Certificates and faxes

I have been unable to connect to my works web site with the cert. that I entered. Apple support and Enterprise say that Safari does not support it. So, does any one know how I can recieve a fax on my 3G phone?

Hi,
For the external user, we need to get trusted certificate for Exchange services and mailbox access. As MAS says, we can directly buy a third-party certificate for using.
Alternatively, we can also deploy an
Enterprise root CA which self-signs its own CA certificate and uses Group Policy to publish that certificate to the Trusted Root Certification Authorities store of all servers and workstations in the domain. About how to install a
Root Certification Authority, please refer to:
http://technet.microsoft.com/en-us/library/cc731183.aspx
Regards,
Winnie Liang
TechNet Community Support

Similar Messages

  • Payment Advice Issue- Print and fax at the same time

    Hi,
    Currently payment advices are being sent to business partners (vendors) thorugh fax/email.   This is because process module Z_SAMPLE_PROCESS_00002040 is active in the system.  
    What I want to do is to be able to also print the payment advices even if vendor has communication data in the master data.  Program RFFoEDI1 is used with a custom form.   IDOCS are sent correctly to bank and remittance advices are faxed to vendor successfully.   With business wanting hard copies of remittance advices, when I try to reprint after first payment run is done and faxes sent running RFFOEDI1 and the payment document number, system says no records selected.   I searched in OSS and all the notes related to this issue are already in our system. 
    I have tried hard to solve this but no luck even I have done this before with other print programs but no RFFOEDI1.  One option is to remove the fax/email addresses from vendor which allows me to print but client does not want to remove fax numbers from vendor master. 
    Any suggestions will be appreciated.
    Dam

    Look into BTE 2050, through which you could possibly e-mail an additional copy to a generic company e-mail as back up electronic filing of RA. And then you can print it if need to print them on Adhoc basis
    Ron

  • Email and fax a form

    Hi ,
           how can we send a form output as email and fax ? How to do the config for this? Can you explain the process to be done?
    Rama.

    Hi,
    See following code :
    REPORT zmail_att NO STANDARD PAGE HEADING LINE-SIZE 200.
    DATA : BEGIN OF ITAB OCCURS 0,
    PERNR LIKE PA0001-PERNR,
    ENAME LIKE PA0001-ENAME,
    END OF ITAB.
    DATA: message_content LIKE soli OCCURS 10 WITH HEADER LINE,
    receiver_list LIKE soos1 OCCURS 5 WITH HEADER LINE,
    packing_list LIKE soxpl OCCURS 2 WITH HEADER LINE,
    listobject LIKE abaplist OCCURS 10,
    compressed_attachment LIKE soli OCCURS 100 WITH HEADER LINE,
    w_object_hd_change LIKE sood1,
    compressed_size LIKE sy-index.
    START-OF-SELECTION.
    SELECT PERNR ENAME
    INTO CORRESPONDING FIELDS OF TABLE ITAB
    FROM PA0001
    WHERE PERNR < 50.
    LOOP AT ITAB.
    WRITE :/02 SY-VLINE , ITAB-PERNR, 15 SY-VLINE , ITAB-ENAME, 50
    SY-VLINE.
    ENDLOOP.
    Receivers
    receiver_list-recextnam = 'XXXXX@X...'. --> EMAIL ADDRESS
    RECEIVER_list-RECESC = 'E'. "<-
    RECEIVER_list-SNDART = 'INT'."<-
    RECEIVER_list-SNDPRI = '1'."<-
    APPEND receiver_list.
    General data
    w_object_hd_change-objla = sy-langu.
    w_object_hd_change-objnam = 'Object name'.
    w_object_hd_change-objsns = 'P'.
    Mail subject
    w_object_hd_change-objdes = 'Message subject'.
    Mail body
    APPEND 'Message content' TO message_content.
    Attachment
    CALL FUNCTION 'SAVE_LIST'
    EXPORTING
    list_index = '0'
    TABLES
    listobject = listobject.
    CALL FUNCTION 'TABLE_COMPRESS'
    IMPORTING
    compressed_size = compressed_size
    TABLES
    in = listobject
    out = compressed_attachment.
    DESCRIBE TABLE compressed_attachment.
    CLEAR packing_list.
    packing_list-transf_bin = 'X'.
    packing_list-head_start = 0.
    packing_list-head_num = 0.
    packing_list-body_start = 1.
    packing_list-body_num = sy-tfill.
    packing_list-objtp = 'ALI'.
    packing_list-objnam = 'Object name'.
    packing_list-objdes = 'Attachment description'.
    packing_list-objlen = compressed_size.
    APPEND packing_list.
    CALL FUNCTION 'SO_OBJECT_SEND'
    EXPORTING
    object_hd_change = w_object_hd_change
    object_type = 'RAW'
    owner = sy-uname
    TABLES
    objcont = message_content
    receivers = receiver_list
    packing_list = packing_list
    att_cont = compressed_attachment.
    Reward points if helpful.
    Regards.
    Srikanta Gope

  • How can I quickly view pdf files like I can do with Windows Picture and Fax viewer for jpg files?

    How can I quickly view pdf files like I can do with Windows Picture and Fax viewer for jpg files? I need to look at several thousand PDF files. It takes too long to open each one individually. The only thing I could think of is combining them into large groups and then using the Navigation index. But I like the way windows Picture and Fax Viewer does it because you can keep the files separate. Combining PDFs causes loss of individual file names. That would be a problem since I do need to have the individual file names.

    Windows Picture and Fax Viewer is a DLL and is started via a rundll32.exe call and can't be set as an application to handle images in Firefox 3 and later versions.
    Try to set Windows Picture and Fax Viewer as the default viewer in Windows, then it should be listed automatically in the Mozilla Firefox Browse dialog.
    *http://www.winhelponline.com/articles/115/1/Windows-Picture-and-Fax-Viewer-as-the-default-viewer-in-Mozilla-Firefox.html
    '''If this reply solves your problem, please click "Solved It" next to this reply when <u>signed-in</u> to the forum.'''

  • Why SharePoint 2013 Hybrid need SAN certificates and what SAN needs ?

    I've read this article of technet, but I couldn't undarstand requied values of SubjectAltname.
    https://technet.microsoft.com/en-us/library/b291ea58-cfda-48ec-92d7-5180cb7e9469(v=office.15)#AboutSecureChannel
    For example, if I build following servers, what SAN needs ?
    It is happy to also tell me why.
    [ServerNames]
     AD DS Server:DS01
     AD FS Server:FS01
     Web Application Proxy Server:PRX01
     SharePoint Server(WFE):WFE01
     SharePoint Server(APL):APL01
     SQL Server:DB01
    [AD DS Domain Name]
     contoso.local
     (Please be assumed that above all servers join this domain)
    [Site collection strategy]
     using a host-named site collection
    [Primary web application URL]
     https://sps.contoso.com
    Thanks.

    Hi,
    From your description, my understanding is that you have some doubts about SAN.
    If you have a SAN, you can leverage it to make SharePoint
    a little easier to manage and to tweak SharePoint's performance. From a management standpoint, SANs make it easy to adjust the size and number of SharePoint's hard disks. What you could refer to this blog:
    http://windowsitpro.com/sharepoint/best-practices-implementing-sharepoint-san. You could find what SAN needs from part “Some
    SAN Basics” in this blog.
    These articles may help you understand SAN:
    https://social.technet.microsoft.com/Forums/office/en-US/ea4791f6-7ec6-4625-a685-53570ea7c126/moving-sharepoint-2010-database-files-to-san-storage?forum=sharepointadminprevious
    http://blogs.technet.com/b/saantil/archive/2013/02/12/san-certificates-and-sharepoint.aspx
    http://sp-vinod.blogspot.com/2013/03/using-wildcard-certificate-for.html
    Best Regard
    Vincent Han
    TechNet Community Support

  • Multiple additional SIP domains - certificate and DNS requirements

    We've setup Lync 2010 Enterprise in our organisation and have successfully enabled a couple of thousand users.
    This is working successfully internally, externally and through Lync Mobile.
    However, we've only enabled users who are using the main company domain for SMTP and SIP addresses aaaaa_group.com (so all nice and easy so far!)
    In other words, user A has a primary SMTP and SIP address of
    UserA@aaaaa_group.com
    However, due to numerous mergers and acquisitions over the years, we have quite a lot of users who have other primary SMTP addresses e.g. bbbbb_co.uk, ccccc_company.com, ddddd_ltd.co.uk, de.ccccc_company.com etc etc
    There must be in excess of 40 to 50
    of these other domains in use as primary SMTP addresses.
    (Nearly all
    these users have secondary SMTP addresses of aaaaa_group.com).
    I have been told to approach this from a best practices point of view and give all users a SIP address that matches their primary SMTP address and calculate how much it will cost to buy certificates to cover enabling every user for Lync on all these domains.
    I know from reading that wilcard certificates are considered to be a bad thing generally with Lync, especially if using Lync Mobility as the phone Lync clients don't accept them. 
    Wilcard certificates aside, what are the names that will I need to add to my SAN certificates?  Presumably sip.domain.com, access.domain.com, meet.domain.com, dialin.domain.com, edge.domain.com, autodiscover.domain.com, lyncdiscover.domain.com
    The potential cost of all these names is frankly getting pretty scary considering we currently use Verisign for all our cert requirements, and they charge like a wounded bull.  However, I still need to report back with a cost of doing this, no matter
    what it is.
    Any thoughts/comments would be very welcome. :-)

    Actually the Mobility clients for mobile devices (cell phones, tablets) DO support wildcard entries in the certificates, it's the Lync Phone Edition client (desktop handset devices) which does not work with wildcards.  So you may be able to use wildcards,
    but do plenty of research on how to approach this.  Here are some articles to get started:
    http://blog.schertz.name/2011/02/wildcard-certificates-in-lync-server/
    http://blog.schertz.name/2011/02/lync-phone-edition-incompatible-wildcard-certificates/
    That said, if you decide to skip the wildcard approach then you do NOT need to add additional entries for ALL FQDN types, only some.
    For both the Edge Server external certificate and any internal Front End certificate you'll need to add the 'sip' FQDN for every domain to the SAN field.
    sip.domain1.com, sip.domain2.com, sip.domain3.com, etc
    The Front End certificate will also need the lyncdiscover and lyncdiscoverinternal
    FQDNs, and the Reverse Proxy certificate will require the lyncdiscover
    FQDNs.
    For Exchange Server you'll need to an autodiscover.domainX.com record as well, although this can also be covered by the wildcard entry.  The remainder of names (web conferencing, external web services, dialin, meet, etc.) can all remain in the primary
    SIP domain only as these FQDNs will be passed in-band to the clients after they have successfully signed-in to Lync.  Unless you need users to all user their own domain names for the SimpleURLs (which it doesn't not sound like in your scenario) then you'd
    have to add all those as well.
    So if you are not supporting any Lync Phone Edition devices I would try going with the wildcard route first to see how well things work.  And even if you do have some of those devices you could simply add the 40-50
    sip.domain.com FQDNs to both the FE and Edge certificate but still use a wildcard entry for the mobility clients, SimpleURls, etc.  Just make sure that the certificates Common Name (e.g. Subject Name) is NOT the wildcard entry, use the primary
    domain name entry in the CN and then place the wildcard entries in the SAN field.  It is also best practice to duplicate the CN as a SAN field entry for the widest range of support by all clients.
    For example:
    Edge Server external certificate
    Common Name: sip.domain1.com
    Subject Alternative Name: sip.domain1.com, *.domain1.com, *.domain2.com, *.domain3.com, *.domain4.com,
    etc...
    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

  • HP Photosmart scan and fax no longer working

    Has anyone had their hp photosmart scan and fax stop working after installing lion os x? And, if so, what can be done to fix it? Thanks!

    Download and run the HP 2.8 update.
    27" i7 iMac 10.6.8 , Mac OS X (10.7.3), G4 450 MP 1.5 GB RAM w/(10.5.8/10.4.11/9.2.2)

  • Since the most recent Firefox update 3.6.8 by banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you g

    Since the most recent Firefox update 3.6.8 my banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you give me some idea why it is doing this?
    == This happened ==
    Every time Firefox opened
    == Right after the new Firefox update

    Hello Anne.
    Can you please try it in a new (temporary) Firefox profile and see if the issue is still present? See [http://support.mozilla.com/en-US/kb/Managing+profiles this article] to know how to create a new Firefox profile. Please report back the results.

  • Config certificate and log issues

    I config certificate and use it to connect ipsec vpn , I just config    
    jinan-neusoft(config)#ip domain-name neusoft.com
    jinan-neusoft(config)#crypto key generate rsa general-keys
    The name for the keys will be: jinan-neusoft.neusoft.com
    Choose the size of the key modulus in the range of 360 to 4096 for your
      General Purpose Keys. Choosing a key modulus greater than 512 may take
      a few minutes.
    How many bits in the modulus [512]:
    % Generating 512 bit RSA keys, keys will be non-exportable...
    [OK] (elapsed time was 0 seconds)
    jinan-neusoft(config)#
    Nov 16 01:05:44.435:  RSA key size needs to be atleast 768 bits for ssh version 2
    jinan-neusoft(config)#
    Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled
    jinan-neusoft(config)#crypto pki trustpoint CA1
    jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80
    jinan-neusoft(ca-trustpoint)# revocation-check crl
    jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY
    jinan-neusoft(ca-trustpoint)# auto-enrol
    jinan-neusoft(config)#crypto pki authenticate CA1
    Certificate has the following attributes:
           Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
          Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A
    % Do you accept this certificate? [yes/no]: y
    Trustpoint CA certificate accepted.
    then I have log issues like below ,even I config auto-enroll , I don t get  certificate pending information  from my certificate server ,
    my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ,how to deal with it ,top players , THX~~~~
    Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
    Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
    Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
    Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
    Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
    jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
    Pool: Processor  Free: 731143916  Cause: Interrupt level allocation
    Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
    -Process= "<interrupt level>", ipl= 3
    -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
    Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    jinan-neusoft(config)#
    Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
    Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
    Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
    jinan-neusoft(config)#
    Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
    Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
    Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
    Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
    Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
    jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
    Pool: Processor  Free: 731143916  Cause: Interrupt level allocation
    Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
    -Process= "<interrupt level>", ipl= 3
    -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
    Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    jinan-neusoft(config)#
    Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
    Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
    Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
    jinan-neusoft(config)#
    Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
    jinan-neusoft(config)#

    I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :
    Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
    Processor board ID FCZ163371P3
    6 FastEthernet interfaces
    3 Gigabit Ethernet interfaces
    1 terminal line
    1 Virtual Private Network (VPN) Module
    DRAM configuration is 72 bits wide with parity enabled.
    255K bytes of non-volatile configuration memory.
    250880K bytes of ATA System CompactFlash 0 (Read/Write)
    System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"
    Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
    .Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
    .Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
    7784z
    .Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
    Pool: Processor  Free: 704933204  Cause: Interrupt level allocation
    Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
    -Process= "", ipl= 3
    -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
    B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
    .Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
    .Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
    -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
    7784z
    .Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
    Pool: Processor  Free: 704933204  Cause: Interrupt level allocation
    Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
    -Process= "", ipl= 3
    -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
    B9F4z

  • ISE EAP-Chaining with machine, certificate and domain credentials

    Good morning,
    A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
    Corp. wireless to authenticate with 2-factor authentication:
    •1. Certificate
    •2. Machine auth thru AD
    •3. Domain creds
    When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
    Clients are Windows laptops and corporate iPhones.
    Certs can be issued thru GPO and MDM for iPhones
    Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
    My first question is: can this be done?
    Second question: how would i implement this from an AuthC/AuthZ perspective?
    Thanks in advance,
    Andrew

    You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
    For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
    Good luck and keep in touch.
    http://support.microsoft.com/kb/2743127/en-us

  • Trying to set up encrypted mails but I'm confused about certificates and keys

    Hello all,
    My first foray into encrypted emails and I'm already confused! To begin with, I'm trying to exchange mails with one other person, who I believe uses Outlook. So far:
    He's sent me his certificate (although I thought I would receive his public key) which is a file called smime.p7m. I don't know what to do with this.
    I've successfully followed the instructions at https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages. When I start a new mail, I can either go to the Enigmail menu and switch on encryption / digital signing and it seems fine, or I can go to the dropdown on the S/MIME button and it says "You need to set up one or more personal certificates before you can use this security feature." Are these two different ways of doing the same thing (in which case I'll use the one that works!) or not?
    As you can see, I'm getting confused between keys and certificates! If some kind person could take a minute to explain what my next steps are, that would be much appreciated. I couldn't find anything on the Thunderbird support pages, though I know I need to send him my public key.
    Thanks in advance.
    Stuart.

    Stuart8, good find, that article.
    I found the main disincentive to using the built-in S/MIME capability is that it's not immediately obvious where to get your certificate and keys. Most providers want $$$ for them, which is natural enough if they are actually going to validate you in some way. I did at one time have a Thawte certificate and even enough WOT vouches to be a low-grade WOT Attorney.
    Once you have your key, it's a bit of a pfaff to install it into Thunderbird. You'll probably find that S/MIME is the default in business correspondence, since many businesses operate their own mail servers, ftp servers and so on and probably have an arrangement to generate self-issued certificates or to buy them on a commercial basis from a CA.
    Enigmail/OpenPGP doesn't require any financial outlay on your part, but is harder to get your keys properly validated since there's not much of a formal WOT nor a reliable central registry. You generate your own keys and it's pretty much all based on mutual trust.
    Since the two systems are incompatible, you need to have set up the same as whatever your correspondent is using.
    I suspect that you have discovered that it's a two-way process. In order for a correspondent to send you an encrypted message, you must both be using the same system, and he must have your public key to encrypt his message, and you'll need his in order to reply with encryption. So yes, he needs to send you his public key for you to send to him, but what he sends to you needs YOUR public key.
    Obviously, signing messages is a useful halfway house. I believe that you sign with your private key, and the recipient will have to download your public key to validate your signature. Whilst a signature doesn't safeguard your privacy, it goes some way to proving that the message came from who it says it came from and that it hasn't been altered in transit. (I really can't understand why banks, lawyers, insurance companies haven't picked up on these encryption and signing schemes. Perhaps they actually prefer all those awful phone calls where you need to struggle to recall supposedly unforgettable names and dates! ;-) )
    In practice, I find that if you sign a message to an outfit who don't know what to do with it, their numpty anti-virus system will probably barf on the signature which it thinks is executable code and therefore must be a virus or worm. :-(

  • Payment advices not picking accounting clerk phone number and fax number.

    Hi,
       We have executed payment program and payment advices got generated. But in the output it is printing everthing i.e accounting clerk name, vendor number and amount. But it is not filling the accounting clerk phone number and fax number even though we have maintained it in our customized transaction code. Will this values in the payment advices will be picked up from standard t.code OB05, there we don't have option to give these two values.
    Can anyboday help me on this.
    Regards,
    Sree

    goto accunt groups with screen layout,
    after creating the group or existing group, double click on account management, in payment transactions make the required fields are required.
    regards,

  • Maintain the telephone and fax number of vendor in Purchase order document

    Dear Expert,
    Hi, i'm wondering here.. why when I create purchase order , and enter the vendor in vendor field, the telephone and fax field in PO header - address tab is not automatically appears, only the street/ house number , postal code and so forth appear?
    I have checked in vendor master, all the communication info are maintained (telephone, fax, email)
    You can give me any idea about this?
    Thanks
    Pauline

    Hi Nick,
    Do you mean the Purchasing Organisation comms  in the vendor master data ? Yes I have maintained.
    actually the field in vendor master and the field in purchase order have the same name SZA1_D0100-TEL_NUMBER why it is not link to each other?
    Thanks
    Pauline

  • Multifunction Printer/Scanner/FAX machines and FAXing from the desktop.

    I've got a Canon MP530 thanks to an Apple Bundle and after a lot of gyrations, it has come down to be that neither I, Canon, nor Apple can make this unit send or recieve FAXs from the desktop!
    Apple seems to be "stunned" (better word than "clueless") about this lack of functionality. Canon's response is (literally) "Buy a PC."
    I know I can do software that will let me FAX but but that is not an option at this point. I've got four machines who all can plug into the same printer/scanner/unit and there's no reason that this machine shouldn't be able to send a FAX for me.
    So, I'm here posting this message wondering if anyone has purchased an "All-in-one" unit (preferably part of an Apple bundle) that supports printing from the computer, scanning to the computer, and FAXing to and from the computer and that they've actually used (themselves) and seen work.

    Yes absolutely.  I set it up last Fall and have been using it until last week, at whick time I lost wireless connectivity with router for no reason at all.  I can not remember how to do it now and I am looking for the answer myself.
    This link to an online chat on www.hp.com with a tech might help you.
    http://h20180.www2.hp.com/apps/Nav?h_pagetype=s-006&h_lang=en&h_cc=us&h_product=3204781&h_client=S-A...
    I unfortunately upgraded my browser to IE8 last week and the chat support online does not support that browser.  If you get an answer, I would appreciate it if you would post the answer on this thread so that I can re-learn it myself.  Thanks.  Good Luck.

  • When i try to access my hotmail, i always get "view certificate" and i can not get to my email.

    every time i try to get to my hotmail, i get a message "view certificate" and it would not allow me to get to email from hotmail. and if i can sign in rarely, i can not sign out.
    == This happened ==
    Every time Firefox opened
    == i try to sign in to my email

    My fiancee had the same problem with her laptop. Try making sure your time/date are set correctly. Other than that, I'm not sure. It worked for her, hope it works for you! :)

Maybe you are looking for