Doubt on QM Certificate

Hi All,
I have a requirement to modify the QM - Certificate ( COA ).
The layout is so critical to modify the existing script.
So can we use smartform in place of the SAP Script for the certificate.
But the Characteristic assignment of the certificate profile will use the Text Elements in the SAP Script.
Please clarify my doubt.
Thanks

I know that.
But the problem is with the Text Elements assignment at the Characteristic Level.
The headings of the set of characteristics should be displayed according to this Text Elements.
And this text elements will come from the Elements Defined in MAIN window and Starts with 'CHAR_XXXX'. One from these text elements will be assigned to the Characteristic levl.
How to deal with this Text elements if I shifted to Smartforms ?
Thanks.

Similar Messages

Doubt abt Digital Certificates

I have got a server certificate from versign by sending my private key of weblogic.
In the weblogic 6.1 i don't know what to put in the following text box provided.
Server Certificate Client FileName:
(Default while using weblogic certificate will be ca.pem )
can any of u can give what that column is present and how i need to get the file

I have no experience using client certificates, but it should be possible for the application to get a user-identifying token from the request once the certificate is accepted. Isn't that the whole idea? If this is correct it should be easy to build a custom authentication scheme around it. After that, all authorization decisions are based on the identity of the session user.
When you get to the point where you know how to identify the certificate-authenticated user using a PL/SQL API, let us know and we can provide you a custom page sentry function to do the initial session registration and per-page authentication check.
Scott

Need suggestion for ISE distributed deployment model in two different data centers along with public certificate for HTTPS

Hi Experts,
I am bit confused about ISE distributed deployment model .
I have two data centers one is DC & other one is as a DR I have requirement of guest access service implementation using CWA and get public certificate for HTTPS to avoid certificate error on client devices :
how do i deploy ISE persona for HA in this two data centers
After reading cisco doc , understood that we can have two PAN ( Primary in DC & Secondary in DR ) like wise for MnT (Monitoring will be as same as PAN ) however I can have 5 PSN running in secondary i.e. in DR ISE however I have confusion about HA for PSN .. since we have all PSN in secondary , it would not work for HA if it fails
Can anybody suggest me the best deployment solution for this scenario ?
Another doubt about public certificate :
Public Certificate: The ISE domain must be a registered or part of a registered domain name on the Internet. for that I need Domain name being used from customer .
Please do correct me if I am wrong about certificate understanding :
since Guest will be the outside users , we can not use certificate from internal CA , we need to get the certificate from service provider and install the same in both the ISE servers
Can anybody explain the procedure to opt the public certificate for HTTPS from service provider ? And how do i install it in both the ISE servers ?

Hi there. Let me try answering your questions:
PSN HA: The PSNs are not configured as "primary" or "secondary" inside your ISE deployment. They are just PSN nodes as far as ISE is concerned. Instead, inside your NADs (In your case WLCs) you can specify which PSN is primary, which one is secondary, etc. You can accomplish this by:
1. Defining all PSN nodes as AAA radius servers inside the WLC
2. Then under the SSID > AAA Servers Tab, you can list the AAA servers in the order that you prefer. As a result, the WLC will always use the first server listed until that server fails/gets reloaded, etc.
3. As a result, you can have one WLC or SSID prefer PSN server A (located in primary DC) while a second WLC or SSID prefer PSN server B (located in backup DC)
Last but not the least, you could also place PSNs behind a load balancer and that way the traffic would be equally distributed between multiple PSNs. However, the PSN nodes must be Layer 2 adjacent, which is probably not the case if they are located in two different Data Centers
Certificates: Yes, you would want to get a public certificate to service the guest portal. Getting a public/well known certificate would ensure that most devices out there would trust the CA that signed your ISE certificate. For instance, VeriSign, GoDaddy, Entrust are some of the ones out there that would work just fine. On the other hand, if you use a certificate that was signed by your internal CA, then things would be fine for your internal endpoints that trust your internal CA but for any outsiders (Guests, contractors, etc) that do not trust and do not know who your internal CA is would get a certificate error when being redirected to the ISE guest portal. This in general is only a "cosmetic" issue and if the users click "continue" and add your CA as a trusted authority, the guest page would load and the session would work. However, most users out there would not feel safe to proceed and you will most likely get a lot of calls to your helpdesk :)
I hope this helps!
Thank you for rating helpful posts!

TDS certificate No

Hi
I have one doubt with TDS certificate no, After executing the TDS cert with J1INCERT transaction, we can go with print preview or print option.
if we select directly with print option, it will generate the TDS cert no..
But if we go with print option directly , we can't see the certificate in our system,instead of this it will give print directly, such a case system is giving message "Values updated successfully for certificates printed" then if i go and check with TDS cert no range interval, its taking the number also and current no was also updated.
But my doubt is,
is system can print the TDS no in TDS certificate while giving the print?
Please suggest me.
Regards,
manu

Hi,
when u r using t.code: J1INCERT, first we should verify the certificate to be printed in print preview option. If we feel all the details are coming properly, then we need to click on print, then only TDS certificate will generated with number automatically(subject if we maintain certificate number in configuration)
let me know any additional information required
all the best
prasad

Another Question about Certificate-based Authentication

Hello,
I was successful in PDC-based authentication, but have the
requirement to further improve this.
For this, I have to use the "Match Certificate in LDAP"-feature.
I have modified a user to include a "userCertificate"-attribute,
and pointed the parameters to access to the directory server.
Until now, I had no success.
In the Logfile "amAuth"-Logfile I can see this message:
<------------------>8-------------------->8------------------------>
com.sun.identity.authentication.spi.AuthLoginException: Error in locating registered certificate
<------------------>8-------------------->8------------------------>
In the Directory Server log, I can only see a successful bind-request,
but, interestingly, no search:
<------------------>8-------------------->8------------------------>
[28/Sep/2004:10:47:17 +0200] conn=3352 op=-1 msgId=-1 - fd=109 slot=109 LDAP connection from 127.0.0.1 to 127.0.0.1
[28/Sep/2004:10:47:17 +0200] conn=3352 op=0 msgId=8782 - BIND dn="cn=Directory Manager" method=128 version=2
[28/Sep/2004:10:47:17 +0200] conn=3352 op=0 msgId=8782 - RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
<------------------>8-------------------->8------------------------>
Anyone successful with this feature?
Regards,
Juergen Maihoefner

Hi there
I got a couple of doubts about the Certificate Authentication module, maybe you can help!
First, have you made any documentation on how you made this work ? Is it at all possible to get the source code of the module you have made? I think I'll need to create a costum module aswell because of very specific client requisits.
My problem ( and I'll be posting a new thread with this, but just in case you have this on your watch list ) is that I need to have both user/password and Cert Based authentication enabled. I'll create a chain with both modules as sufficient. My problem is : the documentation tells me that I need to have the containers (I suspect both the server and the agents ) with SSL enable and (and this is the tricky part) with Client Authentication Enabled . Now my problem is : when on the http listener, I configure it with security and enable that listener with Client Authentication, when I try to access the container on the secure listener I get an error (in firefox) or the browser asks me to select a certificate ( on IE ). When I dont provide a certifica it gives me the same error as firefox.
Basically, what I believe is happening is that with Client Authentication, the container will always request a certificate from the browser. Which isn't exactly what I want. I need to AM protected resources on this specific realm to allow authentication of a user based on a user/password OR a Certificate.
Basically what I want to know is : do I need to have Client Authentication Enabled on the http listener ? Did I miss read the documentation? Is there a really good how-to on how to do this ? Can you give me a hand?
Thanks loads for your help
Rp

SSL and Credentials configuration for webas

Hi..
I got a doubt in SSL certificate configuration.When i need to configure a JAVA engine for activating SSL.I would create .CSR and get signed from Trust center which inturn gives three certificate root,intermediate and original certificate and so we can configure the JAVA URL as https://<hostname>:<port no>:500001/...
Now the same can also can be configured for ABAP WEBAS engine.my doubt is as per note : 510007,SAP has said to generate .PSE file and SSL configuration which will work in 443 port and HTTPS port as in SMICM transaction
But I have two instances running on single host.I have already configured HTTPS 443 for one instance say for ABAP webas.And If i need to configure for another instance, can i change the HTTPS port as per my requirement ????,because 443 has been assigned to another instance (earlier) .And Can i generate PSE file from that new port and get the certificate installed that is obtained from Trust center ???
Expecting you Ideas and solution for this scenario..
Thanks
Gopalakrishnan M

Hello Gopalakrishnan,
To specify the https port of ABAP, you can use paramenter
icm/server_port_<X> as PROT=HTTPS,PORT=<port>
I think the default port for http is like below
icm/server_port_0 as PROT=HTTP,PORT=80<instance_number>
Then you can just specify icm/server_port_1 for https.
Good luck,
Victor

How to regenerate security certificates? CUCM 6.1.3

Hi,
Company has a call manager with 3 nodes on version 6.1.3:
- NODO1: 10.102.224.254
- NODO2: 10.102.224.253
- NODO3: 10.102.239.20
From S.O. web can be seen that some certs are going to expire. We have received a warning via e-mail. And we have checked opening certifications that expiration date is about to happen.
This is the security mode configuration:
Service parameters --> Publisher --> Call Manager-->Security Parameters
Cluster Security Mode: 1
CAPF Phone port:3804
CAPF Operation expires in (days):10
Enable caching: false
Certificates that are going to expire are the following:
CallManager_pem
CallManager_der
CAPF_pem
CAPF_der
CAPF-e09c40eb_pem
CAPF-e09c40eb_der
ipsec_cert_der
ipsec_cert_pem
NODO1_der
NODO1_pem
tomcat_cert_der
tomcat_cert_pem
At publisher, it can be seen no CTI file,
show itl
Executed command unsuccessfully
No valid command entered
There is only a CTL file, and it´s the following:
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.19 17:47:46 =~=~=~=~=~=~=~=~=~=~=~=
show ctl //Note: at the following file, some digits of the "SIGNATURE" have been changed with "*". And some name. Nothing else.
Length of CTL file: 5946
Parse CTL File
Version: 1.2
HeaderLength: 304 (BYTES)
BYTEPOS TAG LENGTH VALUE
3 SIGNERID 2 117
4 SIGNERNAME 56
5 SERIALNUMBER 10
6 CANAME 42
7 SIGNATUREINFO 2 15
8 DIGESTALGORTITHM 1
9 SIGNATUREALGOINFO 2 8
10 SIGNATUREALGORTITHM 1
11 SIGNATUREMODULUS 1
12 SIGNATURE 128
8d e3 61 8a d9 8 e a3
8d 5b 82 6f 51 81 a3 1b
e2 fe e5 57 66 f7 ab 54
f 69 fb ** 72 bf 3f a1
ee ea a3 fb b5 80 0 af
74 20 ac b 92 b0 c5 fd
fa f6 6e 52 c3 90 25 e1
2a ** 83 f0 ee 4f d3 9b
2e 6b c4 4d 45 79 40 41
f2 b7 3 7e 7f 7a ** b4
76 cc 45 e2 52 b1 4e 63
74 b1 a7 d8 36 97 22 47
8a 80 63 88 67 7e 7a 8d
2d ** eb 24 57 7b c2 74
cf 4 bb 9d dd b1 a a
e7 a9 5a 58 88 0 3f 67
14 FILENAME 12
15 TIMESTAMP 4
CTL Record #:1
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 1186
2 DNSNAME 1
3 SUBJECTNAME 56 cn="SAST-ADN597e8314 ";ou=IPCBU;o="Cisco Systems
4 FUNCTION 2 System Administrator Security Token
5 ISSUERNAME 42 cn=Cisco Manufacturing CA;o=Cisco Systems
6 ISSUERNAME 10
7 PUBLICKEY 140
9 CERTIFICATE 902
10 IPADDRESS 4
This etoken was not used to sign the CTL file.
CTL Record #:2
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 1180
2 DNSNAME 1
3 SUBJECTNAME 56 cn="SAST-ADN592dfe14 ";ou=IPCBU;o="Cisco Systems
4 FUNCTION 2 System Administrator Security Token
5 ISSUERNAME 42 cn=Cisco Manufacturing CA;o=Cisco Systems
6 ISSUERNAME 10
7 PUBLICKEY 141
9 CERTIFICATE 895
10 IPADDRESS 4
This etoken was used to sign the CTL file.
CTL Record #:3
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 765
2 DNSNAME 15 10.102.224.253
3 SUBJECTNAME 13 cn=NODO2
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO2
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
CTL Record #:4
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 765
2 DNSNAME 15 10.102.224.254
3 SUBJECTNAME 13 cn=NODO1
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO1
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
CTL Record #:5
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 982
2 DNSNAME 15 10.102.224.254
3 SUBJECTNAME 43 cn=CAPF-e09c40eb;ou=AREA TIC;o=NOMBREX
4 FUNCTION 2 CAPF
5 ISSUERNAME 43 cn=CAPF-e09c40eb;ou=AREA TIC;o=NOMBREX
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 698
10 IPADDRESS 4
CTL Record #:6
BYTEPOS TAG LENGTH VALUE
1 RECORDLENGTH 2 764
2 DNSNAME 14 10.102.239.20
3 SUBJECTNAME 13 cn=NODO3
4 FUNCTION 2 CCM+TFTP
5 ISSUERNAME 13 cn=NODO3
6 ISSUERNAME 8
7 PUBLICKEY 140
9 CERTIFICATE 541
10 IPADDRESS 4
The CTL file was verified successfully.
Certificates at publisher are the following:
admin:show cert list own
tomcat
ipsec
CallManager
CAPF
admin:show cert list
ipsec-trust/NODO1.pem
ipsec-trust/NODO1.der
ipsec-trust/c92d8a04.0
CallManager-trust/CAP-RTP-001.pem
CallManager-trust/CAP-RTP-002.pem
CallManager-trust/Cisco_Manufacturing_CA.pem
CallManager-trust/Cisco_Root_CA_2048.pem
CallManager-trust/a0440f4c.0
CallManager-trust/a69d2e04.0
CallManager-trust/f7a74b2c.0
CallManager-trust/dcc12642.0
CallManager-trust/0d40b14e.0
CallManager-trust/CAPF-7EC94D72.pem
CallManager-trust/CAPF-97FA3FDE.pem
CallManager-trust/CAPF-e09c40eb.pem
CallManager-trust/3e92ebd9.0
CallManager-trust/8eb380b0.0
CAPF-trust/CAP-RTP-001.pem
CAPF-trust/CAP-RTP-002.pem
CAPF-trust/Cisco_Manufacturing_CA.pem
CAPF-trust/Cisco_Root_CA_2048.pem
CAPF-trust/a0440f4c.0
CAPF-trust/a69d2e04.0
[1mPress <enter> for 1 line, <space> for one page, or <q> to quit [0m
[KCAPF-trust/f7a74b2c.0
CAPF-trust/CAPF.der
CAPF-trust/CAPF.pem
CAPF-trust/dcc12642.0
CAPF-trust/8eb380b0.0
admin:utils service list
Requesting service status, please wait...
System SSH [STARTED]
Cluster Manager [STARTED]
Service Manager is running
Getting list of all services
>> Return code = 0
A Cisco DB[STARTED]
A Cisco DB Replicator[STARTED]
Cisco AMC Service[STARTED]
Cisco AXL Web Service[STARTED]
Cisco Bulk Provisioning Service[STARTED]
Cisco CAR Scheduler[STARTED]
Cisco CAR Web Service[STARTED]
Cisco CDP[STARTED]
Cisco CDP Agent[STARTED]
Cisco CDR Agent[STARTED]
Cisco CDR Repository Manager[STARTED]
Cisco CTIManager[STARTED]
Cisco CTL Provider[STARTED]
Cisco CallManager[STARTED]
Cisco CallManager Admin[STARTED]
Cisco CallManager Attendant Console Server[STARTED]
Cisco CallManager Cisco IP Phone Services[STARTED]
Cisco CallManager Personal Directory[STARTED]
Cisco CallManager SNMP Service[STARTED]
Cisco CallManager Serviceability[STARTED]
Cisco CallManager Serviceability RTMT[STARTED]
Cisco Certificate Authority Proxy Function[STARTED]
Cisco Certificate Expiry Monitor[STARTED]
Cisco DRF Local[STARTED]
Cisco DRF Master[STARTED]
Cisco Database Layer Monitor[STARTED]
Cisco Dialed Number Analyzer[STARTED]
Cisco DirSync[STARTED]
Cisco Extended Functions[STARTED]
Cisco Extension Mobility Application[STARTED]
Cisco IP Manager Assistant[STARTED]
Cisco IP Voice Media Streaming App[STARTED]
Cisco License Manager[STARTED]
Cisco Log Partition Monitoring Tool[STARTED]
Cisco RIS Data Collector[STARTED]
Cisco RTMT Reporter Servlet[STARTED]
Cisco SOAP - CDRonDemand Service[STARTED]
Cisco Serviceability Reporter[STARTED]
Cisco Syslog Agent[STARTED]
Cisco Tftp[STARTED]
Cisco Tomcat[STARTED]
Cisco Tomcat Stats Servlet[STARTED]
Cisco Trace Collection Service[STARTED]
Cisco Trace Collection Servlet[STARTED]
Cisco UXL Web Service[STARTED]
Cisco WebDialer Web Service[STARTED]
Host Resources Agent[STARTED]
MIB2 Agent[STARTED]
Native Agent Adapter[STARTED]
SNMP Master Agent[STARTED]
SOAP -Log Collection APIs[STARTED]
SOAP -Performance Monitoring APIs[STARTED]
SOAP -Real-Time Service APIs[STARTED]
System Application Agent[STARTED]
Cisco DHCP Monitor Service[STOPPED] Service Not Activated
Cisco Extension Mobility[STOPPED] Service Not Activated
Cisco Messaging Interface[STOPPED] Service Not Activated
Cisco TAPS Service[STOPPED] Service Not Activated
Cisco Unified Mobile Voice Access Service[STOPPED] Service Not Activated
Primary Node =true
admin:
Perfil de seguridad Ej:para un CP-7960
-Phone Security Profile Info
Device Protocol: SCCP
Name: SP_7960_Encriptado
Description: Migrated Profile: Sec_mode 3 Auth_mode 2
Device Security Mode: Encrypted
-Phone Security profile CAPF Info
Authentication mode: By null string
Key Size: 1024
At this forum, it says for version 5x to /7x I have simply to regenerate certificates:
http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-communications-manager-version-50/99815-ccm-sec-cert.html
These are the doubts I have:
- Is it necessary to regenerate any certificate in first plase?, if so ¿what is the place I should follow for each certificate?
- Is it necessary to restart any service before regenerating the certificates? for version 8.0 and higher, I saw that it´s necessary to restart TFTP and Call Manager services.
- After regenerating certificates, is it necessary to create a new CTL file? If so, Do I need the two tokens we used to create CTL file at the begining?
- Regarding CAPF certificate. Do i need to push the LSC certificates to the phones? Or I just need to reset phones to do so?
Thank you in advance!

Found the answer - Need to "Enable Advance Ad-Hoc Conference" under service parameters.

Why SharePoint 2013 Hybrid need SAN certificates and what SAN needs ?

I've read this article of technet, but I couldn't undarstand requied values of SubjectAltname.
https://technet.microsoft.com/en-us/library/b291ea58-cfda-48ec-92d7-5180cb7e9469(v=office.15)#AboutSecureChannel
For example, if I build following servers, what SAN needs ?
It is happy to also tell me why.
[ServerNames]
AD DS Server:DS01
AD FS Server:FS01
Web Application Proxy Server:PRX01
SharePoint Server(WFE):WFE01
SharePoint Server(APL):APL01
SQL Server:DB01
[AD DS Domain Name]
contoso.local
(Please be assumed that above all servers join this domain)
[Site collection strategy]
using a host-named site collection
[Primary web application URL]
https://sps.contoso.com
Thanks.

Hi,
From your description, my understanding is that you have some doubts about SAN.
If you have a SAN, you can leverage it to make SharePoint
a little easier to manage and to tweak SharePoint's performance. From a management standpoint, SANs make it easy to adjust the size and number of SharePoint's hard disks. What you could refer to this blog:
http://windowsitpro.com/sharepoint/best-practices-implementing-sharepoint-san. You could find what SAN needs from part “Some
SAN Basics” in this blog.
These articles may help you understand SAN:
https://social.technet.microsoft.com/Forums/office/en-US/ea4791f6-7ec6-4625-a685-53570ea7c126/moving-sharepoint-2010-database-files-to-san-storage?forum=sharepointadminprevious
http://blogs.technet.com/b/saantil/archive/2013/02/12/san-certificates-and-sharepoint.aspx
http://sp-vinod.blogspot.com/2013/03/using-wildcard-certificate-for.html
Best Regard
Vincent Han
TechNet Community Support

Issue while signing a jar using RSA certificate

Hi,
I am trying to sign a java applet using trusted certificate with the help of Java keytool and jarsigner of JRE1.6. For this I have followed the following steps:
1.Generated key pair in a keystore - keytool -genkeypair -keyalg RSA -alias eaikey -keystore eaikeystore -validity 3650 -keysize 2048
2.Generated CSR using command keytool -certreq -alias eaikey -file eaicert.csr -keystore eaikeystore and send the .csr file to the CA
3.CA has returned the certificate reply (.cer file)that contained a root certificate
4.When I tried to import the certificate using command keytool -import -file eaicert.cer -alias eaicertkey -keystore eaikeystore to keystore, initially it gave me error as Input not an X.509 certificate.So I opened the .cer file in my text editor and removed the texts before the Begin And End Certificate.Then it got imported correctly by running the
5.When I tried to sign the jar using command jarsigner application.jar eaicertkey -keystore eaikeystore
it gave the exception as jarsigner: Certificate chain not found for: eaicertkey. eaicertkey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Please help me with the step I am missing here.I doubt I am doing something wrong in the import step.
Thanks in advance.

you can mail me directly to [email protected], and I'll try to help.
no guarenty :-)
Tal
[email protected]

Expired Thawte Certificate killed our app

Today we got several calls from customers saying that they cannot install our application. Adobe Air would install just fine but when Air went to install the app.air file an error popped up saying “Sorry, an error has occurred. The application could not be installed because the AIR file is damaged. Try obtaining a new AIR file from the application author.” I tested the install on several computers here and they all gave the same error. All this happened the day after the Code Signing Certificate expired, so I rolled the clock back on the computer to May 18, 2010 and the application installed just fine. So we figure it must be a problem with the certificate expiring so we call the company that issued the certificate to us, Thawte. They explained to us that the program should keep installing just fine if a timestamp was applied at the time of the signing. Thawte said that you cannot timestamp with Adobe AIR and so when the certificate expired so did the ability to install the application, that’s why turning back the clock worked. Thawte said that there is a slight chance that the new certificate we purchased from them will fix all the disks we have already sent out but I doubt it. So is there a way to fix this so all the applications we allready sent out will work or will we have to redistribute with the new certificate in place? Thanks.

Hi Oliver,
1. When we published it from Flex Builder 3 via export release build, I selected the timestamp option on the Digital Signature page
2. I believe I was looking in the wrong place (Console Messages). I went to all messages, and have attached a screenshot of that output.
3. Using version 1.5.2 of the SDK to publish
4. You can download the application here.
Thanks for your assistance,
Rob

CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

Hi,
I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.
After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems
1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.
2. Wireless clients are authenticated successfully even after the certificate is uninstalled.
Any help on these problems will be appreciated.
Thanks
Best Regards,
Ahmed

Hi Rohit,
Thanks for reminding the HTTPS option under Administration Control on ACS.
I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.
Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.
Thanks
Best Regards,
Ahmed

Is it possible to decrypt EFS files without backup certificate- windows xp,vista,win-7,win8

hi,
i have windows xp and and i did the format c:\ without take any EFS certificate backup ,is it possible to decrypt efs files without backup certificate , i have lot off files like Microsoft office and pdf , how can i recover the file and decrypt
Any software to decrypt the files , mostly word and excel files , any solution please let me know as soon ad possible.
Thx
PV

PV
If you formatted the entire "C" drive (Format C:\) then you don't need to decrypt them but rather recover them. Recovery is somewhat doubtful but one application you can try is called recuva.
You will not recover 100% of the files and may not recover any
http://www.piriform.com/recuva
Wanikiya and Dyami--Team Zigzag

1099 Reporting doubts

Hi all,
I am doing 1099 coniguration for an US Company. I have the following doubts. Pl help me with your inputs.
1. What is to be taken as reporting base for 1099 - Invoice or payment (withholding tax type for invoice posting or payment posting)
2. How will the Vendor who gives tax exemption certificate be reflected in the Report.
Thanks
Sri.

Hi,
To flag a vendor in SAP as a 1099 vendor, two fields need to be populated.
1. On the Control screen of the vendor master, populate either "Tax Code 1" field with his social security number if his social security number is his tax id. or "Tax Code 2" field with his corporate tax id. if he has been issued a corporate tax id. Input either of the two in their correct format i.e. social security as xxx-xx-xxxx or corporate id as xx-xxxxxxx.
2. On the Accounting Info. screen, populate the "W.tax code" field under the "Withholding Tax" box with the value "07" if it is a US vendor or "42" if it is a foreign vendor.
These are the two fields that specify a vendor as being a 1099 vendor.
Any posts done before this changes were implemented will not show on 1099.
You will need to run program RFWT0020 to flag 1099 items retroactively.
...and/or you can change the "Document Change rules" for BSEG-QSSHB and BESG-QSSKZ for account type "K" so that you can change the Withholding tax code after the line item has been cleared (i.e. after entering the required information in the vendor master record as the user above has recommended) (Refer to OSS Note: 363650).
But if you use MIRO to post invoices, you might want to look at Note 482245 too...
In SAP v40b, the new 1099 report is RFW1099M. It is a neat report since it merges all the three reports that are listed in the AP info system under the withholding tax.
Regards,
Satish Muvva.

Presenting a Client Certificate from ACE?

Hi Folks,
This is a bit of an odd one, so please stick with me!
A bit of background:
We currently visit a secure 3rd party website from our company, in order to identify our company to the website we have to use a client-side certificate to authenticate us (before we then login to the website).
As we have a large number of machines loading a client-certificate on to each one has not proved agile enough (this is more a legacy thing). So to work around this we have used a Stunnel proxy which the clients are forwared too (HTTP), which then proxies the connection as HTTPS and provides the end website with the Client Cert and does all the bits for SSL. The Stunnel service was meant to be a tempory workaround, about 3 or so years ago (don't you just love those?) and is hosted on a desktop PC which has recently started to crash - there's no real support on this either - which leads me onto the question:
Can the ACE module replace the Stunnel Box in this scenario?
Is it possibile to load a client certificate onto the ACE and get it to provide this to an end webserver. I realise that the ACE is probably not designed for this function, however this would get us onto something more stable and has a better internal support function.
I've attached a really basic diagram of how the connectivity operates - but I'm happy to consider suggestions on alternative ways of doing it.
Thanks in advance
Kev

Hi.
It seems to be not possible : http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/initiate.html
I have to check if other products can do what you want, but I have some doubts...

Problems Creating a Java Class using a webservice with certificate

hi,
i'm developing a java class that call's a webservice that needs a certificate, i'm not used to work with java, last time was 10 years ago, so i'm having some troubles because of the certificate.
I already add the certificate using java control panel > Security > Certificates. When testing i get the following error: IOException (java.io.IOException: subject key, Unknown key spec)
I think I need to define the certificate in my class, but i'm having a lots of trouble with the samples that i found over the internet, nothing works and i'm running out of time.
This is my Class
create or replace and compile java source named "FishInfoAt" as
import java.net.*;
import java.io.*;
import java.security.*;
public class FishInfoAt
     public FishInfoAt()
     public static String send(String urlfishinfoat, String mensagem, String mensagem1, String mensagem2, String mensagem3)
          // Init
          String response = "";
          String msgtotal = mensagem+mensagem1+mensagem2+mensagem3;
          String a = "";
          HttpURLConnection conn = null;
          try{
               URL url = new URL(urlfishinfoat);
               conn = (HttpURLConnection) url.openConnection();
               conn.setRequestMethod("POST");
               conn.setRequestProperty("Content-type", "text/xml; charset=utf-8");
               conn.setRequestProperty("SOAPAction", "https://servicos.portaldasfinancas.gov.pt:401/sgdtws/documentosTransporte/");
               conn.setRequestProperty("Content-Length","" + msgtotal.length());
               conn.setDoOutput(true);
               conn.setDoInput(true);
               conn.connect();
               OutputStream out = conn.getOutputStream();
               out.write(msgtotal.getBytes());
               out.flush();
               InputStream in = conn.getInputStream();
               int value;
               while( (value = in.read()) != -1)
                    response+=(char)value;
          catch(Exception e)
response = ("*** ERROR - IOException (" + e.getMessage() + a + ")");
return response;
/

Hi Deepak,
Could you please let us know upto which line your code is going safe. Try printing the value in the structure before you send that to the method GetUGEntity().
I am not too sure that would be a problem. But I have faced a problem like this, wherein I tried to access a structure for which I have not allocated memory and hence got exception because of that.
Since your JNI code seems to be error free, I got doubt on your C part. Sorry.
Dhamo.

Doubt on QM Certificate

Similar Messages

Maybe you are looking for