Certificate Authority Support for IPSEC in Solaris

Similar Messages

• Does the eBooks created by iBooks Author support for iphone now?

  I have been read some blogs discussing that the iPhone could gain new support for ebooks made by iBooks Author. And now, I wanna know whether the prediction is true or not. I can' t find any annoucement from Apple to confirm this point. Does anyone answer my confusion.

  With the current software ..books created using iBooks Author cannot be viewed on iPhones.
  iBooks Author creates books that can only...be used with iPads and on Macs with Mavericks installed, by using iBooks.
  Thats it...no rumours. Blogs or to be more accurate...some of those who  contribute to them seem to either be totally stupid, or like to make themselves look as if they have inside knowledge.
  Apple created iBooks Author to allow self publishers create and publish books to the store. But not just novels or text only type books. iBA made these books allow audio / video ..and much much more than any novel. That being so....most interactive multi media books will not really display well on a screen the size if the iPhone.
  Apple are more concerned in getting iPads in use more by business and education at all levels.
  The only rumour that may well become fact is a larger sized screen for a bigger iPad  mid to late 2014.

• 881 IOS support for IPSEC and OSPF

  Is there an IOS image for the 881 that contains IPSEC feature set AND support for OSPF? I recently purchased an 881 and it came default with this system image "c880data-universalk9-mz.152-4.M4.bin", however this image does not support OSPF. I need an IOS image that supports both OSPF and IPSEC feature sets. Please advise.

  hi,
  according to cisco's FN, you might need a c880data-universalk9-mz.153-2.T1.bin.

• Support for rfc1514 on Solaris 9

  All,
  Does anyone have experience configuring the snmp management agent on a Solaris 9 system?
  I need to use the rfc1514 standard (host-resource mib) to support a large server environment for monitoring a variety of health stats that we are currently unable to capture, and I have not had a great deal of success finding the technical docs that outlines and addresses the procedures on how to do this.
  If anyone has done this for a Solaris 9 build I would appreciate your assistance.
  Sincerely,
  Matt S.

  For all of those newbies like me I forgot to set some system settings. Here are the system settings I needed to put into /etc/system:
  set semsys:seminfo_semmni=100
  set semsys:seminfo_semmns=3000
  set semsys:seminfo_semmsl= 256
  set shmsys:shminfo_shmmax=4294967295
  set shmsys:shminfo_shmmin=1
  set shmsys:shminfo_shmmni=200
  set shmsys:shminfo_shmseg=20

• Windows Server 2008 R2 Standard "Certificate Authority Service" / Exchange Server 2010 EMC not starting and no AD connectivity for authentication.

  Hello,
  I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
  Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
  Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
  * Note. No back ups to work with aside from whats mentioned below.
  DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up. 
  The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
  "No Exchange servers are available in any Active Directory sites. You can’t connect to remote
  Powershell on a computer that only has the Management Tools role installed."
  Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc  per instructions only to discover I couldnt relaunch it because there was
  no way how. So I copied another msc file that happened to be on the DC Server 1  back to Exchange Server 2 and got it to launch again. 
  Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
  it is using the Certificate Authority Service.
  I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
  "The Trust Relationship between this workstation and primary domain failed."
  I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
  I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started. 
  I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
  https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
  and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
  Marty

  I recommend that you open a ticket with Microsoft Support before you break things more.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Licensing requirement for deploying Certificate Authority Server

  Is there any separate license that we need to purchase from Microsoft in order to use and implement Microsoft Certificate Authority Server
  in an organization. Or is it a free feature which comes as a part of Windows Server licensing.
  Also, do we require any separate license for clients connecting or using the certificates.
  If there is any licensing involved kindly share information of the same.
  Server - 2008 R2
  Clients - 7, 8, 8.1

  Hi Rahul,
  In addition, if there are any specific queries about licensing in the future, you may contact Microsoft via phone numbers listed here:
  Microsoft Volume Licensing Activation Centers Worldwide Telephone Numbers
  http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Request Smartcard Logon certificates for more than 2 years from Certificate Authority

  Dear all,
  I have setup a Certificate Services in a Windows Server 2008 R2 domain and I request certificates via the CA webpage
  http://ipofdomainserver/certsrv using the SmartCard logon custom template.
  The problem is that my certificates are only valid for 2 years even though when I created my custom Smartcard logon I selected for validity period 5 years. 
  I read in documentation that issued certificates cannot have a greater validity than the root that signed them.
  What and where I should modify to be able to request certificates from the template for more years than standard 2 ?
  Ps: WINSC-CA is valid for 5 years. Should I generate a new WINSC-CA ? How ?

  I was successfully able to create a root CA for 20 years, issued a certificate and login using smartcard using the following procedure:
  1. I increased the CA lifetime to 20 years by using this link http://www.expta.com/2010/08/how-to-create-certificates-with-longer.html
  Created the file CAPolicy.inf in %SYSTEMROOT% with following content
  [Version]
  Signature=”$Windows NT$”
  [certsrv_server]
  RenewalValidityPeriod=Years
  RenewalValidityPeriodUnits=20
  2. Renew CA root using this guide  https://technet.microsoft.com/en-us/library/cc780374(v=ws.10).aspx
  Console Root -> Certification Authority -> select domain -> Right click -> All Tasks ->
  Renew CA certificate
  3. Delete from Console Root -> Certificates (local computer) -> Trusted Root Certification
  Authority -> Certificates the *WINSC-CA that has the previous lower validity, and from 
  Certificates (local computer) -> Personal, the *WINSC-CA that was lower validity
  4. I performed a reboot here
  5. Change in Console Root -> Certificate Templates -> Smartcard Logon Custom Template (my custom duplicate template) -> Properties -> Validity 10 years
  6. Change in registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>\ValidityPeriod
  to value 10 for 10 years.
  7. Request a new certificate from CA webpage http://ipofdomain/certsrv and let the webpage write it to
  smartcard (I was making sure there is no other certificate on the smartcard)
  8. Try to log in. At this point it should throw an erorr that smartcard logon is not supported for this
  account type. This is becuase we need to enroll it again for domain authentication
  9. Console Root -> Certificates (local Computer) -> Personal -> Right click -> All Tasks ->
  Request new Certificate -> Next -> Active Directory Enrollment -> Next -> Select Domain Controller Authentication -> Enroll -> Finish.
  Now you should be able to login using your smartcard and 10 years generated certificate.
  Though I have a problem at step 3, after CA server reboots the *WINSC-CA certificate with lower
  validity is restored automatically, but the certificates are generated for 10 years.
  What am I doing wrong ? How can I delete the lower validity root CA ?

• Mail and SMTP server settings of ASA Certificate Authority for cisco anyconnect VPN

                     Dear All,
  i have the folloing case :
  i am using ASA as Certificate authority for cisco anyconnect VPN users,the authentication happens based on the local database of the ASA,
  i want to issue a new certificate every 72 hours for the users ,and i want to send the one time password via email to each user.
  so what the setting of the mail and smtp server should be ,
  was i understand i should put my smtp server ip address then i have to create the local users again under(Remte VPN VPN--Certificate management--Local certificate authority --Manage user Database) along with their email addresses to send the one time passsword to them via their emails.
  i sent the email manually ,hwo can automate sending the OTP to our VPN users automatically vi their emails?
  Best regards,

  Thanks Jennifer.
  I did manage to configure LDAP attribute map to the specific group policy.
  Nevertheless, I was thinking whether I can have fixed IP address tied to individual user.
  Using legacy Cisco VPN Client, I can do it using IPSEC(IKEv1) Connection profile, where I set Pre-Shared Key and Client Address Pools. Each Client Address Pools has only 1 fix IP address.
  Example: let say my username is LLH.
  Connection Profile for me is : LLH-Connection-Profile, my profile is protected by preshared key.
  Client Address Pool for me is : LLH-pool, and the IP is 172.16.1.11
  Only me know the preshared key and only me can login with my Connection Profile.
  Using AnyConnect, I have problem. User can use any connection profile because I cannot set preshared key for AnyConnect. In that case, I cannot control who can use my Connection Profile and pretend to be me.
  Example:
  AnyConnect Connection Profile for me is : LLH-Connection-Profile, without any password
  Client Address Pool for me is : LLH-pool, IP is 172.16.1.11
  Any body can use LLH-Connection-Profile, login with another user name, let say user-abc which is a valid user in LDAP server. In that case, ASA assign 172.16.1.11 to user-abc and this user-abc can access server which only allow my IP to access.
  I hope above description can paint the scenario clearer.
  Thanks in advance for all the help and comment given.

• In-House Certificate Authority for Self Signed Jars in JRE1.8

  Hi,
  I am trying to get some assistance on a Java issue that Oracle Support are struggling with. I am using Oracle E-Business Suite and there is a note 1591073.1 advising on what to do to allow E-Business Suite to interoperate with the new security model of JRE 1.8
  The note effectively advises on 3 options –
  Option 1 - Purchase a Code Signing Certificate from a well known Certificate Authority ( already registered in their Root Certificates Key Store cacert ) and import it into the Key Store adkeystore.dat
  Option 2 - Purchase a Root Certificate from an unknown Certificate Authority, import it into the Key Store cacerts, then purchase a Code Signing Certificate from this Authority as per option 1
  Option 3 - Designate yourself as an In-House Certificate Authority by creating your own Root Certificate, importing into the Key Store cacerts and then creating yourself a Code Signing Certificate as this In-House Authority and importing into the Key Store adkeystore.dat
  Q1. I am trying to achieve option 3. However the Oracle note does not actually tell you how to create a Root Digital Certificate and Oracle support are struggling to answer – does anyone know how to do this ?
  Q2. How then do you create a Code Signing Certificate – Oracle seem to have a command ‘adjkey’ but I am not sure if this is what should be used and if so, how this maps my Root Certificate in the Key Store cacerts (given that there are also lots of other Root Certificates in cacerts belonging to all the well known Certificate Authorities ) to the Code Signing Certificate Key Store adkeystore.dat ?
  Any advice greatly appreciated,
  Jim

  Hi,
  For this issue, ensure you explicitly set the store for the certificate.
  Meanwhile, I would like to share the following article with you, I suggest you perform the steps to test it.
  Windows 8 Mail and Exchange using a self-signed certificate
  http://david.gardiner.net.au/2012/08/windows-8-mail-and-exchange-using-self.html.
  It also applies to windows 8.1.
  Additionally, I suggest you use other network to test it.
  If the issue persists, try to switch off SSL to see if it works.
  Note: Microsoft provides third-party
  contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Regards,
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Certificate Authority has changed for Hotmail, is a MITM happening?

  The Certificate Authority being used by my computer has recently changed for Hotmail.com. The Common Name (CN) changed from "*.hotmail.com" to "*.vo.msecnd.net"
  And the Organizational Unit (OU) changed from "Windows Live Hotmail" to "GFS"
  I have no idea what .vo.msecnd.net and GFS are. I'm concerned a Man In The Middle attack is occurring against me. Why don't the CN and OU contain "Hotmail" anymore? How do I fix this?

  Hi,
  Thanks for your post.
  Did you try to restart the CertSrv service to check the result after you create and save the CAPolicy.inf file?
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• My iTunes card won't redeem and when I try to it comes up with this "The gift certificate or prepaid card code you entered has not been properly activated. Please contact iTunes Store costumer support for assistance" can anyone help me?

  My iTunes card won't redeem and when I try to it comes up with this "The gift certificate or prepaid card code you entered has not been properly activated. Please contact iTunes Store costumer support for assistance" can anyone help me?

  Is the store that you bought the card from nearby so that you can try going back and asking if they can activate the card properly ? If it's not, or if they can't/won't activate, then you will need to do as the message says and contact iTunes Support (these are user-to-user forums) : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page, then iTunes Cards And Codes (you will probably need to give them images of the front and back of the card, and possibly its receipt)

• Support for AVM ISDN PCMCIA Card in Solaris 10 ?

  Hi all,
  I would like to install Solaris 10 on my Toshiba Tecra S1 notebook. Today I use an ISDN-Card (AVM FritzCard, PCMCIA) for dial-up connections under Windows XP. Are there any drivers for ISDN and/or PCMCIA-Cards in Solaris10? Does anyone have any experiences with this issue?
  Every hint would be appreciated.
  Thanks a lot.
  Kindly Regard,
  Holger

  Hello.
  There only very poor support for ISDN cards in Solaris. As far as I know only the on-board ISDN card of one of the SparcStation computers is supported (this card is available as S-Bus card for other SparcStation computers).
  I think there is no support for any ISDN card that can be attached to an x86 computer.
  I wrote a driver for USB based ISDN modems that are based on the Winbond 6694 chip myself due to this lack of ISDN support. I tested it under Solaris 9/Sparc.
  Martin

• Also I need ndiswrapper support for solaris 10

  I have a linksys -G type router and my computer uses a Linksys Wireless-G PCI Adapter with SpeedBooster
  which works in Linux like mandrake , debian systems like knoppix and kanotix but their are some buggy like debian also that don't let me change the essid in debian but most linux works with the drivers for my card which are
  04/13/2004 10:01 AM 7,870 BCM43XX.CAT
  03/31/2004 08:44 AM 11,960 BCMWL5.INF
  02/19/2004 11:51 AM 300,928 BCMWL5.SYS
  normally you install the drivers with ndiswrapper -i BCMWL5.INF then use -m to add it too the model loader program in linux which adds wlan0 to ifconfig and iwconfig programs
  which also ndiswrapper requires the source code of the kernel to install the ndiswrapper right , it req. it too compile the drivers, and using the linux gui programs to setup essid and key wep info
  also I use a script in kanotix to use /etc/network/interfaces to load the info on bootup etc.. to get my wireless network card up in linux.
  also how the support for soundblaster sound cards in solaris 10, I have not fingured out if theirs sound yet. freebsd 5.4 seemed to be missing the sound support
  one more thing in bootup of the install program for Solaris 10 my geforce 6800 card detected right but my tv output was all wrong in since the picture , was only on the monitor and tv had stange graphics on it which did not look right I hope nvidia drivers fix this problem , Is their any different command needed for clone mode in Solaris 10 then free86 nd xorg scripts use?

  I got the solutiion from Canon Customer Serivce, temporary until the 10.10 download is released.  It works:
  "You can download the latest software updates at this address:
  http://www.usa.canon.com/cusa/support/professional/professional_cameras/eos_digital_slr_cameras/eos_...
  Please select "OS X Mavericks v10.9" using the drop-down menu on the page.  You have to pick the previous version of Mac OS, because the options for OS X 10.10 Yosemite have not yet been populated.  I sincerely apologize for any confusion this may cause.  After selecting OS X 10.9, please click on the red triangle next to the word "Software" to see the software updates available for your computer.  I would recommend updating all of your software including EOS Utility and Digital Photo Professional."
  I never did find the drop-down menu, but I went into the site map and found what I needed.
  Barry

• I need an email address for iBooks Author support. Does anyone out there have that info?

  I am unable to raise anyone at Apple regarding support for the iBooks Author App. Does anyone know of an email address or telephone number for that support group.Thank you

  Apple does not provide application support via email. You can call the standard Apple technical support lines for assistance, though I don't know how expert the technicians will be in that particular application, and you'll quite probably have to pay for the support call.
  You might try posting your issue/question in the iBooks Author forum here:
  https://discussions.apple.com/community/books/ibooks_author
  I suspect you'll be more likely to get an answer there than you will by calling Apple.
  Regards.

• Support for 8-bit pseudocolor visuals on Solaris 10 u8 Virtualbox guest

  Hello,
  I am running Solaris 10 u8 x86 as a Virtualbox (3.0.8) guest on a WinXP host with a NVIDIA Quadro FX 3500 vcard. I use JDS for the Solaris guest, and only 24-bit truecolor visuals are available for the desktop. I desperately need to run Xnest in 8-bit pseudocolor mode for an application. The video driver supplied with the Vbox Solaris guest additions has limited capability, and I think that until that driver is upgraded, I am out of luck. Does anyone have any different thoughts about that?
  Is there a way to edit xorg.conf to get support for 8-bit pseudocolor overlay graphics? Wouldchanging the video driver in that file from vboxvideo to either VGA or VESA help? Any advice from an X expert would be GREATLY appreciated.
  I've also tried to use svcadm to get the guest to open in 8-bit mode (default depth), but I think that the Vbox video driver (standard and VESA) only support 16- and 32-bit color modes. Is there some other way to get JDS or CDE in the guest to run in 8-bit color?
  Thanks.....

  sparcmaster wrote:
  Regarding expense, I was referring to the dual-headed card you suggested, not Xming.ah. my bad. Though most cards nowadays have dual outputs.
  Here is a Vbox report documenting the whole situation, including Sun's replies regarding DirectColor:
  http://www.virtualbox.org/ticket/4557
  it looks like you guys were talking past each other.
  >
  Note my outputs of xdpyinfo in there: no Pseudocolor visuals in 24-bit mode in the guest (the cause of my problem). My host NVIDIA card has dual DVI outputs, and I have two monitors; are you saying that I set one monitor in Windows to run in 8-bit, and then run Xming on that monitor, and then set up a remote display for my guest, and try and get the guest to display to that remote display? If so, that could be worth a try. If not, maybe I did not fully understand the idea from your first post. I'd rather not have to go out and buy a new dual-headed card unless absolutely necessary.The problem you have is that virtualbox needs a 8 bit display somewhere to send the output to. Send your end display is a windows display in 24 bit mode, it's a lose since windows won't (at least the last time I looked) allow an 8 bit window in a 24 bit desktop. You could try running the main windows display in 8 bit mode and then starting virtual box, but odds of things going in your favor is not great.
  Your new idea of running a vnc server in 8-bit mode within Solaris is very interesting indeed. I am unfamiliar with vnc. I saw this page:
  http://www.softpanorama.org/Xwindows/VNC/vnc_on_solaris.shtml
  It says that VNC comes with Solaris 10 u5, on the companion CD. I assume that u8 has it also.Somewhere along the line, sun began do bundle vnc as a part of solaris proper. It should be in /bin/vncserver.
  I'll look into that. If you know of any other source of info on vnc, please let me know. Thank you VERY MUCH for the suggestion!!!Here's more or less what you should do:
  1) login to your virtual solaris box
  2) Start up a 8 bit vnc server by typing "vncserver -depth 8 :1"
  3) After the setup questions (if I remember, you need to at least set a password), you can connect to the vncserver by
  typing "vncviewer :1" and entring the password.
  You could also get a windows VNC viewer and connect to the solaris vnc server. This may render faster, since you aren't running the vncviewer in a virtual session.
  4) In the vnc viewer display (which may look funny because the default setup is usually a horriffic twm session), start your Xnest.
  If you want cde, edit your .vnc/xstartup to look like:
  #!/bin/sh
  xrdb $HOME/.Xresources
  xsetroot -solid grey
  dtterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
  dtwm &
  If you want jds, replace the dttterm/dtwm with gnome-panel.
  -r