Certificate and other benefits of certification

Similar Messages

• ISE EAP-Chaining with machine, certificate and domain credentials

  Good morning,
  A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
  Corp. wireless to authenticate with 2-factor authentication:
  •1. Certificate
  •2. Machine auth thru AD
  •3. Domain creds
  When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
  Clients are Windows laptops and corporate iPhones.
  Certs can be issued thru GPO and MDM for iPhones
  Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
  My first question is: can this be done?
  Second question: how would i implement this from an AuthC/AuthZ perspective?
  Thanks in advance,
  Andrew

  You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
  For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
  Good luck and keep in touch.
  http://support.microsoft.com/kb/2743127/en-us

• Limit to I just recieved this message when trying to email a itunes gift certificate, "This purchase would exceed the maximum Gift Certificate purchase amount for this Apple ID".Why I am limited to gift certificate and not other purchases.?

  I just recieved this message when trying to email a itunes gift certificate, "This purchase would exceed the maximum Gift Certificate purchase amount for this Apple ID".Why I am limited to gift certificate and not other purchases.?

  Chris CA,  62,910 points.  Dang...that's a lot of support.  Before I start, let me say Thank You!  You need to answer a lot of people's questions to achieve that.
  1)  You slightly misunderstood my letter through no fault of your own.  It was a generic compilation of information submitted by members of this discussion turned into a letter by me for use on the Apple Feedback site.  I myself did not receive an e-mail.  I actually was prevented from purchasing any more iTunes gift cards at a certain point and was given a cryptic response from the iTunes store that my request could not be processed.  It was only after investigation on my part that I found out the reason was the $100 max per 30 day rule.  I'd try to find where in the Apple's support site I did find that information...but, well, you are just going to have to trust me.  However, others in this discussion stated they received the information in an e-mail.  I used that fact in my letter as it seemed to create a less "cumbersome" feedback submission.
  2)  "Why look for iOS apps?"  That's a good very good question!  I miswrote.  I should have said "OS X apps."  That is where iTunes is located on the Feedback Site.  Good catch.  As you know (62,910 points is a lot of "knowing"), when you submit feedback you must click on the item of which you are going to write.  I must be so ramped up for the impending release of the new iPhone that I had iOS on the brain.  My bad. :-)
  3)  In all the time this discussion has been alive (over a year), and in all my googling, I never read about an option to contact iTunes support and ask them to remove this limit from my account.  It is too bad you didn't come to this discussion when it started in May of 2011 to offer that piece of advice!  Surprisingly, that information wasn't anywhere on the Apple site where I read about the $100/30 day limit.  Maybe it is there now.  But, it sure wasn't there when I read it.  It would have been very helpful.
  4)  You say "(which they can do and often have done for many people here)."  I am curious, what do you mean by "here."  Not "here" as in "here in THIS discussion forum."  Right?  I don't see anyone in this discussion aware of that information and posting it for others to read.  By "here" I assume you mean the ENTIRE Apple Support Community.  Unfortunately, until you arrived on the scene, none of those from that gigantic "here" came across THIS discussion to share their good fortune and knowledge about removing the $100 limit on iTunes gift card purchases per 30 days.
  Well, I think that wraps it up for another day.  I am off to iTunes support to get this limit removed from my account.
  Adios amigos!
  Mr. Luigi

• Uploading of signed certificate Server certificate and Intermediate certifi

  Hello,
  We are implementing SSL for the first time on NW AS JAVA 7.0. I have received signed certificate from the CA.
  It contains Web server certificate and Intermediate certificate.
  I guess we import the Webserver CSR response. I not sure on what is the intermediate certificate and they say it is mandatory.
  Can you please guide.
  Thanks.
  Siddhartha

  Sorry Here,
  Hope I understand this correctly.
  The Comodo Positive SSL is a Web certificate. Although I ask OD to use it, it didn't.
  Then Profile Manager expects a "code signing" certificate which is why all it saw was Open Directory's one.
  Francois

• Failed Hardware Scan and other issues E440

  Hi all,
  This is probably more rant than anything, but I wanted to give a heads up to others too.
  I have a ThinkPad E440 that is a year old. From the very first time I turned it on, there have been issues. The first hardware scan (via Lenovo Solution Center - LSC) showed a warning for the Intel Dual Band Wireless-AC 7260 Local Connection Test. There were also tons of System Events that always show up in the "Configuration History" part of the LSC. You can look at the calendar and tell exactly which days I used the computer because there will be System Events generated each day. Things like app crashes and failed drivers.
  In July 2014, I got the first warning for the 16 GB SSD - the SMART Short Self-Test. By February this year it showed as failed for each hardware scan (these were initially set up to run monthly).
  Also the whole time I've had it the touch screen would just stop working at some point and I would have to reboot to get it working again.
  I finally called Lenovo on March 30th, before my warranty expired. When I called that time, I didn't realize the hard drive failure was the SSD. So they sent me a new 500 GB drive. I also added the other things into the case when I talked to them. For the wireless issue they suggested making sure the driver was up to date. I did this and let them know when I called back that it was up to date and still having the warning. So I called them to tell them to tell them about the wireless and also that I realized it was the SSD having the failure, not the main drive. The first case had already been closed even though none of the other items were addressed.
  So they opened another case (this is #2). They said to mail them the laptop since the wireless issue would probably be on the board and it wasn't something I could fix myself. They sent a box with a prepaid overnight shipping label. I was very sick for a few days so I sent it back to them on April 10th (a Friday). Via UPS I saw it was delivered on Saturday. Work was performed on it Monday, April 13th and sent back to me that very day. I received it on April 14th. This part of the service has been excellent - very fast response.
  Being in IT, I included a letter with the laptop that outlined the issues that should have been in the case. I also printed the hardware scans and what the system events looked like.
  When I got the laptop back, the sheet inside said they had replaced the Speaker because of Distorted Sound. This was not even on the list even though I had noticed it. I didn't even power up the laptop before calling them again - yes, I was furious! Plus our power was out...
  So this was noon on the 14th. They opened case #3 and sent me ANOTHER BOX so I could send it back.
  After our power came back on the 15th, I powered up my laptop. I opened the browser (I have it set to restore the previous session) and there was a sexually explicit video on YouTube. I opened the other browser and there was a different video on YouTube. So this person was watching YouTube instead of fixing my laptop. I looked through both browser histories and there was quite a bit of activity while my laptop was at the repair center... I ran the hardware scan - still failed and a warning for the wireless. They really hadn't done anything.
  I also found two pictures of the repair person in the recycle bin...
  So I called back. I was LIVID! They opened another case (this is #4). And sent me ANOTHER BOX. I finally learned the other day that once a case is opened, it cannot be edited or added to at all. Instead, they close the other case and open a new one. I guess their turnaround time for closing cases is excellent! I've never seen a system like that - and I've used a lot of them.
  I got a really nice, patient fellow on the line. He took all my info (again). I emailed him the pictures, screen captures of the YouTube videos, the letter I had sent - everything. He entered as much into the new case as he could - he talked to one of the supervisors to make sure he did it right. Somehow he flagged it so that the laptop would get more attention (time) at the repair facility. He also opened a separate case (an escalation ticket?) for a supervisor to call me regarding the person's conduct at the repair facility. He said they would call me that day. (It's now the 25th and I've never heard from anyone)
  So, he sent me ANOTHER BOX. I've built up quite a stack of them.
  Our power was out AGAIN from the 17th through the 19th (don't get me started).
  I noticed a hardware scan had now gotten a failure on the main hard drive. So I called them on the 21st to add this to the case before sending the laptop back. The girl said they can't add anything to an existing case or edit it at all once it's opened. She would have to open a new case and SEND ME ANOTHER BOX. I told her to forget it because I was ready to send it in and didn't want to wait for another box. I also asked for a status on that "escalation case" where the supervisor was supposed to call me. In order to do this she, yes, wait for it, had to open ANOTHER CASE!! So they would know I wanted a status. I'm completely dumbfounded.
  So I sent it back on the 21st. This time I practically wiped it. I had already removed all my files the last time, but I had left my bookmarks and browser history intact.  I set up a guest logon with admin privileges. I updated my letter and printed off more stuff to include with the box. On one sheet I had only the case number, the serial number and machine type. On another sheet I had "DO NOT SEPARATE THIS PAPERWORK FROM THE LAPTOP" and the case number. I put this sheet on top (The guy on the 15th said my letter and stuff may have gotten separated from the laptop once it was delivered to the repair facility). I used a ton of staples so it would all stay together. I included in my letter the failure on the main hard drive and asked if they could look at it. I wrote about having to open a new case if I wanted to include it.
  They received it on the 22nd. A nice gentleman from the repair facility called me that day asking about the password. that. was. written. on the sheet they have you fill out. I told him what happened last time and also mentioned the hard drive failure and asked if he could look into it. He said they would.
  I received my laptop back yesterday morning.The sheet that came with it said they had "replaced the following parts to complete the repair of your laptop."
  Part Description                                           Symptom
  IMAGE                                                             Replaced due to engineering change
  System board                                                 Network card error
  Hard disk drive                                                Network card error
  ECA-WIRELESS                                            <no symptom listed>
  There was also a sheet saying they had installed a factory preload of software and I needed to install Lenovo and Windows updates.
  When I booted it up, the first thing I noticed, in the lower right corner was:
  Windows 8.1
  SecureBoot isn’t configured correctly
  Build 9600
  I ran a hardware scan. Well, I tried. It stopped part way through and said it finished successfully but most of the tasks showed up as cancelled. I tried to run it again - issues - rebooting ensued. It said the LSC wasn’t available and that I should try again or reboot.
  Tried several times. Then got what I guess is the new BSOD - kinder, gentler:
  Your PC ran into a problem and needs to restart. We're just
  collecting some error info, and then we'll restart for you. (xx% complete)
  If you'd like to know more, you can search online later for this error: DRIVER_CORRUPTED_EXPOOL
  Even though the LSC said my Lenovo files were all up to date, I ran the Update. And first I had to download a new version of Update. Then I downloaded all of the Lenovo updates and installed them (there were quite a few). The BIOS update failed. While I was doing the Lenovo downloads, I got a light blue screen but no text (I was out of the room so I'm not sure what happened). Did CTRL-ALT-DEL and it shows only IE and Task Manager as applications that are running. Could not “Switch to” IE. Hitting window key to go to start didn't do anything. So I had to restart.
  By 3pm yesterday there were 34 system events in the configuration history.
  I ran the hardware scan again after I updated the Lenovo files, and you guessed it! Failure on the SSD (SMART Short Self-Test) and warning on the wireless. Nothing had changed. Except hardware scan is acting different than it did before I sent in the laptop for repairs. When it finishes, it instantly closes and just shows 100% complete. When I click on "see last results" it shows a screen called
  Log Information,
  Canceled 04/24/2015 n:nn pm 
  You have not done a hardware test on your computer
  And the calendar in LSC only shows the very first hardware scan I did on Friday. Even the hardware scan screen shows the date and time of the last scan. It also shows the error code. In order to see exactly what is failing, I have to sit there and watch it very closely and snap a picture of the screen as soon as the error (or warning) shows up.
  When I would try to run Windows update, it would hang up PC Settings. I couldn't even kill it using task manager because it didn't show up as a task. During this, I got a flag saying the firewall wasn't turned on. I tried to turn it on, but clicking on Turn on Windows Firewall didn't do anything. I tried to setup my Microsoft account but that just hung too.
  I ended up running Windows Update FOUR TIMES to get all the updates installed. Every time I ran it, it said "Done!" and I would run it again and more would show up. The last time was this morning.
  At some point, the error about SecureBoot went away.
  Then, I created a bootable BIOS update disk. Following the ReadMe instructions, I went through ThinkPad Setup and verified several values. Of note:
  Secure Boot was DISABLED. According to the ReadMe file, this should be ENABLED in Windows 8.1. I enabled it.
  Under Startup/Boot, according to the ReadMe that came with the BIOS update, UEFI/Legacy Boot is supposed to be set at UEFI Only for Windows 8.1. Mine was set to "Both". I changed it.
  In Startup, OS Optimized Defaults was DISABLED, even though it says right there (and in the BIOS update ReadMe) it should be ENABLED to meet Microsoft Windows 8 Certification Requirement.
  After these updates, I flashed the new BIOS.
  Then, I ran hardware scan again...
  Now I have TWO failures on the SSD: Random Seek Test and SMART Short Self-Test. Great.
  In the Event Viewer (that I recently discovered), it says my disk has a bad block. It just says The device, \Device\Harddisk\DR1, has a bad block. I assume this is the SSD...
  There are 867 events in the event viewer - Critical, Error, and Warning...
  Fifty-two of these are from October 7, 2013 - before my little laptop was a glimmer.
  The rest are from when Lenovo had it and yesterday and today.
  64 of them are the disk error.
  341 are from DeviceSetupManager. 65 of those are from failed driver installs. 69 are for not being able to establish a connection to the windows update service. 64 are from not being able to establish a connection to the Windows Metadata and Internet Services (WMIS).
  3 times it's rebooted without cleanly shutting down
  60 of them are from Service Control Manager and say The TDKLIB service failed to start due to the following error: The system cannot find the file specified.
  One of them says {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Default\NTUSER.DAT' was corrupted and it has been recovered. Some data might have been lost.
  16 are warnings that various processors in Group 0 are being limited by system firmware.
  12 say the certificate for local system with thumbprint <bunch of hex numbers> is about to expire or already expired.
  108 are warnings for failure to load the driver \Driver\WUDFRd for various devices
  16 are application errors
  One is for the computer rebooting from a "bug check"
  15 are for name resolutions timing out after none of the configured DNS servers responded.
  10 are for SecureBoot being disabled.
  14 for services terminating unexpectedly
  15 are for WLAN Extensibility Module has stopped
  61 are for applications not being able to be restarted because the application SID does not match Conductor SID
  12 are for activation of CLSID timing out waiting for the service wuauserv to stop
  So, I'll call them on Monday and open. a. new. case (#5?) - but really 7. And get A NEW BOX.
  I'll keep you updated!

  Hi amycdero and welcome to the HP Forum,
  I understand that you are having scanning and printing issues after upgrading to Mavericks OS X v10.9.1. I will try my best to help you resolve this issue.
  In this document for Mac OS X: Scanning Software Does Not Open or Stops Responding are steps the may help you with your scanning issue.
  This document for Fixing Ink Streaks, Faded Prints, and Other Common Print Quality Problems should help with the streaking printing issue.
  I hope this information is helpful. Please let me know.
  Thank you,
  I worked on behalf of HP.

• What is Certificate and how to configure it in cacerts file...

  Hi,
  I got an error wile authenticating LDAP server, saying"unable to find valid certification path to requested target", I came to know that I need to configure LDAP server's certificates in jre/lib/security/cacerts file. but I don't know how to do it.
  Could someone explain what is that certificate? how do I get that information from LDAP admins? how to configure certification in my machine and how to use in our logic?
  Thanks,
  Sumant K

  I got the certificate and now I want to add it in my cacerts file .. how do I do that? please give me reply

• Problems with certificate and signed jad

  Hello
  I have a third party jar and jad which is signed as far as I can tell.
  When I run the jad under the phone emulator.exe I get the text below
  Is there something I need to do.
  Perhaps to do with keystores etc.
  I can install the jar and the application runs but keeps asking for permission to open etc.
  Thanks
  Jim
  C:\Java_ME_platform_SDK_3.0_EA\bin>
  C:\Java_ME_platform_SDK_3.0_EA\bin>emulator -Xdescriptor:trekbuddy.jad
  Device name is not set. Using -Xdevice:DefaultCldcPhone1 option.
  Hint: Use -Xquery argument to see all supported devices.
  HTTP server started!
  *** Error ***
  A problem occured during deploying application from http://127.0.0.1:49813/trekb
  uddy.jad
  * Reason:
  The content provider certificate issuer C=ZA;ST=Western Cape;L=Cape Town;O=Thawt
  e Consulting cc;OU=Certification Services Division;CN=Thawte Premium Server CA;E
  mailAddress=[email protected] is unknown.
  C:\Java_ME_platform_SDK_3.0_EA\bin>

  I got the Thawte certificates and after loading just about every one it stopped complaining about the issuer.
  How ever it then started on about not autorized for API.
  So I gave up in disgust and went back to the the 2.xx toolkit.
  This worked out the box.
  Jim

• Restric manager certificate and grant authority

  helloa
  first thing i got request from of our managers
  basically we manages the Certificate Root server, we have 3-4 
  domains with same architecture, and we want to get control of 
  who can manage certificate and whose not
  i know that option to restrict with out the security tab configure
  also on templates existing
  please share with me some of the knowledge above
  thanks 

  Hey Yugi
  Thanks for posting,
  As You have mentioned the security tab able to restrict by denied
  But, the Certification Authority can be very useful with what 
  You have request for:
  Try properties the Certification Authority and moved to certificate managers TAB
  There You could configure who to restrict and even a specific  template and for who
  Be very careful with it.
  I'd be glad to answer any question

• Missing GeoTrust certificate and AuthorityInfoAccess

  Hello,
  through a HttpsUrlConnection instance I am connecting to https://i-portal.cssz.cz/
  I've found out that in the $JAVA_HOME/lib/security/cacerts is misssing an intermediate certificate GeoTrust Extended Validation SSL CA - G2. The root cert GeoTrust Primary Certification Authority is present.
  So the whole path is
  1. i-portal.cssz.cz
  2. GeoTrust Extended Validation SSL CA - G2
  3. GeoTrust Primary Certification Authorit
  I've tried java 7, java 8.
  Does anybody know why the GeoTrust Extended Validation SSL CA - G2 is missing in the cacerts keystore?
  I have an another question. The end cert i-portal.cssz.cz has extension AuthorityInfoAccess / 1.3.6.1.5.5.7.48.2 with an address http://ga.symcb.com/ga.crt that leads to issuing certificate GeoTrust Extended Validation SSL CA - G2. But java didn't try to dowload it. Is there a way ho to tell java to download certs using  AuthorityInfoAccess ?
  Jan

  Good morning ISKREEM,
  Welcome to the Best Buy forum!
  In most situations, a certificate will be visible within a minute or so of the points be converted; however, there are occasions where it may take a little longer, but it should not take more than 24 hours.  I looked over your My Best Buy account and the $5 certificate that was issued yesterday should be visible now.
  As far as the Welcome Packet, you should have received an email with a digital Welcome Packet about 1 to 2 business days after becoming an Unlocked member.  I would suggest double checking your spam/junk folder for the Welcome Packet, as the email has been known to get sorted into one of those folders.
  I want to ensure that you can access your $5 certificate and that you do have the Welcome Packet, so I will be sending you a private message.  To check your private messages, you will want to login to the forum and click on the little yellow envelope icon at the top of the page.
  Thank you for posting, and I hope you have a Happy Thanksgiving.
  Derek|Social Media Specialist | Best Buy® Corporate
   Private Message

• Certificates and faxes

  I have been unable to connect to my works web site with the cert. that I entered. Apple support and Enterprise say that Safari does not support it. So, does any one know how I can recieve a fax on my 3G phone?

  Hi,
  For the external user, we need to get trusted certificate for Exchange services and mailbox access. As MAS says, we can directly buy a third-party certificate for using.
  Alternatively, we can also deploy an
  Enterprise root CA which self-signs its own CA certificate and uses Group Policy to publish that certificate to the Trusted Root Certification Authorities store of all servers and workstations in the domain. About how to install a
  Root Certification Authority, please refer to:
  http://technet.microsoft.com/en-us/library/cc731183.aspx
  Regards,
  Winnie Liang
  TechNet Community Support

• New Certification blog and new magazine about certification

  Dear Oracle Certification addicts
  Please consult the following blog http://blogs.oracle.com/certification/
  I did really appreciate the To Certify or Not to Certify topic is it quite good.
  Especially that Note to Hiring Managers: Just as candidate should not stake their careers solely on certification, you should not hire someone just because they are certified. Certification is an important factor and should play a role in your hiring process, but you should also base your hiring decisions on experience, education/training and communication skills (among other things). Most importantly you should follow up carefully with the candidate’s references. By looking at the whole package and verifying the details with multiple references you will improve your chances of hiring the right candidate.
  And we have now also a dedicated magazine or new letter on the oracle certification
  Extract from the news letter:
  July has been a busy month in Oracle Certification, with several new exciting things to share! Among them, our new and long-awaited Oracle Certification Blog. We are looking forward to sharing ongoing updates and discussing relevant topics in this short and easy to read format. Let us know what you think!
  We’re also happy to share that we have quite a few certifications still available in beta for a significant discount. It’s not only your chance to be among the first to be certified, but allows you to participate in our development process by providing Oracle with valuable feedback.. And of course, we are ramping up for our annual Oracle blowout in San Francisco - Oracle OpenWorld 2008, coming up in September. We hope to see you there!
  Paul Sorensen | Director of Certification, Oracle
  Have good readings....

  My understand is Oracle Database 11g Administrator Certified Professional (OCP) certification is already available via 1z0-050 to those with 10g OCP; to be technically correct IMHO this would make it a new path to the certification rather than a new certification ;-)

• Why SharePoint 2013 Hybrid need SAN certificates and what SAN needs ?

  I've read this article of technet, but I couldn't undarstand requied values of SubjectAltname.
  https://technet.microsoft.com/en-us/library/b291ea58-cfda-48ec-92d7-5180cb7e9469(v=office.15)#AboutSecureChannel
  For example, if I build following servers, what SAN needs ?
  It is happy to also tell me why.
  [ServerNames]
   AD DS Server:DS01
   AD FS Server:FS01
   Web Application Proxy Server:PRX01
   SharePoint Server(WFE):WFE01
   SharePoint Server(APL):APL01
   SQL Server:DB01
  [AD DS Domain Name]
   contoso.local
   (Please be assumed that above all servers join this domain)
  [Site collection strategy]
   using a host-named site collection
  [Primary web application URL]
   https://sps.contoso.com
  Thanks.

  Hi,
  From your description, my understanding is that you have some doubts about SAN.
  If you have a SAN, you can leverage it to make SharePoint
  a little easier to manage and to tweak SharePoint's performance. From a management standpoint, SANs make it easy to adjust the size and number of SharePoint's hard disks. What you could refer to this blog:
  http://windowsitpro.com/sharepoint/best-practices-implementing-sharepoint-san. You could find what SAN needs from part “Some
  SAN Basics” in this blog.
  These articles may help you understand SAN:
  https://social.technet.microsoft.com/Forums/office/en-US/ea4791f6-7ec6-4625-a685-53570ea7c126/moving-sharepoint-2010-database-files-to-san-storage?forum=sharepointadminprevious
  http://blogs.technet.com/b/saantil/archive/2013/02/12/san-certificates-and-sharepoint.aspx
  http://sp-vinod.blogspot.com/2013/03/using-wildcard-certificate-for.html
  Best Regard
  Vincent Han
  TechNet Community Support

• Multiple additional SIP domains - certificate and DNS requirements

  We've setup Lync 2010 Enterprise in our organisation and have successfully enabled a couple of thousand users.
  This is working successfully internally, externally and through Lync Mobile.
  However, we've only enabled users who are using the main company domain for SMTP and SIP addresses aaaaa_group.com (so all nice and easy so far!)
  In other words, user A has a primary SMTP and SIP address of
  UserA@aaaaa_group.com
  However, due to numerous mergers and acquisitions over the years, we have quite a lot of users who have other primary SMTP addresses e.g. bbbbb_co.uk, ccccc_company.com, ddddd_ltd.co.uk, de.ccccc_company.com etc etc
  There must be in excess of 40 to 50
  of these other domains in use as primary SMTP addresses.
  (Nearly all
  these users have secondary SMTP addresses of aaaaa_group.com).
  I have been told to approach this from a best practices point of view and give all users a SIP address that matches their primary SMTP address and calculate how much it will cost to buy certificates to cover enabling every user for Lync on all these domains.
  I know from reading that wilcard certificates are considered to be a bad thing generally with Lync, especially if using Lync Mobility as the phone Lync clients don't accept them. 
  Wilcard certificates aside, what are the names that will I need to add to my SAN certificates?  Presumably sip.domain.com, access.domain.com, meet.domain.com, dialin.domain.com, edge.domain.com, autodiscover.domain.com, lyncdiscover.domain.com
  The potential cost of all these names is frankly getting pretty scary considering we currently use Verisign for all our cert requirements, and they charge like a wounded bull.  However, I still need to report back with a cost of doing this, no matter
  what it is.
  Any thoughts/comments would be very welcome. :-)

  Actually the Mobility clients for mobile devices (cell phones, tablets) DO support wildcard entries in the certificates, it's the Lync Phone Edition client (desktop handset devices) which does not work with wildcards.  So you may be able to use wildcards,
  but do plenty of research on how to approach this.  Here are some articles to get started:
  http://blog.schertz.name/2011/02/wildcard-certificates-in-lync-server/
  http://blog.schertz.name/2011/02/lync-phone-edition-incompatible-wildcard-certificates/
  That said, if you decide to skip the wildcard approach then you do NOT need to add additional entries for ALL FQDN types, only some.
  For both the Edge Server external certificate and any internal Front End certificate you'll need to add the 'sip' FQDN for every domain to the SAN field.
  sip.domain1.com, sip.domain2.com, sip.domain3.com, etc
  The Front End certificate will also need the lyncdiscover and lyncdiscoverinternal
  FQDNs, and the Reverse Proxy certificate will require the lyncdiscover
  FQDNs.
  For Exchange Server you'll need to an autodiscover.domainX.com record as well, although this can also be covered by the wildcard entry.  The remainder of names (web conferencing, external web services, dialin, meet, etc.) can all remain in the primary
  SIP domain only as these FQDNs will be passed in-band to the clients after they have successfully signed-in to Lync.  Unless you need users to all user their own domain names for the SimpleURLs (which it doesn't not sound like in your scenario) then you'd
  have to add all those as well.
  So if you are not supporting any Lync Phone Edition devices I would try going with the wildcard route first to see how well things work.  And even if you do have some of those devices you could simply add the 40-50
  sip.domain.com FQDNs to both the FE and Edge certificate but still use a wildcard entry for the mobility clients, SimpleURls, etc.  Just make sure that the certificates Common Name (e.g. Subject Name) is NOT the wildcard entry, use the primary
  domain name entry in the CN and then place the wildcard entries in the SAN field.  It is also best practice to duplicate the CN as a SAN field entry for the widest range of support by all clients.
  For example:
  Edge Server external certificate
  Common Name: sip.domain1.com
  Subject Alternative Name: sip.domain1.com, *.domain1.com, *.domain2.com, *.domain3.com, *.domain4.com,
  etc...
  Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

• MacBook Pro issues connecting to Gmail, Facebook, and other websites

  Hi,
  In the past week or so, I have had problems connecting to Gmail, Facebook, and other websites on my MacBook. When I try to open Gmail, I get the following message "Safari can't verify the identity of the website "accounts.google.com". The certificate for this website is invalid..." etc. It asks if I want to connect anyways, and I do, but then once I'm on Gmail, I can't use gchat and all of the buttons (delete, reply, etc) are blank. When I try to connect to Facebook, I just get a mostly blank page. I'll include screenshots in case that's helpful.
  When I try using Firefox, it doesn't allow me to connect to either website at all.
  I hope someone can help me with this issue!

  On your iMac, open System Preferences > Date & Time  then select the Date & Time tab.
  Make sure:  Set date and time automatically is selected.
  Then select the Time Zone tab.
  Make sure:  Set time zone automatically using current location is selected.

• Since the most recent Firefox update 3.6.8 by banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you g

  Since the most recent Firefox update 3.6.8 my banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you give me some idea why it is doing this?
  == This happened ==
  Every time Firefox opened
  == Right after the new Firefox update

  Hello Anne.
  Can you please try it in a new (temporary) Firefox profile and see if the issue is still present? See [http://support.mozilla.com/en-US/kb/Managing+profiles this article] to know how to create a new Firefox profile. Please report back the results.