Certificates and Signature

Similar Messages

• Certificate Widget, logo and signature options

  Hi there,
  I am using CP7 and inserted a certificate widget. From the options, I selected a logo and a signature file. Once published and played, the logo was incredibly small and the signature was hugely displayed across the top. (see pic)
  I played around with resizing both logo and signature files but this didn't resolve the issue.
  Here are the widget properties.
  Any thoughts?

  Where'd you get the certificate widget from? The provider would likely be the best to answer...
  Otherwise, my only thought is the 'resolution' of the image. What's the DPI for both? '72' is a good general number. If the signature is, say, 300dpi that may be why its so large...

• Config certificate and log issues

  I config certificate and use it to connect ipsec vpn ， I just config    
  jinan-neusoft(config)#ip domain-name neusoft.com
  jinan-neusoft(config)#crypto key generate rsa general-keys
  The name for the keys will be: jinan-neusoft.neusoft.com
  Choose the size of the key modulus in the range of 360 to 4096 for your
    General Purpose Keys. Choosing a key modulus greater than 512 may take
    a few minutes.
  How many bits in the modulus [512]:
  % Generating 512 bit RSA keys, keys will be non-exportable...
  [OK] (elapsed time was 0 seconds)
  jinan-neusoft(config)#
  Nov 16 01:05:44.435:  RSA key size needs to be atleast 768 bits for ssh version 2
  jinan-neusoft(config)#
  Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled
  jinan-neusoft(config)#crypto pki trustpoint CA1
  jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80
  jinan-neusoft(ca-trustpoint)# revocation-check crl
  jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY
  jinan-neusoft(ca-trustpoint)# auto-enrol
  jinan-neusoft(config)#crypto pki authenticate CA1
  Certificate has the following attributes:
         Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
        Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A
  % Do you accept this certificate? [yes/no]: y
  Trustpoint CA certificate accepted.
  then I have log issues like below ，even I config auto-enroll , I don t get  certificate pending information  from my certificate server ，
  my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ，how to deal with it ，top players ， THX~~~~
  Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
  Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
  Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
  Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
  Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
  jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
  Pool: Processor  Free: 731143916  Cause: Interrupt level allocation
  Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
  -Process= "<interrupt level>", ipl= 3
  -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
  Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  jinan-neusoft(config)#
  Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
  Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
  Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
  jinan-neusoft(config)#
  Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
  Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
  Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
  Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
  Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
  jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
  Pool: Processor  Free: 731143916  Cause: Interrupt level allocation
  Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
  -Process= "<interrupt level>", ipl= 3
  -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
  Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  jinan-neusoft(config)#
  Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
  Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
  Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
  jinan-neusoft(config)#
  Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
  jinan-neusoft(config)#

  I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :
  Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
  Processor board ID FCZ163371P3
  6 FastEthernet interfaces
  3 Gigabit Ethernet interfaces
  1 terminal line
  1 Virtual Private Network (VPN) Module
  DRAM configuration is 72 bits wide with parity enabled.
  255K bytes of non-volatile configuration memory.
  250880K bytes of ATA System CompactFlash 0 (Read/Write)
  System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"
  Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
  .Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
  .Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
  7784z
  .Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
  Pool: Processor  Free: 704933204  Cause: Interrupt level allocation
  Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
  -Process= "", ipl= 3
  -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
  B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
  .Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
  .Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
  -Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
  7784z
  .Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
  Pool: Processor  Free: 704933204  Cause: Interrupt level allocation
  Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
  -Process= "", ipl= 3
  -Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
  B9F4z

• Trying to set up encrypted mails but I'm confused about certificates and keys

  Hello all,
  My first foray into encrypted emails and I'm already confused! To begin with, I'm trying to exchange mails with one other person, who I believe uses Outlook. So far:
  He's sent me his certificate (although I thought I would receive his public key) which is a file called smime.p7m. I don't know what to do with this.
  I've successfully followed the instructions at https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages. When I start a new mail, I can either go to the Enigmail menu and switch on encryption / digital signing and it seems fine, or I can go to the dropdown on the S/MIME button and it says "You need to set up one or more personal certificates before you can use this security feature." Are these two different ways of doing the same thing (in which case I'll use the one that works!) or not?
  As you can see, I'm getting confused between keys and certificates! If some kind person could take a minute to explain what my next steps are, that would be much appreciated. I couldn't find anything on the Thunderbird support pages, though I know I need to send him my public key.
  Thanks in advance.
  Stuart.

  Stuart8, good find, that article.
  I found the main disincentive to using the built-in S/MIME capability is that it's not immediately obvious where to get your certificate and keys. Most providers want $$$ for them, which is natural enough if they are actually going to validate you in some way. I did at one time have a Thawte certificate and even enough WOT vouches to be a low-grade WOT Attorney.
  Once you have your key, it's a bit of a pfaff to install it into Thunderbird. You'll probably find that S/MIME is the default in business correspondence, since many businesses operate their own mail servers, ftp servers and so on and probably have an arrangement to generate self-issued certificates or to buy them on a commercial basis from a CA.
  Enigmail/OpenPGP doesn't require any financial outlay on your part, but is harder to get your keys properly validated since there's not much of a formal WOT nor a reliable central registry. You generate your own keys and it's pretty much all based on mutual trust.
  Since the two systems are incompatible, you need to have set up the same as whatever your correspondent is using.
  I suspect that you have discovered that it's a two-way process. In order for a correspondent to send you an encrypted message, you must both be using the same system, and he must have your public key to encrypt his message, and you'll need his in order to reply with encryption. So yes, he needs to send you his public key for you to send to him, but what he sends to you needs YOUR public key.
  Obviously, signing messages is a useful halfway house. I believe that you sign with your private key, and the recipient will have to download your public key to validate your signature. Whilst a signature doesn't safeguard your privacy, it goes some way to proving that the message came from who it says it came from and that it hasn't been altered in transit. (I really can't understand why banks, lawyers, insurance companies haven't picked up on these encryption and signing schemes. Perhaps they actually prefer all those awful phone calls where you need to struggle to recall supposedly unforgettable names and dates! ;-) )
  In practice, I find that if you sign a message to an outfit who don't know what to do with it, their numpty anti-virus system will probably barf on the signature which it thinks is executable code and therefore must be a virus or worm. :-(

• Upgraded to Acrobat X and signature field stop working

  Upgraded to Acrobat X and IntegriSign signature field stop working.  When I open the pdf and click on the signature field I get a "This plug-in is intended for validating signatures signed using earlier versions of Acrobat.  To sign using this version of Acrobat, use "IntegriSign for Acrobat 9.0 and later" handler.
  Under Perferences in Acrobat, 9.0 and later is checked.
  In LiveCycle Designer - IntegriSign  is indicated for Signature handler.
  Can't figure out how to solve this.   I have uninstalled, reset IntegriSign and Adobe settings a trillion times!
  Please help!

  I tried these steps several times.  Kinda long:
  Here are the steps to setup ePad signatures with Adobe Acrobat 9 and later:
  >
  > You will need to create a self signed certificate (id) and have IntegriSign select this to be used with Acrobat. Here are the instructions:
  >
  > 1. In Adobe Acrobat choose Advanced > Security Settings.
  >
  > 2. Select Digital IDs on the left, and then click the Add ID button.
  >
  > 3. Select Create a Self-Signed Digital ID for Use with Acrobat, and click Next.
  >
  > 4. Specify Windows Certificate Store, to store the digital ID, and click next.
  >
  > 5. Type your name, email address, and other personal information for your digital ID. When you certify or sign a document, the name appears in the Signatures panel and in the signature field.
  >
  > If the computer is for public signing, you can replace your name with the name of the PC. It is not practical to have a digital id for every person that signs. IntegriSign will still ask for the signers name and signature.
  >
  > 6. Go to Windows start => all programs => IntegriSignDesktop => Desktop => Desktop Configuration => Select button (under certificate selection in the lower right of the window). At this time, you should see the digital id you just created.
  >
  > 7. Choose the certificate you just created, and click the OK button.
  >
  > 8. Go to Adobe Acrobat ->Edit -> Preferences -> Security, click on the Advanced button and make sure IntegriSign for acrobat 9 and later is selected as the default in the Creation. Also make sure the Verification is set to default method and the method is IntegriSign for Acrobat 9 and later.
  >
  > If IntegriSign is not an option then go under Edit/Preferences-->General (not Security) find the "Application Startup" checkbox 'Use only certified plug-in' CHECKED. Uncheck the box and repeat the first procedure.
  >
  > 9. Now, open a PDF file, and perform the signature using ePad, and should be able to sign.

• I can't remember the password I set up for Certificate-based signatures. How do I request this password?

  I can't remember the password I set up for Certificate-based signatures. How do I request this password?

  The password is yours to keep and remember. Adobe do not have any backdoor to get it back -- because if there were a backdoor, hackers would use it.

• Unable to retrieve public key and signature.

  Hi,
  I'am trying to send public key and signature from one client to another via server.
  Both pub_key and signature are encrypted into base64. But i cant retrieve them correctly in server side.
  I'am using ECDSA to sign message key_length 224bit. Sending and retrieving data via sockets.
  SEND DATA FUNCTION Client.java
  private static PrintWriter      output_stream = null;
  private static Scanner      input_stream           = null;
  private static void send_message(String message)
       if(user_name != null
            && message_text_area.getText().equals(SERVER_CLOSED) == false
            && message_text_area.getText().equals(SERVER_CONNECTED) == false
            && message_text_area.getText().equals(MAX_USERS_ONLINE) == false
            && message_text_area.getText().equals(CONNECTION_CLOSED) == false
            && message_text_area.getText().equals(GET_USER) == false
            && message_text_area.getText().equals(REMOVE_USER) == false
            && message_text_area.getText().equals(USER_EXISTS) == false
            && message_text_area.getText().equals(USER_NICK) == false){   
           String signature = new BASE64Encoder().encode(ecdsa_parameters.sign_message(SESSION_KEY_PAIR.getPrivate(), message_text_area.getText().trim()));
           String public_key = new BASE64Encoder().encode(SESSION_KEY_PAIR.getPublic().getEncoded());
           if (signature != null && SESSION_KEY_PAIR != null){
            synchronized(output_stream)
                output_stream.println(USER_NICK);
                output_stream.println(user_name);
                output_stream.println(user_nick);
                output_stream.println(message_text_area.getText().trim());
                      //PUblic key and signature in base64
                      output_stream.println(public_key);     
                output_stream.println(signature);
                  //length and data of them
            System.out.println(public_key.length());
            System.out.println(signature.length());          
            System.out.println(public_key);
            System.out.println(signature);
            append_message(user_nick+": "+message_text_area.getText().trim());
            message_text_area.setText(null);
           }else{
            append_message("E_C_002: Unable to generate keys or signature.");
       }else{
           append_message("User is not selected or incorrect message");
      }HANDLER.JAVA (SERVER SIDE RETRIEVE)
  private Scanner           input_data           = null;
  private PrintStream      output_data           = null;
  if(recieved_data.equals(USER_NICK)){
                 String user_name = input_data.nextLine();
                 String user_nick = input_data.nextLine();
                 String message = input_data.nextLine();
                 String public_key = "";
                 for (int i=0; i<5; i++){
                     if(i == 0){
                      public_key = public_key+""+input_data.next();
                     }else{
                      public_key = public_key+"\n"+input_data.next();
                 String signature = "";
                 for (int i=0; i<2; i++){
                     if(i == 0){
                      signature = signature+""+input_data.next();
                     }else{
                      signature = signature+"\n"+input_data.next();
                          //output length and data of key and signature
                 System.out.println(public_key.length());
                 System.out.println(signature.length());
                 System.out.println(public_key);
                 System.out.println(signature);
                 Server.users_messages.addElement(user_name+""+SEPARATOR+""+user_nick+""+SEPARATOR+""+message+""+SEPARATOR+""+public_key+""+SEPARATOR+""+signature);               
            }It seems that length of key and signature in server side are different form client.
  Maybe I'am missing something that correspond sending data in base64????
  All project is here http://fmf.vtu.lt/~knugmanov/Elliptic%20curve%20cryptography%20instant%20messenger.rar
  (import into eclypse).
  For ECC I use iaik classes.
  Thanks in adv.
  Kiril

  here is a code from
  http://www.exampledepot.com/egs/java.security/GetKeyFromKs.html
  This example retrieves from a keystore, the private and public key associated with an alias.
  private and public key are having the same alias ?
  i know a alias for my key but i believe thats for private key not for public key ......is it true that both private and public key have the same alias ?
  and KeyPair is an interface and so its difficult to get a key out of it
  public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {
          try {
              // Get private key
              Key key = keystore.getKey(alias, password);
              if (key instanceof PrivateKey) {
                  // Get certificate of public key
                  java.security.cert.Certificate cert = keystore.getCertificate(alias);
                  // Get public key
                  PublicKey publicKey = cert.getPublicKey();
                  // Return a key pair
                  return new KeyPair(publicKey, (PrivateKey)key);
          } catch (UnrecoverableKeyException e) {
          } catch (NoSuchAlgorithmException e) {
          } catch (KeyStoreException e) {
          return null;
      }Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen

• PKI, certificate and keychain.app experts needed!

  Hi all!
  I have the following problem. To verify e-mails signed (qualified in the sense of german signature-laws) the highest german CA-certificate is needed. So I imported this CA-Root-Cerificate into the x.509 keychain in keychain.app. There it is 1) not recognized as a CA-Root-Certificate and 2) it can't be verified.
  Some research discovered that the main difference between this cert and all the other pre-intsalled certs is that it uses the RIPEMD-160 hash-algorithm and not SHA1.
  My question is: Can anybody confirm that RIPEMD-160 is not supported in Mac OS X or does anbody have an idea what is going wrong.
  If anybody needs the german root-ca-cert I can e-mail it!
  Thanks for any help in advance!
  Tom
    Mac OS X (10.4.8)  

  The following are up to date and seem to be connected to the keyboard buffer in some way:  (I had airdisplay, but that is no longer on the drive - I think ML kicked it off the disk when I installed ML).
  TextExpander
  Keyboard Maestro
  Clipboard History
  I've closed them down.  The problem continues.
  I also use Path Finder in which the sticky problem occurs.  If I force quit it once the problem begins, that fixes it, but if I then try dragging in just Finder, the problem returns.  So it's both in Finder and Path Finder that the issue occurs.  I've even relaunched Finder, but that doesn't fix the problem when it has begun.  I also discovered that any kind of drag causes the problem now - every time.  For example, in some app that displayed a table, if I try widening a column by draging the column heading left or right, then the widening/shrinking continues when I let go of the left mouse hold and then just move the mouse, even if it's off the app's window.

• Intermediate CA certificate and the Root CA certificate

  HI
  What are Intermediate CA certificate and the Root CA certificate ??
  What is the difference between these two types of certificates ??
  What are all the other alternative names that are used with these names ??
  thanks
  kumar

  Hi,
  An intermediate certificate is the certificate, or certificates, that go between your site (server) certificate and a root certificate.
  The intermediate certificate, or certificates, completes the chain to a root certificate trusted by the browser.
  Using an intermediate certificate means that you must complete an additional step in the installation process to enable your site certificate to be chained to the trusted root, and not show errors in the browser when someone visits your web site.
  Refer
  https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=1&pcid=0&nav=0
  The advantages of using intermediate certificates u2013 Sometimes referred to as u2018chainingu2019
  http://www.whichssl.com/intermediate_certificates2.html
  Root certificate
  The root certificate is usually made trustworthy by some mechanism other than a certificate, such as by secure physical distribution. For example, some of the most well-known root certificates are distributed in the Internet browsers by their manufacturers.
  a root certificate is either an unsigned public key certificate or a self-signed certificate that identifies the Root Certificate Authority (CA). A root certificate is part of a public key infrastructure scheme. The most common commercial variety is based on the ITU-T X.509 standard, which normally includes a digital signature from a certificate authority (CA).
  http://support.microsoft.com/kb/887413
  Thanks
  swarup

• Why SharePoint 2013 Hybrid need SAN certificates and what SAN needs ?

  I've read this article of technet, but I couldn't undarstand requied values of SubjectAltname.
  https://technet.microsoft.com/en-us/library/b291ea58-cfda-48ec-92d7-5180cb7e9469(v=office.15)#AboutSecureChannel
  For example, if I build following servers, what SAN needs ?
  It is happy to also tell me why.
  [ServerNames]
   AD DS Server:DS01
   AD FS Server:FS01
   Web Application Proxy Server:PRX01
   SharePoint Server(WFE):WFE01
   SharePoint Server(APL):APL01
   SQL Server:DB01
  [AD DS Domain Name]
   contoso.local
   (Please be assumed that above all servers join this domain)
  [Site collection strategy]
   using a host-named site collection
  [Primary web application URL]
   https://sps.contoso.com
  Thanks.

  Hi,
  From your description, my understanding is that you have some doubts about SAN.
  If you have a SAN, you can leverage it to make SharePoint
  a little easier to manage and to tweak SharePoint's performance. From a management standpoint, SANs make it easy to adjust the size and number of SharePoint's hard disks. What you could refer to this blog:
  http://windowsitpro.com/sharepoint/best-practices-implementing-sharepoint-san. You could find what SAN needs from part “Some
  SAN Basics” in this blog.
  These articles may help you understand SAN:
  https://social.technet.microsoft.com/Forums/office/en-US/ea4791f6-7ec6-4625-a685-53570ea7c126/moving-sharepoint-2010-database-files-to-san-storage?forum=sharepointadminprevious
  http://blogs.technet.com/b/saantil/archive/2013/02/12/san-certificates-and-sharepoint.aspx
  http://sp-vinod.blogspot.com/2013/03/using-wildcard-certificate-for.html
  Best Regard
  Vincent Han
  TechNet Community Support

• How do I migrate settings and signature from one computer to another??

  I have a new computer. I have installed Adobe X Pro on the new machine, and now I woudl like ot move my preferences and signatures over. What do I need to copy from one machine to the other???

  You don't copy signatures, you'd copy digital ID files. The self-signed digital IDs that you create with Acrobat are saved as .pfx files (Win) or .p12 files (Mac). You can get the folder they're stored in via the Security Settings dialog in Acrobat:
  More info: http://help.adobe.com/en_US/acrobat/X/pro/using/WS11dd809af63f0e1e-43e0464b12b4384d3b6-800 0.html#WSe02e12b45a94f4a2-537cbc1612fe1252143-8000

• Multiple additional SIP domains - certificate and DNS requirements

  We've setup Lync 2010 Enterprise in our organisation and have successfully enabled a couple of thousand users.
  This is working successfully internally, externally and through Lync Mobile.
  However, we've only enabled users who are using the main company domain for SMTP and SIP addresses aaaaa_group.com (so all nice and easy so far!)
  In other words, user A has a primary SMTP and SIP address of
  UserA@aaaaa_group.com
  However, due to numerous mergers and acquisitions over the years, we have quite a lot of users who have other primary SMTP addresses e.g. bbbbb_co.uk, ccccc_company.com, ddddd_ltd.co.uk, de.ccccc_company.com etc etc
  There must be in excess of 40 to 50
  of these other domains in use as primary SMTP addresses.
  (Nearly all
  these users have secondary SMTP addresses of aaaaa_group.com).
  I have been told to approach this from a best practices point of view and give all users a SIP address that matches their primary SMTP address and calculate how much it will cost to buy certificates to cover enabling every user for Lync on all these domains.
  I know from reading that wilcard certificates are considered to be a bad thing generally with Lync, especially if using Lync Mobility as the phone Lync clients don't accept them. 
  Wilcard certificates aside, what are the names that will I need to add to my SAN certificates?  Presumably sip.domain.com, access.domain.com, meet.domain.com, dialin.domain.com, edge.domain.com, autodiscover.domain.com, lyncdiscover.domain.com
  The potential cost of all these names is frankly getting pretty scary considering we currently use Verisign for all our cert requirements, and they charge like a wounded bull.  However, I still need to report back with a cost of doing this, no matter
  what it is.
  Any thoughts/comments would be very welcome. :-)

  Actually the Mobility clients for mobile devices (cell phones, tablets) DO support wildcard entries in the certificates, it's the Lync Phone Edition client (desktop handset devices) which does not work with wildcards.  So you may be able to use wildcards,
  but do plenty of research on how to approach this.  Here are some articles to get started:
  http://blog.schertz.name/2011/02/wildcard-certificates-in-lync-server/
  http://blog.schertz.name/2011/02/lync-phone-edition-incompatible-wildcard-certificates/
  That said, if you decide to skip the wildcard approach then you do NOT need to add additional entries for ALL FQDN types, only some.
  For both the Edge Server external certificate and any internal Front End certificate you'll need to add the 'sip' FQDN for every domain to the SAN field.
  sip.domain1.com, sip.domain2.com, sip.domain3.com, etc
  The Front End certificate will also need the lyncdiscover and lyncdiscoverinternal
  FQDNs, and the Reverse Proxy certificate will require the lyncdiscover
  FQDNs.
  For Exchange Server you'll need to an autodiscover.domainX.com record as well, although this can also be covered by the wildcard entry.  The remainder of names (web conferencing, external web services, dialin, meet, etc.) can all remain in the primary
  SIP domain only as these FQDNs will be passed in-band to the clients after they have successfully signed-in to Lync.  Unless you need users to all user their own domain names for the SimpleURLs (which it doesn't not sound like in your scenario) then you'd
  have to add all those as well.
  So if you are not supporting any Lync Phone Edition devices I would try going with the wildcard route first to see how well things work.  And even if you do have some of those devices you could simply add the 40-50
  sip.domain.com FQDNs to both the FE and Edge certificate but still use a wildcard entry for the mobility clients, SimpleURls, etc.  Just make sure that the certificates Common Name (e.g. Subject Name) is NOT the wildcard entry, use the primary
  domain name entry in the CN and then place the wildcard entries in the SAN field.  It is also best practice to duplicate the CN as a SAN field entry for the widest range of support by all clients.
  For example:
  Edge Server external certificate
  Common Name: sip.domain1.com
  Subject Alternative Name: sip.domain1.com, *.domain1.com, *.domain2.com, *.domain3.com, *.domain4.com,
  etc...
  Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

• Since the most recent Firefox update 3.6.8 by banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you g

  Since the most recent Firefox update 3.6.8 my banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you give me some idea why it is doing this?
  == This happened ==
  Every time Firefox opened
  == Right after the new Firefox update

  Hello Anne.
  Can you please try it in a new (temporary) Firefox profile and see if the issue is still present? See [http://support.mozilla.com/en-US/kb/Managing+profiles this article] to know how to create a new Firefox profile. Please report back the results.

• Body and Signature not getting in reciever mail adapter

  Hi Friends,
  My requirement is the reciever mail adapter having the Attachment and Body and signature.
  Here i am getting Attachment only. I am not getting Body( example: the ftp successfully genrated this file abbc_12/03/2014.txt) and Signature.
  Signature  like
  Thanks
  company name.
  Thanks
  Bhanu

  Hi Galla,
  I have some doubts about your scenario, Is your scenario FTP to MAIL?,  do you want to send the file as attachment or you want the file content as mail body or where the body is taken? where is the signature, inside the file?
  Meantime, you can check these documents about file-mail scenario:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a0a27c01-26b0-2c10-bd8a-94498efa7ff6?quicklink=index&overridelayout=true
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/5083371b-5bd2-2e10-3f8b-ad877d24c9ce?QuickLink=index&overridelayout=true&52475910426407
  Regards.

• ISE EAP-Chaining with machine, certificate and domain credentials

  Good morning,
  A customer wants to do the following for their corporate wireless users (all clients will be customer assets):
  Corp. wireless to authenticate with 2-factor authentication:
  •1. Certificate
  •2. Machine auth thru AD
  •3. Domain creds
  When client authenticates, they want to match on 2 out of the 3 conditions before allowing access.
  Clients are Windows laptops and corporate iPhones.
  Certs can be issued thru GPO and MDM for iPhones
  Client supplicant on laptops is native Windows - which I understand is a compatibility issue from this thread: https://supportforums.cisco.com/thread/2185627
  My first question is: can this be done?
  Second question: how would i implement this from an AuthC/AuthZ perspective?
  Thanks in advance,
  Andrew

  You can do this configuring anyconnect with NAM modules on endpoints! But I don't make sense configure some clients with certificate and others with domains credentials...
  For your information, I'm actually configuring EAP-Chaining on ISE 1.2 and i'm gotting some problems. The first one I got with windows 8, for some reason windows was sending wrong information about the machine password but I solved the problem installing a KB on windows 8 machines (http://support.microsoft.com/kb/2743127/en-us). The second one I got with windows 7 that are sending information correctly about domain but wrong information about user credentials, on ISE logs I can see that windows 7 are sending user "anonymous" + machine name on the first longin... after windows 7 start if I remove the cable and connect again the authentication and authorization happen correctly. I still invastigate the root cause and if there is a KB to solve the problem as I did with windows 8.
  Good luck and keep in touch.
  http://support.microsoft.com/kb/2743127/en-us