120W (FW:1.0.4.10).
  I was able to configure everything correclty exept of one thing...
  Every time when I connect I'm gettging the message:
  "Server's certifcate doesn't exist on your local computer Do you want to quit this connection ?"
  When I Clik NO it connects and works.
  but this is annoying ...
  I tried to do following things:
  1.
  RV120W-
  Security-> SSL Certificate -> Download Router certificate -> Export for client.
  Fille httpd.pem save to C:\Program Files\Cisco Small Business\QuickVPN Client
  no improvement
  2.
  I used the "manual method"
  C:\Program Files\Cisco Small Business\QuickVPN Client>openssl.exe s_client -showcerts -connect xxx.xxx.xxx.xxx:443 > cert.pem
  no improvement
  3.
  I added to hosts according to the :
  http://community.linksys.com/t5/Wired-Routers/Server-s-certificate-doesn-t-exist-on-your-local-computer-Do-you/td-p/93846
  in my case CN is a strong of digits and number
  no improvement
  What I'm missing or what is wrong here ?
  Thanks in advance for help .

  Dear Customer,
  Thank you for reaching Small Business Support Community.
  Other that the things you have already tried, I suggest you to make sure you are using the latest QuickVPN client version 1.4.2.1 and it comes to my mind the problem may be related to the CN you use, have you tried to generate a new certificate with an easier to resolve name? Try also with MD5 hash algorithm and signature key length of  512 on the new certificate.  Please give this a try and let us know the results in order to assist others and help improve the Cisco products.
  Notice you may also contact the Small Business Support Center for further assistance;
  https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
  Thank you for your time and patience.  Kind regards,
  Jeffrey Rodriguez S. .:|:.:|:.
  Cisco Customer Support Engineer
  *Please rate the Post so other will know when an answer has been found.

• A question viewing certifcate information via the padlock symbol in IE 11 (works on Chrome brower)

  Hello All
  Can someone please help me with the following questions,
  J
  1:
  I have a CA whose CA certificate has an Issuance (aka certificate) Policy.
  Next I created a CSR for a WEBServer certificate, I created the CSR by first creating a .inf (request file) containing the usual including the following
  [RequestAttributes]
  CertificateTemplate=WebServer
  OID=1.3.6.1.5.5.7.3.1
  IssuancePolicy="My Certificate Policy"
  OID=1.3.6.1.4.145389.1.1.1
  Turned the above into a CSR (base64 encoded) then submitted and retrieved the relevant certificate from the CA
  If I open the certificate flat file the resultant certificate has the relevant Issuance Policy listed under the section
  ‘This certificate is intended for the following purposes’
  So all good so far
  Next I install the certificate to the WEB Site and bind it etc. When I go the WEB Site e.g.
  Https://TestSite the certificate works and the traffic is encrypted etc… e.g. click on the padlock in Internet Explorer provides the expected information, but when I click on View Certificate via this padlock symbol; in Internet
  Explorer the certificate come up OK but under
  ‘This certificate is intended for the following purposes’
  It does not show my issuance policy e.g. just the standard application policy for a WEBServer cert.
  If I then look under the details/extensions tab of the certificate it does show certificate policy under the certificate policies extension, so looks OK from the extensions tab, but policy does not show up under ‘This certificate is intended for the following
  purposes’ when certificate is viewed via padlock on IE but does show up if I open the certificate flat file (either original certificate file or copy to file then view certificate as a flat file).
  The OID for the policy is registered in both active directory and local OID databases.
  So the question is why do I not see the issuance policy when viewing cert via padlock in IE but does when viewing flat file.
  I am using IE 11.x
  When doing the same thing from Chrome browser the certificate policy does show up OK, therefore is this a possible bug with IE 11.x
  Thanks All
  AAnotherUser__
  AAnotherUser__

  Hello Brian
  Thanks for the reply,
  The OID is in the Issuing CA Certificate (online CA) e.g. was part of the CAPolicy.inf file when installing the Issuing CA. The OffLine Root and OffLine Policy CA have the All Issuance Policy set in their CA Certificates.
  briefly as mentioned above when opening the cert (.cer) as a flat file by double clicking on it you can see the Issuance Policy listed as expected. When viewing the same cert via Internet Explorer (v11.x) PadLock > View Certificate it shows the Application
  Policy, but not the Issuance Policy (e.g. in the general tab) but does show the Issuance Policy under Extensions Tab. If I use Chrome, click on the PadLock > View Certificate it does show the Issuance Policy (as it always does when opening the flat
  file).
  Therefore was kind of wondering if a Bug in IE, when doing a CertUtil -f -urlfetch -verify Cert.Cer it passed all tests and shows it was validated against the Issuance Policy OK, therefore  perhaps bug in IE
  No big deal, just wanted to know if any one else saw this or was another explanation
  Thank you
  AAnotherUser__
  AAnotherUser__

• How can I create a whitelist of banking websites based on the server certifcates of legitimate sites?

  I want to configure FF so that I can optionally activate a whitelist of my legitimate banking websites. When the whitelist is turned on, FF should only be able to display those sites. When the whitelist is turned off, FF works as usual and displays all sites. I would create the whitelist by visiting my banking websites and somehow adding the server certificates of those sites to the whitelist. So the whitelist would consist of the server certs of my banking websites. When whitelisting is then turned on, FF would allow me to visit only those sites whose server certs match those on the whitelist. This would protect me against phishing sites. How can I do this? Thanks

  I believe that did it! Thank you. I am running those changes on a secondary E-Mail address for the same job and server and it appears to be working properly.

• Where can I get a digital certifcate that does not require a USB key?

  Where can I get a digital certificate that I can use with Adobe Acrobat that does not require a USB hardware key?
  I have been able to sign PDF documents with Adobe Acrobat versions 6 and 9 with my code signing certificate. When I use my code signing certificate Acrobat says the validity of the document certification is unknown.

  Per existing standards (RFC 5280) code signing certificates may not be used for signing. For a number of versions Acrobat had a bug that ignored this requirement. Starting with version 11.0.07 Acrobat (and Reader) enforces this requirement.

• A question about revoking certifcates from a retired CA

  Hello
  If I issued certificates from CA-1 (lets just say the CDP is AD LDAP)
  I then retired CA-1 (but leave its cert in AIA LDAP Location and in local Windows PCs X509 store)
  I then setup CA-2
  Next I want to revoke a cert issued by CA-1
  I understand the CRL needs to be signed by the CA (and therefore I am assuming the issuing CA, CA-1)
  As I need the CA-1 private key to sign the CRL (so it matches the public key), can I extract the private key from CA-1 keep it safe and use it so sign a new CRL
  I believe the CRL is a text file so assume I can add the relevant information for the cert I want to revoke to the CRL text file and then sign (if I have access to private key)
  That said I would normally create a code signing cert for signing files using Authenticode or JarSigner, so even if I could get the private key from the CA not sure how I could use it to sign CRL.
  I guess as I would have both the private and public key I could create a CSR with using the Public key and relevant Subject name and request a code signing cert which would then match with the private key
  Any ideas or am I going about this completely the wrong way?
  I just want to make sure I can revoke certs issues by a retired CA but the certs are still OK to use for now.
  Thanks All
  AAnotherUser__
  AAnotherUser__

  > As I need the CA-1 private key to sign the CRL (so it matches the public key), can I extract the private key from CA-1 keep it safe and use it so sign a new CRL
  technically, yes. But it is not that easy because:
  > I believe the CRL is a text file
  it is not. It is ASN.1-encoded file and you will have to carefully edit this file by conforming all ASN encoding rules.
  > That said I would normally create a code signing cert for signing files using Authenticode or JarSigner
  CRLs do not use authenticode signatures, it uses ASN signature format defined in the X.509 profile.
  There are workarounds, however, I would suggest to keep the existing CA, until it completely retire.
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• How to access the Java plugin certifcate store from a signed applet?

  Is there any easy way I can access the certificates in the Java plugin certificate store?
  I think I can load the C:\Documents and Settings\<login user>\ Application Data\Sun\Java\Deployment\security\trusted.certs into a KeyStore and examine the certificates that way.
  But I just wonder if there is more robust way to do this without loading up an external file since an applet is executed within a Java plugin.
  Thank you :)

  Is there any easy way I can access the certificates in the Java plugin certificate store?
  I think I can load the C:\Documents and Settings\<login user>\ Application Data\Sun\Java\Deployment\security\trusted.certs into a KeyStore and examine the certificates that way.
  But I just wonder if there is more robust way to do this without loading up an external file since an applet is executed within a Java plugin.
  Thank you :)

• 802.1x TLS (Machine certifcate) authentication in Snow Leopard

  Hi,
  In our company we are using 802.1x TLS authentication for WLAN and in some LAN ports. We are have been delivering machine certificate to our PCs for a while without problems and these are using the certificate to authenticate themselves before login to the network.
  We would like to deliver the same user experience to mac users but we are having sever problems to configure them. Our mac users use Snow Leopard and the few references I found on the internet regarding 802.1x TLS authentication is for Leopard or previous versions, where the 802.1x and Keychain configuration is quite different.
  We do have a proper machine certificate (with the correct usages, SAN, etc) and it´s related AD object provisioned. I have create the 802.1x profile as "User Prfile" and as a "System Profile" with the same results
  I add the Client logs below but what I don´t understand id why the client is sending it´s going to use MSCHap when that is not the case.
  <key>TTLSInnerAuthentication</key>
  <string>MSCHAPv2</string>
  Lastly the Keychain has also a weird behavior. If we import a Root CA in the "login" and/or "System" keychain, mark is as "always Trust" and later we import a certificate created by this Root CA, the keychain UI insist that the certificate "was signed by an unknown authority". For the logs below that does not seams the reason why the client is not able to use the 802.1x TLS but in any case that is a bug.
  Client logs:
  2010/05/14 10:37:12.872405 update_configuration
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>AcceptEAPTypes</key>
  <array>
  <integer>13</integer>
  </array>
  <key>Description</key>
  <string>Automatic</string>
  <key>EAPFASTProvisionPAC</key>
  <true/>
  <key>EAPFASTUsePAC</key>
  <true/>
  <key>TLSIdentityHandle</key>
  <data>
  [Removed]
  </data>
  <key>TLSTrustedCertificates</key>
  <array>
  <data>
  [In here we have our Internal Root CA we use to create Machine certificate and also to create the certificate used in our IAS Server (the RADIUS)
  </data>
  </array>
  <key>TLSVerifyServerCertificate</key>
  <true/>
  <key>TTLSInnerAuthentication</key>
  <string>MSCHAPv2</string>
  </dict>
  </plist>
  2010/05/14 10:37:12.968769 link up
  2010/05/14 10:37:12.968862 Associated SSID [Removed SSID] BSSID [Removed BSSID]
  2010/05/14 10:37:12.972850 Receive Packet Size 77
  Ether packet: dest f8:1e:df:e4:88:5a source 0:11:5c:c7:14:90 type 0x888e
  EAPOL: proto version 0x2 type EAP Packet (0) length 59
  EAP Request (1): Identifier 1 Length 59
  Identity (1)
  length 59 - sizeof(*rd_p) 5 = 54
  [Removed. In here there is our networkid,nasid and portid ]
  2010/05/14 10:37:12.972955 Supplicant (main) status: state=Connecting
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>ClientStatus</key>
  <integer>0</integer>
  <key>ConfigurationGeneration</key>
  <integer>2</integer>
  <key>DomainSpecificError</key>
  <integer>0</integer>
  <key>Mode</key>
  <integer>1</integer>
  <key>SupplicantState</key>
  <integer>1</integer>
  <key>Timestamp</key>
  <date>2010-05-14T08:37:12Z</date>
  <key>UniqueIdentifier</key>
  <string>[Removed]</string>
  </dict>
  </plist>
  2010/05/14 10:37:12.976795 EAP Request Identity
  2010/05/14 10:37:12.976819 EAP Response Identity [Removed, in here there is the Machine name as appears in the SAN of the certificate ]
  2010/05/14 10:37:12.976832 Transmit Packet Size 39
  Ether packet: dest 0:11:5c:c7:14:90 source f8:1e:df:e4:88:5a type 0x888e
  EAPOL: proto version 0x1 type EAP Packet (0) length 35
  EAP Response (2): Identifier 1 Length 35
  Identity (1)
  length 35 - sizeof(*rd_p) 5 = 30
  (Removed raw data with the SAN ]
  2010/05/14 10:37:12.977530 Supplicant (main) status: state=Acquired
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
  <key>ClientStatus</key>
  <integer>0</integer>
  <key>ConfigurationGeneration</key>
  <integer>2</integer>
  <key>DomainSpecificError</key>
  <integer>0</integer>
  <key>IdentityAttributes</key>
  <array>
  <string>networkid=[Removed our SSID]</string>
  <string>nasid=[Removed our WLANC ID]</string>
  <string>portid=29</string>
  </array>
  <key>Mode</key>
  <integer>1</integer>
  <key>SupplicantState</key>
  <integer>2</integer>
  <key>Timestamp</key>
  <date>2010-05-14T08:37:12Z</date>
  <key>UniqueIdentifier</key>
  <string>[Removed]</string>
  </dict>
  </plist>
  2010/05/14 10:37:13.022577 force renew
  2010/05/14 10:37:13.025323 stop
  * Does someone been able to use 802.1x TLS based authentication for Snow Leopard clients and is able to point me to the right direction?
  * Does Apple provide any documentation for this? (all I found is that I should contact the "Network Administrator" to get the mac configured!!!))
  * How can I make that a certificate issued by a "Private CA" is trsuted in Snow Leopard? All workarounds I found are not suitable for Snow Leopard
  Thanks
  Jofre

  Hi,
  some updates, besides the keytools UI issue and the strange logs seams that the request is reaching the RADIUS, a Windows IAS Server.
  If we compare a PC and A MAc we have the follwoing.
  PC:
  1 0.000000 IntelCor_c1:49:69 Cisco_c7:14:90 EAPOL Start
  2 0.030210 Cisco_c7:14:90 IntelCor_c1:49:69 EAPRequest, Identity [RFC3748]
  3 0.034350 Cisco_c7:14:90 IntelCor_c1:49:69 EAPRequest, Identity [RFC3748] (Repeated)
  4 0.084879 IntelCor_c1:49:69 Cisco_c7:14:90 EAPResponse, Identity [RFC3748]
  5 0.135258 IntelCor_c1:49:69 Cisco_c7:14:90 EAPResponse, Identity [RFC3748] (Repeated)
  6 0.142715 Cisco_c7:14:90 IntelCor_c1:49:69 EAPRequest, EAP-TLS [RFC5216] [Aboba]
  7 0.196988 IntelCor_c1:49:69 Cisco_c7:14:90 TLSv1 Client Hello
  8 0.213640 Cisco_c7:14:90 IntelCor_c1:49:69 TLSv1 Server Hello, Certificate, Certificate Request, Server Hello Done
  Continues OK
  While on a Snow Leopard are:
  44 39.196967 Apple_e4:88:5a Cisco_c7:14:90 EAPOL Start
  45 39.201062 Cisco_c7:14:90 Apple_e4:88:5a EAPRequest, Identity [RFC3748]
  46 39.201386 Apple_e4:88:5a Cisco_c7:14:90 EAPResponse, Identity [RFC3748]
  47 39.209543 Cisco_c7:14:90 Apple_e4:88:5a EAPFailure
  after analizin the network traces we see that the different is on the 3rd EAP Packet:
  PC:
  4 0.084879 IntelCor_c1:49:69 Cisco_c7:14:90 EAP Response, Identity [RFC3748]
  802.1X Authentication
  Version: 1
  Type: EAP Packet (0)
  Length: 40
  Extensible Authentication Protocol
  Code: Response (2)
  Id: 1
  Length: 40
  Type: Identity [RFC3748] (1)
  Identity (35 bytes): host/SAN-NAME01.INTERNALDOMAIN.COM
  Mac Snow Leopard:
  46 39.201386 Apple_e4:88:5a Cisco_c7:14:90 EAP Response, Identity [RFC3748]
  802.1X Authentication
  Version: 1
  Type: EAP Packet (0)
  Length: 35
  Extensible Authentication Protocol
  Code: Response (2)
  Id: 2
  Length: 35
  Type: Identity [RFC3748] (1)
  Identity (30 bytes): SAN-NAME01.INTERNALDOMAIN.COM
  that difference prevents our RADIUS (IAS Server) to authenticate the device properly, with the error:
  User SAN-NAME01.INTERNALDOMAIN.COM was denied access.
  Policy-Name = <undetermined>
  Authentication-Type = EAP
  EAP-Type = <undetermined>
  Reason-Code = 8
  Reason = The specified user account does not exist.
  while in the PC case we have:
  PC:
  User host/SAN-NAME02.INTERNALDOMAIN.COM was granted access.
  Policy-Name = Allow Wireless Lan Access With Certificate
  Authentication-Type = EAP
  EAP-Type = Smart Card or other certificate
  * Question1: Is there a way to ensure that the Snow Leopard added the "host/" at the begining of the Identity?
  * Question2: Did someone been able to connect a Snow Leopard to a WLAN protected with 802.1x using TLS?
  Thanks
  Jofre

• Distribution point certifcates

  Hi,
  Currently I have 3 servers setup, 2 of which are just distribution points.  Can all three servers share the same PKI client certificate or should they each have their own PKI certificate which are exported from their cert store.
  Another thing I noticed is that in Administration -> Security -> Certificates. Is there any way to remove the unused certificates (certificates that are marked Blocked under status)
  Thanks,

  Hi,
  The answer might be no. And I haven’t seen an official document about how to remove the ‘Blocked’ certificates.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• How to generate TDS certifcate and CHallan forms

  Hello All,
  How to generate TDS cerficates and challan forms for Pakistan withholding tax in ECC system,
  Regards,
  Ramana

  Hi,
  Check whether you have activated Withholding tax for your company code and country.  Each country has
  its own versions like India has Country India Version.  Check with SAP the version for Pakistan whether
  there is any country specific functionality.  Ofcourse, you can use the other versions if the same
  parameters suits the tax classification if your country.
  Regards,
  Sadashivan