Enable Multiple Stapled OCSP Responses in IIS

Similar Messages

• Enabling Multiple Search in Advanced search

  Hi All,
  I am trying to enable Multiple search on a particular field in the advanced search for that PCUI application. E.g Search for Opportunities with Partner P1 and P2.
  When i perform the search the results show me all opportunities with partner P1 OR Partner P2. So i get all opportunities which belong to partner either  P1 or P2 or both
  I want to view all opportunities with partner P1 AND P2 i.e i want to search only for those opportunities that have both P1 and P2 in it
  Is there anyway we can achieve this
  Thanks and Regards,
  Varun

  Hello,
  The MAC for the the advanced search in opportunities (application CRMD_BUS2000111) is CL_CRM_BSP_AM_HEADME_1O.
  Create a Z MAC inheriting from this MAC and redefine the method IF_CRM_BSP_MODEL_ACCESS_IL~QUERY.
  In you redefined method, you can for example first call the ‘super’ query method and do your own additional selections after.
  The FM used for the standard query is CRM_BSP_OIC_1O_SEARCH_FROM_RF.
  You can maybe also check how this FM is called and make you own call of this FM.
  Regards,
  Frederic

• How can we enable multiple people to work on the same Xcelsius file

  I want to enable multiple people work on the same file as I am working on. How Can I achieve this task?

  Hi Jain,
  I dont think there is a logic behind your requirement.  If multiple persons are allowed to work on one file, then whose modification has to get saved as a final copy.  Even in MS office documents also, you will be notified/prompted if you are opening at the same time some one else is already working on the same.  Please clarify your requirement more.
  If i presume that if you are talking about the Xcelsius output file such as word, pdf, etc.,. then it is clear that all can open the same file in read only mode except the one who is opening the same First.  Anyhow they cannot modify the SWF contents.  Only header or footer can be inserted.
  Hope this is clear.  Please revert on your exact requirement.
  With best wishes
  BaaRaa.

• What can be done to enable multiple usb  "mouse" buttons  in Solaris 10 ?

  My usb multimedia keyboard is recognized as a "combined" usb device.
  Two /dev/usb/hidx are created , one with usb keyboard driver attached, the other with the usb mouse driver attached.
  Events are generated for the scroll wheel on the keyboard, but not for the cca. 30 extra buttons.
  Is there a way to enable multiple buttons support for the "mouse" device ?
  The OS is Solaris 10 x86 u3

  I don't know how ZAxis... can make those buttons work.
  Pressing those keys don't generate any event in xev.
  xmodmap -pp shows a maximum of 24 buttons which I cannot map to anything.
  On linux there are some drivers and applications one can use to map the keys.
  On Solaris, I don't know.

• OCSP response signature is invalid--ALC-DSS-111-005

  Hi All,
  I am using "verify pdf signature" process for signature verification for pdf having signed signature field.
  I am getting an error in status message of pdfSignatureVerificationResult as "ALC-DSS-111-005--OCSP response signature is invalid".
  Kindly provide any information to resolve this issue.
  Regards
  Abhishek

  The OCSP protocol has an option for accepting only signed requests, where the signer of the OCSP request has to be trusted by the OCSP Responder.
  LiveCycle Digital Signatures ES2 and or Acrobat can be configured to sign OCSP requests.
  In LiveCycle, it is part of the Digital Signatures service configuration, see attached screen shots.  Acrobat\Reader supports it through a registry entry...  I have attached the relevant page from the Digital Signatures and Document Security administration guide.
  Regards
  Steve

• Add revocation info (ocsp response) in the signatures

  I'm doing an application to sign pdfs in java.
  I already have successfully sign pdfs, but I want to add also the revocation info embedded into the file. I have no problems with CRLs, but I can't add the other revocation method like a ocsp response.
  To get a fully signed pdf I have downloaded adobe pro 9 trial version, and I'm trying to sign a pdf with revocation info. For that I selected the "add revocation info when signing" in security preferences. So I sign a pdf with revocation info activated and another one without it. Comparing both files there is a file size difference of 300 KB, so I suppose something has added. But when I validate the pdf with the adobe reader I can't get a valid signature in offline mode. Really I'm not sure if the acrobat reader don't understands correctly the revocation info embedded in the pdf or if the signature itself is not correct.
  If I use my program to sign the pdf and I add the crls the acrobat reader validate correctly the signature in offline mode.
  Anyone have manage to sign a pdf with adobe pro 9 including revocation info? or anyone know where I cat get a sample pdf with an ocsp response embedded? or anyone knows something to help me?
  thanks.

  Hola Alfredo,
  "So if I trust directly in the ocsp responder it would be a valid ocsp response, right?"
  Wrong. Although nothing happens in Acrobat without trust being established, it's not enough to just assign a certificate in the chain "trust anchor" status. All of the other rules must be followed as well. As an example, although we have been discussing OCSP responses, similar rules apply to indirect CRLs. If a CA is using an indirect CRL the correct extensions in both the CRL itself and the certificate under test would need to be present. It wouldn't be enough to just trust the signer of the CRL.
  "Is there any possibility in adobe to trust in the responder, the same way as I can do with the timestamp?"
  It's a little more complicated than that, but Acrobat does allow for a user to establish local trust in accordance with RFC 2560, Section 4.2.2.2. You are asking about adding "a local configuration of OCSP signing authority for the certificate in question". It can be done using the registry keys defined in the Acrobat Security Administration Guide (location noted in the first reply above), Section 5.4.1.1. You need to define the iURLToConsult and the sURL (which tells Acrobat to accept any OCSP response that comes from this URL). That's the effect you are looking for. However, these are global settings and will overwrite any other certificates, so you might want to set up a Custom Cert Preference as described in Section 3.4.6.
  "Adobe have any type of utility or log to show more details about the signature verification?"
  Yes, check out section 5.4.4.4 of the Acrobat Security Administration Guide.
  "In that last case with the nextUpdate problem it were not giving me any type of error about the ocsp, but anyway It didn't consider valid the response as you say."
  With apologies, I wasn't clear enough on this issue. It's not that Acrobat doesn't consider the response valid, but rather it's doesn't consider the response usable for other than "real time" usage. An OCSP response downloaded in real time that doesn't contain the nextUpdate extension is valid (assuming all other checks are okay). It's only when you are trying to use a cached OCSP response without the nextUpdate extension that Acrobat won't accept it. The lack of the nextUpdate extension is a tool that the CAs have at their disposal to force requesting applications (in this case Acrobat) to always ask for the latest information and not rely on older data.
  "And the last question, where can I get a sample pdf with an embedded valid ocsp response? do you have any sample one?"
  The Acrobat Security Administration Guide has an embedded OCSP response covering the end-entity in the signing chain.
  Steve

• Enable multiple selection in spark datagrid

  Hi guys, I am trying to enable multiple selection in my datagrid. I tried allowMultipleSelection=true but it didn't have that attribute on spark component. Anyone knows how to do it? Thanks a lot.

  Use selectionMode="mutipleRows"
  http://help.adobe.com/en_US/flex/using/WS0ab2a460655f2dc3-427f401412c60d04dca-7ff8.html

• Enabling Multiple Currencies vs. Custom Currencies

  Is there any advanatages and disadvantages of using Enabling Multiple Currencies versus just using a custom dimension for currencies?

  Well you would be adding yourself quite a bit of work by creating a custom dimension for currencies.
  Dont forget that when you tag an application as multi currency, 2 additional dimensions are created: Currencies and HSP_Rates.
  Additionally exchange rates types (historical, average, ending) are stored against that Accounts dimension.
  You ve also got to think about the currency conversion rules/scripts created with mutli currency apps.
  Creating a currency custom dimension would not include the above.
  Hope this helps.
  Seb
  www.taysols.com.au

• RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs

  Could someone please tell me is this 100% correct?
  "RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs"
  Any ideas why? Does anyone have a way around this?
  As a workaround I was thinking of setting up one broadcast SSID for guests and one non-broadcast SSID for RADIUS assigned VLANs, however i'd prefer to have both broadcast due to numerous Vista and PDA connection issues.

  Hi.
  Thanks for your reply.
  That is what I would like to do; have one SSID and assign the users to different VLANs based on policy.
  I have all the VLANs and subinterfaces set up correctly and working independently, but the VLAN assigment does not seem to work correctly.
  If I do a "show dot11 association all-client" the RADIUS attribute appears to have altered the VLAN, but the device has no connectivity and cannot DHCP.
  This is with 1130AG in autonomous mode and Microsoft IAS as RADIUS.
  Apparently there may be a problem with mbssid and RADIUS assigned VLANs.

• Returning multiple parameters as response from a servlet

  Hii Javaites
  I want a servlet to return multiple parameters as response.
  In my functionality , i am callling the servlet from a swing client .
  I need to get two xml strings as response from the servlet.
  Right now i am using
  PrintWriter pw=response.getWriter();
  pw.write(xmlString);
  for writing xml string . but wht if i want to send another String (xmlString2) as resposne from the servlet to the swing application ?

  You have several possibilities. If you control the XML formats you could unify the data into one XML message. You could modify your Swing app to make two requests. If it needs two separate pieces of info it is more logical to do it as two separate requests. If you really must do it this way, you could use the Zip classes (built in to Java) to put the two XML files together into a Zip file and then send that.

• Enabling multiple simultaneous discount codes

  Is it possible to enable multiple discount codes so that they can both be applied at checkout?
  For example I have one that enables users to take 20% off, and another that lets them take another $100 for being a new customer. I have them both setup as codes, but when I test the cart one seems to eliminate the other.
  Tried searching for the answer and came up short. I'm sure this has been done before though. Any direction would be great!
  Thanks so much!
  Wendy

  Can a gift voucher be "redeemed" more than once? For example if we advertise $100 off and say to use "Gift Voucher" GV101, can multiple people check out with it?

• OCSP response processing

  I am one of thousands of Acrobat users in a US Federal Agency.  I am introducing digital signatures using smart card credentials (FIPS-201 PIV card) on a Windows 7 machine using Acrobat to add the signature field to an existing Form.
  We need to embed the signature verification information in the Form.  The CRL embeds and adds 3MB to the 240KB document size.  The second signature adds another 3MB.  This is unsustainable and we need to use OCSP for certificate revocation checking and embed the OCSP Response into the form.  We are trying to determine why Acrobat is not using the OCSP response.  The CRL cache is cleared and the signature applied.  The OCSP Response is apparently ignored or fails some part of Acrobat processing.  I did find a previous note ( http://forums.adobe.com/message/2752534 ) that indicates that
  "...If OCSP response signing certificate contains CRL distribution point (in my case CDP (CRL) and AIA (OCSP)), online OCSP check executes, but after getting all chain certificate OCSP responses, validating signature against CRL (it’s looks from Local cache). It means you never get OCSP validation data in Adobe Acrobat or Reader signature revocation tab..."
  From the PKI Shared Service Provider I rec'd the following:
  "...when we generated the OCSP signing cert that it populated the CDP and OCSP info in the AIA which it was not supposed to. So it looks like the combination of the Adobe problem mentioned in the article and the issue with the OCSP signing cert may be causing it to ignore the OCSP info and to continue on to process the CRL."
  Can you confirm that Acrobat will fail to use the OCSP Response in our case?
  Can you offer a work-around for the issue?
  Thanks and regards, Dave

  This issue was put into Adobe support.  They have identified it as a bug in crl/ocsp
  processing and have escalated it into engineering.  There is no estimate of when the
  bug will be fixed.

• NextUpdate, embedding OCSP response

  Hi,
  I am trying to understand revocation info and relevant processes in the PDF signature...
  "If nextUpdate is not set, the responder is indicating that newer revocation information is available all the time".
  I have a situation where my OCSP response doesn't have nextUpdate set. This means that Reader should always
  check whether certificate is revoked or not, right ?
  Here is what I do right now:
  1) include signing certificate and PKCS#12 cert chain(my digital id for OCSP) in PDF signature appearance
  2) sign PDF byterange on SmartCard and set external digest on PKCS7
  3) include OCSP response in PKCS7
  QUESTION 1:
  But for some reason I don't see that OCSP is embedded in PDF any way. Although I see it exists in Byterange content.
  Any explanation ?
  I have 2 signing certificates which I can use in step #1. Their intended usage:
  1) Sign transaction, Encrypt keys, Encrypt document, Client Authentication, Email Protection
  2) Sign document
  Here is the revocation info that is shown on Revocation Info Tab:
  1) ... The selected certificate is considered valid because it does not appear in a Certificate Revocation List (CRL).
  2) ... No revocation checks are done for such certificates, they are inherently considered trustworthy.
  QUESTION 2:
  Can't I use certificate #2 for embedding OCSP in PDF ?

  I am currently reading "Long-Term Digital Signatures" that states: "Revocation responses from an OCSP server are usually time stamped by the server that creates them". What does time stamped mean in the thisUpdate/nextUpdate context?
  p.s. The topic I raised is based on custom solution that signs PDF using iTextSharp. I am embedding OCSP response myself, how does Reader behaves when there is no nextUpdate entry ?
  Regards,
  M.

• OCSP response

  I am trying to figure out whether it is possible to add OCSP response bytes into PDF when using external signature ?
  Currenltly here is what I do:
  1) calculate hash based on PDF bytes
  2) sign that hash on smartcard
  3) create PKCS7 enveloped data based on above and update ByteRange
  When I try to add OCSP response bytes after step 3 then I ruin signed data ?

  Hi,
  The document at http://learn.adobe.com/wiki/download/attachments/52658564/digital_signatures_in_PDF_9x.pdf ?version=1 may be helpful for you. You need to build a hole for the signature that is large enough to contain the revocation responses as noted in Figure 2. Once you estimate the size of the hole it has to stay fixed (to keep the hashed byte range constant), so you will need to zero-pad the unused portion of the unsigned contents dictionary.
  Steve

• How to enable multiple entries for bundling free goods in vbn1?

  Hi SAP Gurus,
  How can I enable bundling of free goods in SAP using vbn1?
  In creating an entry, I place the material number, qty and other required fields then assign the material number of the item that I want to bundle with the 1st product. My problem is that I can only assign 1 material number to a product.
  Scenario:
  Mat. No. 1 is the main item, then I assign matNo.2 to be budled with matNo.1. I also wanted to assign matNo.3 to be bundled with matNo.1. But unfortunately, When I place another entry using matNo.1. Error says that it is currently being processed. It seems I can only assign a single free goods. How can I set this to multiple?
  Thanks in advance!

  Hi Colleague,
  No. This function is not provided in the R/3 System. Only one record is taken into account during the free goods determination with the existence of several valid condition records. This record is the one with the largest minimum quantity. For this record the system only generates one free goods subitem.   
  Free goods can only be supported on a 1:1 ratio. This means that an order item can lead to a free goods item. Agreements in the following form are not supported: #eWith material 1, material 2 and material 3 are free of charge#e or #eIf material 1 and material 2 are ordered at the same time, then material 3 is free of charge#e.                        
  You can refer FAQ note 549963 which clarifies this point.
  I hope it can be helpful.
  Regards
  Ruy Castro