Certificate of conformance - QM

Similar Messages

• Datasheets and certs of conformance

  Hi,
  I was wondering if anybody knows how I can get my hands on datasheets and certificates of conformance for spare parts? I've been searching online but to no avail, I've contacted HP helplines and customer services but again, to no avail. I'm looking for IEC, UL, CSA, RoHS and REACH certs of conformance, as well as a data sheet for the part 5066-1122. Its a universal external power adapter for multiple HP applications. It is a genuine HP spare part but when I request and look for this items, I just get passed from one customer services rep to the next.
  If anyone knows where I can get these, I'd really appreciate being informed.
  Thanks in advance folks.

  You should consider to use a certificate enrollment web services (which are intended for such scenarios):
  http://technet.microsoft.com/en-us/library/dd759209.aspx
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Printing quality problem

  We spend incredible amount of time to find out how to how to make
  reliable print from EXE done in LV6.0.2 under W9x,WinNT, W2K. But we
  have no solution.
  First we used direct print VI panel, after VI competition, but there
  are many problems with it. Then we left it and switched to report
  generation, now we are at the same situation.
  -Report generation does under WinNT and W2K different size of report
  on printer printout, NI-support suggest: LET USE W98.
  -Using W98, printing on printer with page format A4, EXE crashed.
  NI-support
  suggest: LET USE WinNT,W2K
  -Another problem: after printing to printer, the memory space used by
  LV is growing while using report generation VIs after every print even
  though I closed report reference. Each print make
  app. or LV allocated
  memory 3 MB higher. The newly allocated memory is no more released and
  all VI's are after 3to 5 printouts really slow.
  Seems to me probably nobody is using report generation VI's, because
  there is no way to use it.
  Seems to me also, that the only way (but painful) how to print from
  LV6.0.2 is the same, which exists since LV4 - print panel after
  competition (the same solution as 4 years ago...). Even this solution
  is really bad under W98 printing to HP printers - we can see very
  often that EXE crashed after printing, or sometimes fonts have correct
  size and sometimes not.
  The only reliable way is: using VI server function, generate
  physically BMP file on hard disk and then this BMP print out using
  paint.exe(MS-paintbrush). Printouts are reliable, but because of
  generated BMP they look like from ZX Spectrum or Atari age. Also we
  can generate HTML physically to HDD, but there is no way how to ensure
  the same size of each item on print (HTML <-> MSexplorer problem)
  , so
  it is unusable. Also unusable is to force customer to buy and use
  MS-word to be able print from our application done in LabVIEW.
  Maybe we are doing something wrong, but we cannot to find the problem.
  Thanks for any help.

  I don't have any complaints about printing from LV - well, not many, anyway.
  First things first - there is a known bug in the 'Print Panel at Completion' method of printing, under LV6.0.2, when running under Win95/98. It involves LV not releasing resources, causes font corruption, and ultimately an assert/crash. It DOES NOT happen under WinNT/2K. If you MUST run W95/98, you can specify 'bitmap printing' as a workaround, but this is very slow.
  Apart from that, I have generally excellent results using print on completion under LV6, usually to an HP LaserJet. A few things I've learned:
  1) Disable scaling in the VI print setup - this just confuses things. Size the objects on the VI panel to fit the printable area (LV uses 72 pixels/inch).
  2) Create
  the 'print on completion' VI as something that is never shown onscreen - don't try to make one VI do onscreen presentation and printing.
  3) Paint the background of the printing VI white.
  4) If you drop a graphic on the printing VI's FP (like a company logo), get a BIG, high res image. After pasting it, shrink/resize it w/in LV. When it prints, the full resolution is retained and used.
  5) Paint control/indicator frames and 'stuff' either white or transparent. These things can really clutter the printed results.
  Hope this helps - I've used this method to produce some really sharp test reports, certificates of conformance, etc.
  Regards,
  Dave
  David Boyd
  Sr. Test Engineer
  Philips Respironics
  Certified LabVIEW Developer

• Can I limit options when creating digital sig?

  Hi, all.  Thanks, in advance, for any help :-)
  We have created an application in LiveCycle and have incorporated digital signatures to allow applicants to sign the various forms within the application, including W-4 and I-9.  I have several questions and will post some as other topics, but let's start with this...
  The average person filling out one of these applications jack around with options in the create digital ID wizard that they don't need to change, so I want to know if there is a way to lock down these options, such as the font, digital sig file type, country and show only the create new ID option in the first dropdown rather than showing every ID that's been created on that pc.  As well, some options are totally unneccesary and I would like them to not show up at all.
  Is there any way I can change these things in the wizard?
  Thanks,
  Michelle

  Michelle
  As I mentioned in my reply to yuor other question, when Acrobat is used to create a digital certificate, it is creating a self-signed certificate that conforms to the X509 certificate standard.  I'm sure that the information that the self-signed certificate creation wizard in Acrobatis capturing is necessary to create a valid X509 digital certificate.
  There is no way that I am aware of to "customize" the self-signed certificate creation wizard in Acrobat.
  Regards
  Steve

• Local Outlook in virtual environment crash when we add long path attachment

  We have MS Office 2007 install localy on our Windows 2008 R2 server with App-V SP3 client. We have configured Outlook to start in the Acrobat Reader XI virtual environment for the pdf file preview. When we try to add a long path attachment in Outlook,
  Outlook crash.
  If we run Outlook outside the Reader virtual environment, Outlook does not crash. If i try to make a procmon to find a solution, Outlook freeze but does not crash and procmon does not return interresting information. I have try to start Outlook in another
  virtual environment, it still crash.
  We have made some more testing. We have discovered that Outlook crash on file path longer than 242 character. Normally, the max path in Windows is 260 character. Thats why we does not  understand why we have this bug.
  Any idea someone to solved this problem?

  The path of the file we try to add to the mail is something like this : 
  G:\Urbanisme\Volet Réglementation\Certificats de conformité\Conformité - Environnement_MDDELCC (LQE)\2015\LQEnv_Carré Belvédère-Gestion Élias_milieux humides_2015-02-27.gaegra\LQenv_projet de développement _ Carré Belvédère_2015-03-23_marjac.docx
  I am not sure about the Q drive you talk about... I know than in App-V 4, there was Q drive, but we use App-V 5 SP3 (i forgot to tell in my original post).
  Thanks for your help Rorymon!

• Why is email address required for digital sig?

  Hi, all.  Thanks, in advance, for any help :-)
  We have created an application in LiveCycle and have incorporated digital signatures to allow applicants to sign the various forms within the application, including W-4 and I-9.  Here is the next question....
  By default, the digital signature cannot be created without entering an email address.  The problem there, is that we have some applicants who do not have an email address (yes, there are still humans on the planet who don't have an email address :-).  Is there a way to get around this?  That can't be the only legally valid personal information that can be used to create a digital sig?  Can we offer an option if they don't have an email address?  We don't want to instruct them to enter bogus information.
  Thanks,
  Michelle

  Michelle
  When Acrobat is used to create a digital certificate, it is creating a self-signed certificate that conforms to the X509 certificate standard.  I haven't read the X509 spec from start to finish, but I would assue that the standard dictates that the e-mail (which is part of the "Subject" section of a certificate) is mandatory.
  See http://en.wikipedia.org/wiki/X.509 for a bit more info on digital certificates
  As for your statement "That can't be the only legally valid personal information that can be used to create a digital sig?", I don't believe there is anything legally binding or valid about a self-signed certificate as anyone can create one with any information they want.
  Regards
  Steve

• X220 laptop - Battery Li-ion

  Hello,
  For professional purpose, we are using a thinkPad X220 4287 laptop.
  For a use in aircraft, it is mandatory that the Li-ion batteries are tested under UL1642.
  I am looking for the certificate of conformity of the batteries against UL1642.
  Can anyone help me where to find this information?
  Many thanks.
  Emmanuelle
  Solved!
  Go to Solution.

  OK, this may also be useful.....
  http://www.lenovo.com/lenovo/us/en/compliance.html
  "Lithium batteries are subject to a number  of transportation regulations for all modes of transportation both in the United States and globally.  Regulatory agencies governing the transportation of these batteries include the  US Department of Transportation, International Civil Aviation Organization  (ICAO), International Air Transport Association (IATA) and International  Maritime Organization (IMO).
  The Lenovo  Battery Declaration of Conformity (DoC) is a document that confirms Lenovo’s conformance to US and WW transportation requirements.  The Lenovo Battery DoC lists the applicable  preconditions, testing and the regulations assessed for compliance.
  Information about batteries is available at www.lenovo.com/support/batteries.  Specific battery MSDS and test certificates  are available from the Lenovo Regulatory Compliance Department upon request (e-mail [email protected] and include your battery part number." 
  Cheers,
  Bill
  I don't work for Lenovo

• How to store the certificate file by using import java.security package?

  Hi,
  I have a certificate file whose extension is .p12(So, it conforms to pkcs 12 standart).
  I wanna store this file which is in my file system in my pc. and I wann to store this file to smart card?
  // this two row just load the specified file
  KeyStore keyStore = KeyStore.getInstance("PKCS12");
  keyStore.load(new java.io.FileInputStream(pkcs12File), keyPassword);
  // I need to store keyStore object to smart card. but I do not know how to? Any idea????

  This is not adding external p12 f�le inside the smart card ? Am I right? I want a p12 f�le to add this this file to smart card indside

• Message level security: difference digital signature and certificate

  Hi everybody,
  could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
  Thans
  Regards Mario

  Mario,
  A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
  A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
  where as
  A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
  hope it helps u.
  --Archana

• QC51:No certificate is required for the purchase order item

  Dear all.
  I want to create an certificate Receipt In the T-CODE QC51.After input the purchase order and item and press return,the SAP show an error message:
  No certificate is required for the purchase order item.
  Message no. QC508
  My question was where to control the purchase order item to require certificate or not?
  Regard
  Yoda

  Hi
  For this you have to maintain Certificate req in Material master.
  MM01>Enter your material->Quality view-->Tick on QM procurement->Certificate require-Mension kind of certificate req.
  like
  E21     Cert. of conformity "2.1"  EN 10204
  E22     Test certif. "2.2"         EN 10204
  E23     Works test certif. "2.3"   EN 10204
  E31A     Insp. certificate "3.1.A"  EN 10204
  E31B     Insp. certificate "3.1.B"  EN 10204
  E31C     Insp. certificate "3.1.C"  EN 10204
  E32     Inspection report "3.2"    EN 10204
  Q001     Conformance Report
  Q002     Plating Certificate
  Q003     Test Report
  Q004     Certificate through Web
  Q005     Chemical / Physical Test report + QC
  etc.....
  Customizing for this can be done in
  SPRO->Quality Management->QM in Logistics--->Define Keys for Certificate Processing.
  This will ask you during MIGO or during UD/confirmation possible thro' QC21
  Regards
  Sujit S Gujar

• E61 cannot import personal certificate

  Hello,
  I can't import personal certificate. I have personal certificate in p12 (pkcs12) format and it can be imported into firefox without any issues. However when I open this certificate on E61 I am asked for:
  password for my certificate - I enter correct one
  E61 proceeds to to Screen where it says:
  File contains:
  1 private key
  1 personal certificate
  1 authority certificate
  Save? When I click on save I get message:
  Private key corrupted!
  then it proceeds to CA which works fine.
  What I am doing wrong? Kindly assist as this is show stopper in 170K+ employees company.

  Hi,
  I'm not only unlucky, I'm frustrated! :-(
  I've got exactly the same problem. Modell: E65.
  In our company around 50000 users are already using personal certificates, generated using an openssl pki framework.
  Installing/migrating/running a Windows-PKI instead, only for importing P12-Files into our Nokia mobile's is not a solution nor an option.
  All our user-certificates (Server-,Client-,Multi-Level-CA-Certificates) are working fine within standard-protocols and standard applications (e.g. IMAPS, VPN/IPSec, WPA-EAP-TTLS/TLS, HTTPS, LDAPs,...), even within Microsoft's client-appilcations (IE / Outlook) there are no problems importing / using them for encryption, authentication or signing purposes.
  So there should be no problem, regarding the import into a E65?!
  I tried to convert some demo-certificates various ways, exported, converted them to DER, build different P12-formated files but not chance: the E65 always reports "File corrupted".
  I also followed the instruction found under
  https://blogs.forum.nokia.com/view_entry.html?id=412
  So I tried to download a p12-Container directly from a test-webserver using the correct mime-type, no luck: Corrupted File!
  But on the other hand, any p12-file, which the E65 says is corrupted, could be imported into IE/Firefox/Outlook/Thunderbird (the later two on windows & linux plattforms) or opened/investigated using openssl (0.9.8c and 0.9.8d) on the command line without any problems.
  The hint (two posts above), creating certificates using MS-AD-integrated PKI gave me a small hope again. (Please do not understand me wrong, migrating all our user/server certs and PKI-Infrastructure to MS is completly impossible, but a small test will show whether out p12-Files cause the corruption problems).
  So I imported (doubleclick, windows wizard...) the openssl-generated p12 into IE (flagged "exportable") without problems. Right after the import, I exported it various ways (e.g. w/o stong encryption) into a MS-pfx (aka p12) formated file. Renamed the suffix from pfx to p12 and gave it to openssl for processing / investigation:
  openssl pkcs12 -in testuser.p12 -info
  Enter Import Password:
  MAC Iteration 2000
  MAC verified OK
  PKCS7 Data
  Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
  Bag Attributes
  localKeyID: 01 00 00 00
  friendlyName: {EE88EF5C-5404-487C-AB22-AA56E79D447C}
  Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
  Key Attributes
  X509v3 Key Usage: 10
  Ok the content seems to be in "Microsoft CSP" format!!! (remembering two posts earlier, that's the container-format MS-PKI produces, so a successfull import of this file should be possible?!.... No way either!!! "File corrupted!"
  Another point: during my first p12 import try I used a corporate-standard-p12 file, that means, it contains:
  1 x User-Cert
  1 x User-Key
  1 x Intermediate-level-CA-Cert
  1 x Root-level-CA-Cert
  The E65 successfully imported the two CA-Certs, ask for a name and stored them under "Authorities". They are accessible within S60 (Security->certif.manag) and anything is fine with them. But the also contained user-certificate and the user-key resulted in "File Corrupted!". :-(
  So, for me in the moment it looks really that there is a bug in S60-3rdEd. (E65). Our certificate-containers are as far as I can say completly standard conform all software (opensource/closed source) can read/import our p12-contents without problems, even the E65 can partialy (CA-Certs) read the p12 contents (but not the user-cert/key). :-(
  I would be very happy if someone else can confirm the above results and even more happy if someone else can give me more ideas where to look for a possible solution.
  What I'm missing is an exact specification from Nokia/Symbian, regarding the P12 contents. That means, Certificate/Key Encryption, Formats, Hash-Algorithms, Iterators, Mac-Iterators, and so on... If such an specification would be available/accessible chances are good to be able to generate a valid p12 file containing importable private keys. Information like DER/PEM and mime-type that's by far not enough.
  Because I was not able to find such details specs, all I can offer in the moment is to generate test certificates and p12-container-files for further in-deep debugging?!
  If it is not a bug of S60-3rdEd. perhaps someone else reading this thread can offer a MS-PKI-generated (and of course successfully imported ins S60) p12-File (even revoked should not be a problem) with all passphrases for download, so I can try to investigate in deep the formats and the differences?
  Many thanks for your help!
  Cheers
  Krum

• Certificate Authorities - JINIT 1.1.8.19

  HI,
  We are intending to deploy our Forms application (at mutiple client intranets, and internet as ASP), and wish to automate the procedure of deploying and cerftifying JAR components, intergrating with the client machine.
  We have followed the most helpful document on JAR signing etc for JINIT 1.3, but for our current release we intend to use JInit 1.1.8.19 (and 9iAS Forms Services Release 1 - patchset 10). In order to aid customer confidence in the Java code, and automate the recognition of the signing identity of the code, we intend to purchase a Certificate Authority certificate.
  My questions are as follows :
  1. Which Certificate Authorities public keys are currently recognised by the identity.obj delivered by default in JInit 1.1.8.19 ?
  2. Currently, I appear only to be able to obtain a certificate conforming to the 1.3 JDK. Will these type of certificates enable to deploy using 1.1.8.19 ? For your information, I attach copy of my question and response from Verisign.
  Issue Details & Information
  Code Signing: Sun Java
  The nature of the issue is:
  Need additional information on or are unable to sign code
  Other issue Specified:
  Additional Information surrounding the issue:
  Hi,
  Wish to purchase Code Signing ID, but signed Applet will be deployed using
  1.1.8.19 version of the Java Soft plug-in (actually packaged by Oracle as
  JInitiator). We have been using the "javakey" commands to create and sign
  using a self-signed certificate.
  Will the available certificate allow us to deploy using 1.1.8.19 ?
  Thanks
  Reply
  Dear VeriSign Customer,
  Special requirements: Tools/SDK version:
  The Java Applet needs to be written using the Java 2 JDK v1.3. (J2SEv1.3 is
  the first JDK from Sun with an RSA signature provider). Download available
  at http://java.sun.com/j2se/1.3/
  Java Plug-in v1.3: This allows web page authors to direct Java applets on
  their web pages to run using Sun's Java Runtime Environment (JRE) instead of
  the browser's default run time environment and hence be confident that the
  applets are executed with full support for all of the features and
  capabilities of Java 2 SDK 1.3 in Microsoft's IE 4.0 or later, and
  Netscape's Navigator 4.0 or later on various Win32 platforms and Solaris
  platforms.
  Download available at: http://java.sun.com/products/plugin/index.html.
  Thank you,
  Jennifer
  VeriSign Customer Support
  As ever, your continued assistance is appreciated.
  Regards
  Marc Ludwig

  HI,
  Thanks for the response.
  For your info, the main reason why we are currently planning to use 1.1.8.19, is purely because all testing / QAT / performance monitoring, has been performed using this version. We are really close to our first expected delivery date and would prefer to stick with what we have. Also, customers have expressed a desire for code to be signed using Certifcate Authority verified methods, rather than self-signed (I don't think this a technical decision, more one of marketing). Also as the Oracle path is to begin to certify directly to Java Soft 1.4..., I'd prefer to make the jump at that stage (particularily considering the supposed solving of the whole authentication issue within this release).
  On a slightly un-related note, my personal experience of JInit 1.3, has been that performance (and memory usage on the client machine) appears to be worse / higher than 1.1; but this may just be me. Have you any expereince using the 1.3 plug-in ?
  Thanks again for your interest.
  Regards
  Marc Hi Marc
  From what I read from your mail from VeriSign you may be forced to upgrade to JInitiator 1.3, if you must use Certificate Authorities. I understand your need to deploy, what you have been using in your test environment; but in this particular case, if CA is a requirement, I guess the best thing you can do is to deploy on JInit 1.1 now using self-signed certificates and then start using JInit 1.3 in your test environment ASAP. I do not know, if any CA's still issue Java1.1 certificates, sorry.
  To be honest, I'm waiting for JPI 1.4 certification also; unfortunately, I couldn't wait for this because of customer requirement for Forms9i, and JInit 1.3 actually seems to run OK in my experience - the smallest machine I've run it on is a PentiumII 350 Mhz with 128 MB RAM and Win98, where I really couldn't spot any difference regarding performance. I have actually tested the JPI 1.4.1 also - and it seems to have kind of the same cerficate problem, which Duncan Mills mentions in his recently released whitepaper - but of course this was only a quick test, since I would never actually deploy the 1.4.x JPI as long as it isn't certified from Oracle - and also I do know from other tests, that there may be some incompatibility issues between Java2 1.3 and 1.4...
  Sorry I couldn't be of more help - but if you ever should deploy JInit 1.3, eventually maybe even Forms9i, I'd be more that happy to share further experiences regarding these matters.
  Regards,
  Jacob

• How to create a Certificate that gets validated by Mozilla

  Hi,
  I've written an application that enables it's user to act as a CA.
  He can create Key-Paris, Certificates, sign Certificates and various other things.
  Among them he is able to export any KeyStore-Entry (i.E. a Key-Pair) to a PKCS#12 file.
  The problem that I am encountering here is, that Mozilla Browsers (i.E. Firefox) won't recognize the importet Certificate as a valid one. It says "The certificate couldn't be verified for unknown reason" (sorry, but I can't provide the exact error message because I use a localized build of firefox).
  What I do in order to reproduce this Problem is basicly this:
  - Create a Key-Pair
  - Create a (self-signed) certificate from the Public-Key
  - Store them as a PrivateKeyEntry in my KeyStore
  - sign the certificate with my self-signed CA-Certificate
  - export my CA-Certificate to Firefox
  - export my PrivateKeyPair to a PKCS#12-File wich I import with Firefox
  Any help would be greatly apreciated.

  (I would have appreciated it if you had pasted the certificate with the line-breaks, as required for PEM format certificates. Nevertheless...)
  Your certificate shows why Mozilla will not recognize the self-signed certificate from keytool as a Root CA: it does not contain the SubjectKeyIdentifier or AuthorityKeyIdentifier extensions in them.
  RFC3280 (http://www.ietf.org/rfc/rfc3280.txt) states the following:
  Conforming CAs MUST support key identifiers (sections 4.2.1.1 and
  4.2.1.2), basic constraints (section 4.2.1.10), key usage (section
  4.2.1.3), and certificate policies (section 4.2.1.5) extensions.Implementors of software that handle digital certificates choose to implement PKIX standards in stages; Mozilla has implemented more PKIX standards than keytool does, so while keytool will recoginize a Mozilla (or other PKIX-compliant) CA certficate, almost no PKIX-conformant certificate-handling software will handle self-signed CA certs issued by keytool.
  I would recommend you download something like EJBCA or OpenCA from sourceforge.net to create your self-signed CA. Ultimately, your CA certificate must look something like this (don't miss the SubjectKeyIdentifier and AuthorityKeyIdentifier extensions):
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number:
              2b:d0:5f:b0:71:64:67:0e
          Signature Algorithm: 1.2.840.113549.1.1.11
          Issuer: CN=StrongKey DEMO Root CA, OU=For StrongKey DEMO Use Only, O=StrongAuth Inc
          Validity
              Not Before: Jul 25 16:02:17 2006 GMT
              Not After : Jul 22 16:12:17 2016 GMT
          Subject: CN=StrongKey DEMO Root CA, OU=For StrongKey DEMO Use Only, O=StrongAuth Inc
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption
              RSA Public Key: (4096 bit)
                  Modulus (4096 bit):
                      00:88:42:9c:c0:40:1f:06:8a:f7:55:93:c5:35:4b:
                      54:38:58:61:9b:04:2b:61:07:44:05:76:42:f9:e8:
                      2d:b9:99:c5:84:16:b1:40:43:5b:06:ca:fc:9b:d4:
                      59:f7:d6:2e:28:78:63:12:09:58:9e:db:a2:91:c2:
                      58:b5:5b:1e:9f:5e:cd:57:bb:83:ec:10:85:45:c3:
                      ee:0e:f7:6a:71:63:95:5f:5c:ce:6c:fd:43:54:bd:
                      af:ef:63:ae:e3:37:18:44:7b:2c:a3:7f:8d:00:04:
                      9a:a4:7e:48:c9:9e:c6:de:65:40:17:f6:3e:58:3b:
                      b1:f2:a9:4b:61:fb:d7:52:b2:c7:7f:22:25:5b:53:
                      c3:0e:22:94:17:21:ce:82:c3:79:cd:96:9f:cd:7e:
                      b2:b5:f4:0a:38:ac:1a:2d:bb:21:66:b5:20:43:3d:
                      94:85:fa:2b:a7:53:88:43:bc:9b:03:d2:5e:4a:dc:
                      d0:90:ac:55:99:54:5c:34:d2:f0:8e:18:ff:ea:12:
                      14:da:7f:77:63:30:d1:75:77:f1:ef:ac:11:3a:48:
                      43:c3:d0:f9:bb:1e:07:f5:6e:da:c9:ab:88:ff:e2:
                      ad:b8:24:e6:b1:3a:88:14:69:0b:41:3e:b0:02:00:
                      61:b3:a0:43:b2:46:3a:b8:37:a8:c3:57:a6:db:71:
                      78:97:04:cf:19:e8:e8:5a:c9:1a:73:77:75:36:5e:
                      19:7b:f6:24:fa:2d:df:19:5c:5c:3d:a3:79:aa:81:
                      55:5b:34:4a:c5:7d:85:e5:d9:ee:5f:74:30:5f:23:
                      63:e9:45:49:5d:d6:ef:95:32:d3:2c:10:08:86:06:
                      be:79:3c:3c:f8:82:b7:37:2c:dd:59:66:96:fe:cf:
                      9a:60:58:23:a1:26:ff:16:f0:c9:55:bf:27:fc:af:
                      de:6a:11:da:9a:c8:65:77:e4:ca:b6:2f:d3:58:ef:
                      93:1b:34:de:3a:81:07:b7:12:b2:61:83:a2:77:fc:
                      f3:53:fc:c2:71:db:d2:97:c5:50:c8:34:e8:4e:54:
                      da:c3:fb:31:79:34:c2:eb:b3:e0:be:38:fc:1e:5c:
                      ca:04:13:83:9e:e3:b0:66:30:33:56:82:d6:dd:c9:
                      94:9d:3b:ca:10:f6:fc:99:05:e2:de:ca:0c:d6:6b:
                      60:a6:f8:29:fc:c4:18:82:ae:38:c2:9f:62:fe:3a:
                      66:da:8c:17:12:a1:24:4c:a3:a6:9b:7b:bb:54:b8:
                      da:ff:e2:81:a7:33:54:0b:17:ee:2a:db:d4:e3:1d:
                      42:23:c1:8b:01:9e:42:8f:da:62:7b:21:9a:1c:b6:
                      9c:f3:28:75:16:11:23:d0:42:65:cc:34:70:9e:f1:
                      04:00:77
                  Exponent: 65537 (0x10001)
          X509v3 extensions:
              X509v3 Basic Constraints: critical
              CA:TRUE
              X509v3 Key Usage: critical
              Digital Signature, Certificate Sign, CRL Sign
              X509v3 Subject Key Identifier:
              82:05:B5:4B:E2:61:B0:C9:7A:6F:0F:D1:CC:A0:C3:62:FB:D2:5A:02
              X509v3 Authority Key Identifier:
              keyid:82:05:B5:4B:E2:61:B0:C9:7A:6F:0F:D1:CC:A0:C3:62:FB:D2:5A:02
              X509v3 Certificate Policies:
              Policy: 1.3.6.4.1.10514.509.1.4
      Signature Algorithm: 1.2.840.113549.1.1.11
          63:94:13:a9:6a:3b:a8:aa:34:e6:2b:0f:20:a9:55:d8:80:e8:
          54:0f:6a:15:b0:76:91:0d:98:a4:75:f9:50:09:2e:cf:30:2e:
          15:bc:21:c2:fe:f0:36:4b:60:7d:bb:b8:76:bd:9d:2b:d8:a5:
          a6:e7:60:83:00:f3:9c:65:f1:f7:b8:16:f7:72:ab:70:d7:c4:
          60:bf:fb:33:1e:67:e6:fa:a1:d0:23:5f:bf:69:fc:25:19:71:
          5a:c1:41:a3:ab:9b:da:09:92:2c:ee:83:c2:de:61:3a:b2:a4:
          c6:18:6d:dd:ef:77:2b:91:40:c5:9c:fb:61:66:f5:2d:4f:20:
          5a:c5:b6:1b:08:4b:a4:18:a7:b4:86:07:e1:c8:c1:a7:e3:8f:
          cf:01:4b:a4:a6:07:b3:65:5f:0a:1d:a1:7d:52:12:c3:43:8b:
          72:16:75:78:0a:b0:39:8a:92:33:4b:0e:ef:a8:c1:33:2e:cc:
          96:fd:a1:b1:2e:0b:1c:68:ff:fa:48:4f:43:60:32:a0:4f:9a:
          c0:29:e3:66:b9:ce:cb:0b:99:67:c0:74:33:4f:9b:e3:db:68:
          b9:ea:c2:67:f0:7a:db:88:93:7b:cf:5f:da:3b:ea:61:88:24:
          e7:82:5e:ce:be:39:c3:de:03:b5:42:3b:b3:50:12:95:25:b9:
          dc:7a:66:95:3b:97:6a:85:06:66:68:84:0f:3d:5b:93:de:2e:
          44:2e:58:97:1b:8b:56:db:7a:27:58:fe:ad:3c:32:4e:09:f9:
          60:2e:c0:3b:b4:80:53:04:41:ae:53:ff:b2:b7:f0:4d:72:9f:
          8b:59:14:7f:cc:42:83:74:3a:08:1c:2a:ab:95:7e:8e:ee:51:
          eb:2a:4c:82:5c:12:17:ec:22:92:93:22:62:55:36:91:6a:d7:
          5b:55:2d:46:e7:d4:30:fd:d5:c4:87:be:ea:a9:2c:fe:ac:5b:
          d7:51:fc:c7:4d:72:6a:f5:3e:40:ef:f7:63:8f:94:8c:95:f4:
          0f:4d:b0:02:31:9a:86:5f:0c:ce:f0:de:18:92:a8:09:3b:f9:
          3f:9b:95:5c:0e:ab:82:22:41:cc:7f:e2:83:d7:2f:cf:bc:1b:
          d7:65:ce:c1:7f:42:8d:5e:36:00:d6:14:42:0b:52:9b:23:46:
          5c:83:bb:ce:b8:e1:ac:43:b5:fb:c9:00:f7:cf:8d:2f:98:b8:
          99:f0:fb:a8:3b:38:df:a5:19:c6:d7:a8:f8:aa:9a:4d:50:4f:
          0a:f7:19:82:16:e0:92:6b:fc:47:a9:b3:c0:09:a4:ac:7b:8f:
          15:aa:60:c6:f3:4f:fa:1d:17:5c:24:bc:5b:3b:3e:8b:28:48:
          3d:26:c5:31:7e:f3:cb:36
  -----BEGIN CERTIFICATE-----
  MIIFvjCCA6agAwIBAgIIK9BfsHFkZw4wDQYJKoZIhvcNAQELBQAwYDEfMB0GA1UE
  AxMWU3Ryb25nS2V5IERFTU8gUm9vdCBDQTEkMCIGA1UECxMbRm9yIFN0cm9uZ0tl
  eSBERU1PIFVzZSBPbmx5MRcwFQYDVQQKEw5TdHJvbmdBdXRoIEluYzAeFw0wNjA3
  MjUxNjAyMTdaFw0xNjA3MjIxNjEyMTdaMGAxHzAdBgNVBAMTFlN0cm9uZ0tleSBE
  RU1PIFJvb3QgQ0ExJDAiBgNVBAsTG0ZvciBTdHJvbmdLZXkgREVNTyBVc2UgT25s
  eTEXMBUGA1UEChMOU3Ryb25nQXV0aCBJbmMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
  DwAwggIKAoICAQCIQpzAQB8GivdVk8U1S1Q4WGGbBCthB0QFdkL56C25mcWEFrFA
  Q1sGyvyb1Fn31i4oeGMSCVie26KRwli1Wx6fXs1Xu4PsEIVFw+4O92pxY5VfXM5s
  /UNUva/vY67jNxhEeyyjf40ABJqkfkjJnsbeZUAX9j5YO7HyqUth+9dSssd/IiVb
  U8MOIpQXIc6Cw3nNlp/NfrK19Ao4rBotuyFmtSBDPZSF+iunU4hDvJsD0l5K3NCQ
  rFWZVFw00vCOGP/qEhTaf3djMNF1d/HvrBE6SEPD0Pm7Hgf1btrJq4j/4q24JOax
  OogUaQtBPrACAGGzoEOyRjq4N6jDV6bbcXiXBM8Z6OhayRpzd3U2Xhl79iT6Ld8Z
  XFw9o3mqgVVbNErFfYXl2e5fdDBfI2PpRUld1u+VMtMsEAiGBr55PDz4grc3LN1Z
  Zpb+z5pgWCOhJv8W8MlVvyf8r95qEdqayGV35Mq2L9NY75MbNN46gQe3ErJhg6J3
  /PNT/MJx29KXxVDINOhOVNrD+zF5NMLrs+C+OPweXMoEE4Oe47BmMDNWgtbdyZSd
  O8oQ9vyZBeLeygzWa2Cm+Cn8xBiCrjjCn2L+OmbajBcSoSRMo6abe7tUuNr/4oGn
  M1QLF+4q29TjHUIjwYsBnkKP2mJ7IZoctpzzKHUWESPQQmXMNHCe8QQAdwIDAQAB
  o3wwejAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU
  ggW1S+JhsMl6bw/RzKDDYvvSWgIwHwYDVR0jBBgwFoAUggW1S+JhsMl6bw/RzKDD
  YvvSWgIwFwYDVR0gBBAwDjAMBgorBgQB0hKDfQEEMA0GCSqGSIb3DQEBCwUAA4IC
  AQBjlBOpajuoqjTmKw8gqVXYgOhUD2oVsHaRDZikdflQCS7PMC4VvCHC/vA2S2B9
  u7h2vZ0r2KWm52CDAPOcZfH3uBb3cqtw18Rgv/szHmfm+qHQI1+/afwlGXFawUGj
  q5vaCZIs7oPC3mE6sqTGGG3d73crkUDFnPthZvUtTyBaxbYbCEukGKe0hgfhyMGn
  44/PAUukpgezZV8KHaF9UhLDQ4tyFnV4CrA5ipIzSw7vqMEzLsyW/aGxLgscaP/6
  SE9DYDKgT5rAKeNmuc7LC5lnwHQzT5vj22i56sJn8HrbiJN7z1/aO+phiCTngl7O
  vjnD3gO1QjuzUBKVJbncemaVO5dqhQZmaIQPPVuT3i5ELliXG4tW23onWP6tPDJO
  CflgLsA7tIBTBEGuU/+yt/BNcp+LWRR/zEKDdDoIHCqrlX6O7lHrKkyCXBIX7CKS
  kyJiVTaRatdbVS1G59Qw/dXEh77qqSz+rFvXUfzHTXJq9T5A7/djj5SMlfQPTbAC
  MZqGXwzO8N4YkqgJO/k/m5VcDquCIkHMf+KD1y/PvBvXZc7Bf0KNXjYA1hRCC1Kb
  I0Zcg7vOuOGsQ7X7yQD3z40vmLiZ8PuoOzjfpRnG16j4qppNUE8K9xmCFuCSa/xH
  qbPACaSse48VqmDG80/6HRdcJLxbOz6LKEg9JsUxfvPLNg==
  -----END CERTIFICATE-----BTW, why are you using a non-standard key-size of 1023 bits?

• Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

  I have a lot of background on this question so bear with me please. :)
  I am tasked with getting our domain from 2003 to 2008 level. In order to do that I brought up a 2008 R2 server into the domain and did dcpromo to get it to "play" with the two other 2003 DCs. All is working pretty well except that I'm getting the auto-enrollment
  error above not because of a configuration error but because before I even came to work here the Root CA machine was taken out of service and disposed of! So the unable to contact is a true error. The machine no longer exists! I'm sure I'll have to re-setup
  a Root CA but wanted some guidance on the path to take on getting from where I am (broke!) to back to healthy!
  thanks in advance,
  Leo

  Hi Vadims,
  I do have exactly the same problem as described above. The Root CA no longer exist and the certificates are about to expire, however I have checked the expiration date of the certificate using certmgr in the AD servers (Three server cluster) and I have found
  different expiring dates for the same certificate as described bellow. 
  Trusted Root Certification Authorities > CONTOSO-CA (exp 17/05/2018)
  Intermediate Certification Authorities > CONTOSO-CA (exp 17/05/2018)
  Active directory User Object > CONTOSO-CA (exp 17/05/2014)
  We currently have an AD cluster conformed by three Windows server 2008 and no currently Certificate Authority role installed on any of them. 
  I also have seen using certmgr that all machines in the company have the certificate CONTOSO-CA in the following way:
  Trusted Root Certification Authorities > CONTOSO-CA (exp 17/05/2018)
  Intermediate Certification Authorities > CONTOSO-CA (exp 17/05/2018)
  Active directory User Object > Not present
  My question is, can I safely decommission the certificate following the procedure stated above (step 6)? what will be the impact of this certificate (Active directory user object) expiring?
  Thanks in advance
  Cesar

• Certificate type in cert profile

  what is the significance of the certificate type in cert profile?
  what will be the effect if i choose cert type as say E31B insetad of E31A?

  Hi,
  In SPRO , Cert types are defined in Quality certificates-> Cert profile -> Define certificate types.
  You can only define the keys and short texts for the certificate types. Ref the help provided by SAP below.
  Define Certificate Types
       In this step, you define the certificate types.
       You only define the keys and short texts for the certificate types. When you define the certificate profiles, you must make sure the certificates conform to the standard type in both form and content.
       You can assign a status profile to each certificate type.
       Recommendation
       o   Note that the table of certificate types is used both in procurement and Sales & Distribution.
       o   Define the certificate types according to the applicable standards.
       Activities
       Determine which certificate types are required in your company for procurement and sales/distribution and define these certificate types in the table.
       Further notes
       Refer to the chapter 'Environment' for information on the general status management function and the status profile.
  Hope this will helps you.
  Regards
  K.M.Arun