Certificate Authority, downloading Active X control

Similar Messages

• Verify/Download Active-X Control through WD Java.

  Hi,
  Is the following scenario feasible  under  Webdynrpo Java ?
  I have a Business scenario where on executing a Java Webdynrpo application it tries to render a scanned image.Eventually, to display the image client should have active-X control installed.
  Requirement : Java WD application should verify the intended client system(where image gets displayed) if it has the active-X  control installed.If not, it should provide user with the option of downloading the active-X control.
  regards.

  Hi,
  For this requirement, i dont think we need to write code, i think this is just Browser setting at client machine.
  Open the IE> Tools->InternetOptions->Security>CustomLevel---->Active X Contol Plugins
  Thanks,
  Sreeni.

• Certificate Authority not working when signing documents (Active Directory)

  We recently went to an Active Directory structure at my job, and we do a lot of signatures. Part of the Active Directory setup was an auto-certificate authority setup. I went to sign a document  recently and the signature will not apply. I went into trust tab and clicked to trust the certificate, and then backed out, but it still will not sign. When I click to sign the document nothing happens. There are red Xs next to everything in the trust tab.
  Any ideas? I am wondering if there is something I can do in Adobe to let it know that certificate is trusted?
  Any help would be appreciated.

  When Acrobat builds the signature object (which is created when you sign), it tries to populate the object with as much data as possible in order to facilitate long term validation. This means that it is trying to add all of the certificates in the signature chain to the PDF along with all of the corresponding revocation information (which is either an OCSP response of a CRL). This way, after the signer's digital ID expires all of the validation collateral will still be available, otherwise you would get an Unknown signature after the signer's cert expired.
  In order for Acrobat to get the revocation information trust has to be established. When you create the signature Acrobat tries to gather all of the certificates in the signing chain. After it has finished building the chain it walks the chain from the bottom up (the bottom being the signer's certificate) and checks to see if the cert is a designated trust anchor. Once it finds trust anchor it will try to procure revocation info for each cert below the trust anchor, but not the trust anchor itself. After it has gathered up all of the rev info it writes it into the PDF file along with the certificates. So, when it comes to signature creation, it's good to add the certificate that is at the root (top) of the signing chain to the Manage Trusted Identities list and trust it for signing and certifying. That way when you do sign all of the rev info will be written into the file.
  The next thing to realize is Acrobat can only retrieve the revocation info if it knows where to get it from. Each certificate in the signing chain except for the root cert should have an extension that tells Acrobat where it can download the information. For an OCSP response the URI is in the Authority Information Access (AIA) extension and for a CRL the URI is in the CRL Distribution Point (CRLdP) extension. If there is an entry in either of these two extensions that are not valid (that is either they don't exist or, the exist but don't really provide the expected data) then Acrobat will try to download the data, but the download will fail. Thus, you end up with a signature in an Unknown state because revocation checking must succeed if the is an AIA or CRLdP extension. Wheat you need to check is, does the certificate have one or both of these two extensions and if so, does it lead to a successful download.
  Steve

• In my macbook pro 15 inch mid 2012 model, my cpu and gpu will get very hot, when gaming or rendering sometimes over 200F. The fans only spin at max about 2900 rpm, when their max is 6400. I downloaded a fan control app, but how can i fix it?

  In my macbook pro 15 inch mid 2012 model, my cpu and gpu will get very hot, when gaming or rendering sometimes over 200F. The fans only spin at max about 2900 rpm, when their max is 6400. I downloaded a fan control app, but how can i fix it?

  Hi rhaughan,
  I see that you have concerns about your operating temperature of your computer while using resource-heavy applications such as gaming applications. I have an article that will address some of the concerns you have mentioned:
  Mac notebooks: Operating temperature - Apple Support
  http://support.apple.com/en-is/HT201640
  While there are third-party utilities that measure the temperature of a notebook computer, it is important to understand that these utilities are not measuring the external case temperature. The actual case temperature is much lower. Never use third-party applications to diagnose possible hardware issues—instead, contact Apple or go to an Apple Retail Store or Apple Authorized Service Provider.
  You should also see this article for even further information about your fans:
  Learn about the fans in your Mac - Apple Support
  http://support.apple.com/en-is/HT202179
  Thanks for being a part of the Apple Support Communities!
  Cheers,
  Braden

• Windows Server 2008 R2 Standard "Certificate Authority Service" / Exchange Server 2010 EMC not starting and no AD connectivity for authentication.

  Hello,
  I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
  Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
  Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
  * Note. No back ups to work with aside from whats mentioned below.
  DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up. 
  The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
  "No Exchange servers are available in any Active Directory sites. You can’t connect to remote
  Powershell on a computer that only has the Management Tools role installed."
  Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc  per instructions only to discover I couldnt relaunch it because there was
  no way how. So I copied another msc file that happened to be on the DC Server 1  back to Exchange Server 2 and got it to launch again. 
  Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
  it is using the Certificate Authority Service.
  I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
  "The Trust Relationship between this workstation and primary domain failed."
  I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
  I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started. 
  I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
  https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
  and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
  Marty

  I recommend that you open a ticket with Microsoft Support before you break things more.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• SSL certificates and/ or Oracle Certificate Authority

  Our Oracle infrastructure is as follows:
  1.Database server
  (a)Oracle 9i R2 database
  (b) Oracle ApEx 2.2
  2. Infrastructure server
  (a) Oracle 10g (9.0.4.x.x) Infrastructure
  (b) OID - configured as external authentication to Microsoft 2003 Active Directory LDAP version 3
  (c) SSO - configured as Windows Native authentication
  3. Application server
  (a)Oracle 10g (9.0.4.x.x) Forms and reports server
  Network traffic currently is not encrypted. All we need is to ensure that network traffic is encrypted between the the end-user PC and all servers (database or app server)
  I was reading through Oracle Certificate Authority and Secure Sockets Layer.
  1. Is there a difference between the two products?
  2. Which product would be best to ensure the encryption (authentication is provided through MS LDAP)
  Thanks,
  Mayura

  Certificate authority and SSL are two completely different concepts. They can be related but are by no means similar.
  SSL is a service or a feature, not a product. SSL is used to encrypt the traffic. Part of SSL is the use of certificates for authentication. A server or user would pass a certificate as part of an SSL transmission.
  The certificates used for enrypted transmission(SSL), can be obtained from the Oracle Certificate Authority(OCA), or by a third party certificate authority. OCA is not required to use SSL.
  To achieve a fully encrypted envrinment, you would need to use SSL at several layers. This would be done with or without the use of the Oracle certificate authority.
  1. From the web browser to the middle tier
  2. End user to database
  3. from the middle tier to OID
  4. from the middle tier to the database
  5. From OID to active directory

• How do I get Active X control for flash player registered?

  I have been having problems with flashplayer.  I continue to get different messages when I try to download.  The latest message is:  Active X control for flash player could not be registered.  What do I do to get the system working?

  Looks to be a permission issue.  Do you have administrator priveleges on the machine?
  http://helpx.adobe.com/flash-player/kb/installation-problems-flash-player-windows.html#mai n-pars_header_4
  You may also want to try this method to fix permissions with flash player.
  http://forums.adobe.com/thread/987370?tstart=0

• ISE Certificate Authority Certificate

  I'm confussed about the certificates:
  Some weeks ago a certificate was installed in the ISE to avoid the browser certificate error when the customer access the sponsor portal ...
  Now, the customer is requesting to authenticate the sponsor users through LDAPS ... I understand Active Directory or LDAP as External Identity Sources are not secure. So, in order to enable LDAPS we must check the Secure Atuthentication box in the LDAP configuration, but a ROOT CA must be chooseen also.
  I understand the ISE should validate the customer PKI in order to validate the user certificate ... Am I right?
  Do I need request the customer to provide me the "Certificate Authority Certificate" from its PKI ??
  Is it a file completely different to the certificate already loaded in the ISE ??
  With this certificate, would the ISE validate the user's computer certificate additional to user and password ??
  Would the user must use a computer with certificate in order to access the sponsor portal ??
  Thanks in advance.
  Regards
  Daniel Escalante.

  Please follow the "secure authentication tab" in the below table( highlighted)
  go to >LDAP Connection Settings
  Table lists the fields in the LDAP connection tab and their descriptions.
  Table :     LDAP Connection Tab 
  Option Description
  Enable Secondary Server
  Check this option to enable the secondary LDAP server to be used as a  backup in the event that the primary LDAP server fails. If you check  this check box, you must enter configuration parameters for the  secondary LDAP server.
  Primary and Secondary Servers
  Hostname/IP
  (Required) Enter the IP address or DNS name of the machine that is  running the LDAP software. The hostname can contain from 1 to 256  characters or a valid IP address expressed as a string. The only valid  characters for hostnames are alphanumeric characters (a to z, A to Z, 0  to 9), the dot (.), and the hyphen (-).
  Port
  (Required) Enter the TCP/IP port number on which the LDAP server is  listening. Valid values are from 1 to 65,535. The default is 389, as  stated in the LDAP specification. If you do not know the port number,  you can find this information from the LDAP server administrator.
  Access
  (Required) Anonymous Access—Click to ensure that searches on the LDAP  directory occur anonymously. The server does not distinguish who the  client is and will allow the client read access to any data that is  configured as accessible to any unauthenticated client. In the absence  of a specific policy permitting authentication information to be sent to  a server, a client should use an anonymous connection.
  Authenticated Access—Click to ensure that searches on the LDAP directory  occur with administrative credentials. If so, enter information for the  Admin DN and Password fields.
  Admin DN
  Enter the DN of the administrator. The Admin DN is the LDAP account that  permits searching of all required users under the User Directory  Subtree and permits searching groups. If the administrator specified  does not have permission to see the group name attribute in searches,  group mapping fails for users who are authenticated by that LDAP.
  Password
  Enter the LDAP administrator account password.
  Secure Authentication
  Click to use SSL to encrypt communication between Cisco ISE and the  primary LDAP server. Verify that the Port field contains the port number  used for SSL on the LDAP server. If you enable this option, you must  choose a root CA.
  Root CA
  Choose a trusted root certificate authority from the drop-down list box  to enable secure authentication with a certificate.
  See the "Certificate Authority  Certificates" section on page 12-17 and "Adding a Certificate  Authority Certificate" section on page 12-19 for information  on CA certificates.
  Server Timeout
  Enter the number of seconds that Cisco ISE waits for a response from the  primary LDAP server before determining that the connection or  authentication with that server has failed. Valid values are 1 to 300.  The default is 10.
  Max. Admin Connections
  Enter the maximum number of concurrent connections (greater than 0) with  LDAP administrator account permissions that can run for a specific LDAP  configuration. These connections are used to search the directory for  users and groups under the User Directory Subtree and the Group  Directory Subtree. Valid values are 1 to 99. The default is 20.
  Test Bind to Server
  Click to test and ensure that the LDAP server details and credentials  can successfully bind. If the test fails, edit your LDAP server details  and retest.

• Certificate Authority Windows 2008 to 2012 R2 - Clean up and Migration

  Hello,
      I'm currently dealing with the following scenario:
  1. I've inherited the current infrastructure setup and the plan is to clean things up and setup a new certificate infrastructure using Windows 2012 R2.
  2. The current setup:
      a. Domain Controller, Windows 2008 R2, is/was a Certificate Authority.  It hasn't issued any new certificates (based on the information in Certificate Effective Date) for quite some time.  It also has an expired certificate for
  itself - issued by the domain's issuing CA - and attempts to renew it via MMC give a "Server execution failed" and STATUS: Failed when looking in Certificate enrollment for Domain Controller.  We'll call the server, DC1.
      b. Certificate Authority Server, we'll call it CERT1.  When booting up the machine and/or attempting to restart certificate services on the server, the following errors are in the event log:
  EVENT 7024: Description: The Active Directory Certificate Services service terminated with service-specific error %%-2146885613.
  EVENT 100: Active Directory Certificate Services did not start: Could not load or verify the current CA certificate.  Domainlocal Issuing CA The revocation function was unable to check revocation because the revocation server was offline. 0x80092013
  (-2146885613).
  EVENT 48: Description: Revocation status for a certificate in the chain for CA certificate 0 for Domain.local Issuing CA could not be verified because a server is currently unavailable.  The revocation function was unable to check revocation because
  the revocation server was offline. 0x80092013 (-2146885613).
  Note:  The server's computer certificate has expired and it was issued by the Domain Controller mentioned in point A.  Attempts to renew it fail.
  (The issue on CERT1 is like the one mentioned in this article: https://support.microsoft.com/kb/825061?wa=wsignin1.0  however an upgrade wasn't done and it's not old versions of Windows.)
  c. There is a certificate authority machine - part of what was created for a PKI infrastructure - that was kept shutdown.  I've powered it up and the machine is not part of the domain.
  Any thoughts or feedback on easily repairing the current situation so that I can upgrade everything to a new Windows 2012 R2 Certificate infrastructure would be appreciated.
  Thanks!

  Hi Vadims,
      Basically using certificates in the following manner:
  1. User / Computer enrollment in the AD domain.
  2. Any hardware / web services (internal) that need a certificates.  This is usually hardware that has some form of GUI that is accessed via URL, printers accessed via URL and/or that communicate via LDAP to AD, internal UC (Lync is an example), that
  sort of thing.
      A number of machines currently show certificate errors (ie.. certificate has expired) however that hasn't stopped things from working just functioning differently.  I'm going already on the assumption that if I remove the entire CA
  infrastructure and re-install a new one and have everything point to that new CA server that I should be ok but I'm not 100% certain hence why I asked on this forum.
  Also, you're correct is that there is one more CA.  That CA was the server that was turned off/offline that I powered on.  It is not part of the AD domain that the domain controller and the other CA belong to.  (It is standalone.)  I'm
  currently patching the standalone CA since it's been off for what looks like almost 1.5 years. 

• No policy settings on certificate authority console

  Greetings,
  The microsoft article discussing windows server 2000 under the heading "Configuration of Certificates to Be Issued" in the third paragraph talks about right clicking the Policy settings node under the certificate authority.  When look on the
  certificate authority, I do not see a Policy settings node to right click on.
  Not that I am running Small Business Server 2011 if it makes a difference.  Also, when I click request new certificate on the certificate (local computer) personal\certificates node, I get only three certificate types whose status is available.  All
  other ones (including the web server template) show as status unavailable.
  How can I get the other templates.  I looked at their permissions using the active directory sites and services under services/public key services/certificate templates but the permission already allow the currently logged on userid.
  Your help is much appreciated

  Hi Mario,
  The article you mentioned applies to Windows Server 2000, on my Windows Server 2008 R2, there is no Policy Settings node, too.
  Instead, there is a
  Certificate Templates node under the CA name, you can right click on it, select
  New then click on Certificate Template
  to issue, after that you can enable new certificate templates.
  I hope this helps.
  Amy Wang

• Certificate Authority - Custom Temp not showing up. W2k8R2ent

  Hi Guys,
  Couldn't see a forum for CA so I had to post it here. Hopefully its the right place.
  (Server is test domain 1 single ad no replication. Running Win 2k8 r2 enterprise)
  So here's the issue I am trying to create and export certificate for other users (eobo).
  It works fine. But I want to do this throught certreq and in order to do that i have to creat custom cert which i did by duplicating User template.
  The new template CopyOfUser i changed(of confirmed) following settings:-
  General Tab = Publish Cert in Active Directory
  Request Handling = Allow private key to be exported & Enroll subject without req any input
  Security : I am logging as domain administrator and it has  Read/Write/Enroll
  Issurance Req: This number of authorized signature = 1
  & Application Policy & Client Authentication.
  Subject Name : Build from AD (Fully Distinguished name)
  Selected boxes : Include email name / Email name / UPN
  Now problem is i cannot see the custom template on Enable Certificate Templates.
  I am very new to CA so I am sure i am missing something or doing something wrong.
  Would love some help.

  Hi,
  I’d suggest if the steps below doesn’t help to remove the CA. Make sure you are using Enterprise Edition (no upgrade from 2K3 or 2K9 standart) of windows
  and install it again as Enterprise Root CA. Check and see if you still have the issue before tweaking the CA further:
  Open ADUC and check navigate to [Buildin > users > properties > members] and make sure the fallowing security groups are present.
    - Authenticated users
   - Domain Users
   - Interactive
  Open ADSI Edit and navigate to
  [Domain Naming context > DC=<DomainNAme>, DC=<DomainNAme> > CN=Users > CN=Cert Publishers > properties > security ]
   and give [Read] and [write]
  permissions to [Authenticated users] group
  Restart the CA.
  Check permissions on the CA:
  Open the [Certificate Authority] console and right click on [properties > Security] and add the fallowing permissions:
  [Authenticated Users]
  [V] Request Certificates
  [Domain Admins]
  [V] Read
  [V] Issue and Manager Certificates
  [V] Manage CA
  [V] Request Certificates
  [Enterprise Admins]
  [V] Issue and Manager Certificates
  [V] Manage CA
  [Administrators]
  [V] Issue and Manager Certificates
  [V] Manage CA
  [V] Request Certificates
  [Domain Controllers]
  [V] Read
  [V] Issue and Manager Certificates
  [V] Manage CA
  [V] Request Certificates
  [Domain Computers]
  [V] Read
  [V] Request Certificates
  Will appreciate if you give feedback if this has helped you. If yes please select “Mark
  as answer”.
  Best Regards,
  Spas Kaloferov
  MCITP: SA6 | EA6 | VA7 | EDA7 |DBA10 | DBD10 | BID10 | EMA14 | SPA14 
  NetShell Services & Solutions | “Design the future with simplicity and elegance”
  Visit me at:
  www.spaskaloferov.com
  |
  www: www.netshell-solutions.com

• Licensing requirement for deploying Certificate Authority Server

  Is there any separate license that we need to purchase from Microsoft in order to use and implement Microsoft Certificate Authority Server
  in an organization. Or is it a free feature which comes as a part of Windows Server licensing.
  Also, do we require any separate license for clients connecting or using the certificates.
  If there is any licensing involved kindly share information of the same.
  Server - 2008 R2
  Clients - 7, 8, 8.1

  Hi Rahul,
  In addition, if there are any specific queries about licensing in the future, you may contact Microsoft via phone numbers listed here:
  Microsoft Volume Licensing Activation Centers Worldwide Telephone Numbers
  http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Error Starting Certificate Authority after upgrading in place from Server 2003 Enterprise (32 bit) to Server 2008 Enterprise (32 bit).

  Hope this is the place to seek help with Active Directory Certificate Services.  We recently upgraded in place an issuing CA in our lab from 2003 to 2008 and the upgrade of the OS was successful but the CA service now will not start. 
  The error is:
  Error 0xc8000222 (ESE: -546)
  More info.  We did stop the CA service prior to doing the upgrade.

  Answering my own question with the hopes to help someone else. 
  The problem has something to do with the logs for the certificate database.  There is some sort of a format conflict after upgrading to 2008.
  To get around this error, and get the Certificate Authority service to start, remove all the logs from the C:\Windows\system32\CertLog directory that should be where your .edb database file lives, leave the database file there
  This worked for us on three of four of our CA servers, the other one had a database that went down in a dirty state, so we had to use ESEUTIL utility to fix the database.
  NOTE: there is no ESEUTIL utility on the CA servers, so we had to copy our database to an Exchange server in our test lab, then run ESEUTIL /MH to see what the Status is, it may say Dirty or Clean, then we ran ESEUTIL / P (P for Repair, go figure I know
  right) anyway that fixed the database, so we copied it back over to the CA and started the service
  hope this helps some of you out, we have a case opened with Microsoft Technical Support on this issue and will update this thread with their feedback as well once they get back to us (it has been a week already)

• Heartbleed: Remove Certificate Authority from iOS device

  Hi,
  I am in the process of changing SSL certificates after the Heartbleed bug. As I wasn't able to find a reliable cross platform way to revoke my internal certificates (e.g. Chrome doesn't check CRLs), I'm planning to reissue new certificates based on a new internal certificate authority (CA) and to remove the old CA from all systems. This should render all previous certificates as untrusted.
  This is easy for Linux, Windows and OS X, but how can I do this for iOS 7 devices? I believe the CA certificate was originally deployed to the iOS devices through a configuration profile. However, when I go to Settings > General > Profiles, there is no such profile listed. The iOS Safari shows my internal HTTPs pages without certificate warnings, thus the device must somehow have remembered that CA as trustworthy.
  Here are my questions:
  How can I view and/or modify the trust settings of CAs on iOS 7 devices?
  Where did the configuration profile with the CA go (I know that's a little weird to ask here) and why is the CA still active?
  Why are internal Https pages still trusted even if there is no configuration profile for that?
  This absolutely puzzles me! I always thought that for a custom CA to be active on a iOS device a configuration profile was required to be present. But that does not seem to be the case.
  Thanks for your help!

  The workaround seems to be the following:
  Go to the iPhone Configuration Utility
  Install the profile (again)
  Go to your iPhone and deinstall the profile that was just installed in Settings > General > Profiles
  Certificates signed by that authority are not trusted anymore.
  I consider this to be a major security problem in iOS if there is a way that profiles enable CAs and then get lost sometime later (maybe through an iOS upgrade?).

• Free , local Certificate Authority tool ?

  Could anyone please recommend a free Windows tool that can be used as a local CA ?
  I'm looking for a "Certificate Authority" tool which we could ran locally on one of the company's machines.
  The idea is, we'll use this CA to sign our certificates (Needless to say, this CA will be added to our clients/browsers trust-root).
  Tool does not have to be very robust.
  It should be able to run on Windows (preferrable with a graphical interface, but a command-line tool would also do).
  Thanks very much :)

  I�ve downloaded the binary windows version for the OpenSSL from (http:/www.slproweb.com/products/Win32OpenSSL.html.) however I couldn�t find any instructions for how to use it .. Any recommendations?
  One more question, I want to use a CA that generate certificates that can be passed then to Java Certification path API (Certification Factory class) in order to create certification paths and validate it ? so is OpenSSL the right choice?
  Thanks in advance,
  Somaya