Manage user certificates with UE-V?

Similar Messages

• Workflow Manager Configuration - Certificate with Thumbprint does not have a private key

  After following the video series on how to install and Configure Workflow Manager into SharePoint 2013 http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx,
  I get to the 'Configure Certificates' section in the Workflow Manager Configuration:  I browse to our wildcard certificate and select it.
  When I try to move to the next page of the configuration wizard, I get the following red error under the certificate:
  Certificate with thumbprint LONG STRING does not have a private key.
  I checked the properties of the certificate, and it says: You have a private key that corresponds to this certificate.
  What am I missing??
  Thank you.
  macrel

  Hi,
  According to your post, my understanding is that you got error under the certificate.
  Please make sure you configure the workflow manager correctly.
  More information:
  Install and configure workflow for SharePoint Server 2013
  Installing and Configuring Workflow Manager 1.0
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Problem managing keys/certificates with SunPKCS11

  Hi:
  I am trying to create a small applet to manage certificates stored on a smart card using SunPKCS11. I can successfully import a key/certificate from a P12 file, however I have some problems managing keys and certificates that appears to be related.
  First, creating a KeyStore entry creates one object with one alias. But reading the card from another application such as safesign, I see a public object with the chosen alias but the private key appears with no alias specified. if I import the whole certificate chain, only the certificate will have the chosen alias the others will have no defined alias.
  Everything works ok, I can sign with the certificate on the card. But managing certificates and keys becomes incompatible with other applications, if multiple keys . Is there some way I can specify the alias so it will show for the private object?
  Secondly, I cannot get the installed certificate from my java application without authenticating. Other applications can read the certificate, authentication is required only to access the private object.
  I see further that if I delete the private object with safesign but let the certificates remain, I no longer get any certificates or keys when listing from SunPKCS11, while safesign still lists the certificates. Also, I can't access the card read only to list certificates.
  I think these things are related: SunPKCS11 creates and sees only one object which is protected if it has been created with SetKeyEntry.
  Is there any way to gain more fine grained control over the key store with SunPKCS11?
  Thanks, Erik

  i came up with the same problem. Can you tell me your way to deal with it ?
  thanks!
  [email protected]

• Managing users passwords with ADF

  Hi,
  We have created an user manager application wich edits Realm Users. Since we change the realm to use SHA encription we would like to have the password field encrypted before ADF updates the table ....
  There is a clean way of doing this ?
  So far we thought on overwriting the OnCommit method for the datapage and in there modify the request object but there is nothing like a request.setParameter( String, String ) .... and apparently is the request.parameter the one that ADF will endup sendind to the datafield ....
  Again, there is a direct way of doing this other than locating afterwards the viewObject Row and updating the unencrypted password with the encripted version ????
  Thanks,
  Omar

  Hi
  Put the code in YourEOImpl.java
  public void setPassword(String value) {
  String encryptedPassword = null;
  encryptedPassword = ....; // your encryption implementation
  setAttributeInternal(PASSWORD, encryptedPassword);
  Hope this help
  Regards,
  Nhut Trung

• Managing User Photos with On Premise Lync 2013 & Office 365

  Hello, I'm just looking for a little clarity in terms of expected behavior when using the various methods of modifying user images on these systems.
  For example, I've read that Lync 2013 can utilize the high resolution photo that is stored within the user's Exchange mailbox. That would work good in theory, but what about Lync users who do not have an Exchange mailbox (or UM voicemail box)? Presumably
  in that case you could use one of the AD attributes, thumbnailPhoto or jpegPhoto, the latter being preferred as it allows for higher resolution images. However in my experience, when using the jpegPhoto attribute, dirsync does successfully replicate the photo
  and it shows up on the O365 portal, but the on-premise Lync server/clients have inconsistent success displaying them. Some user's can see other user's photos, but they can see eachothers or vice versa and eventually the Lync client stops displaying any of
  these photos. 
  Ideally for us, if we could use the jpegPhoto attribute for all users, as opposed to using exchange attributes for some, that would be best, but is it designed to work this way?

  Hi FuzzMunk,
  I don’t think that Lync Server will
  synchronize the photo from
  JPEGPhoto attribute, as I know
  it only synchronizes the photo from
  thumbnailPhoto attribute in Active Directory.
  You can see the photo displayed on Office365 portal
   because it synchronizes the photo from both the
  thumbailphoto and jpegphoto attributes.
  Some related articles and cases for your reference.
  http://blogs.technet.com/b/nexthop/archive/2010/11/22/microsoft-lync-2010-photo-experience.aspx
  https://technet.microsoft.com/en-us/library/jj688150.aspx
  https://social.technet.microsoft.com/Forums/lync/en-US/3ffc4fcd-eefc-4eca-bc7e-bcd007157199/lync-photo-from-active-directory
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/53859480-a345-4ce0-a04e-9f1fc7a947c2/what-is-the-difference-between-jpegphoto-and-thumbnailphoto-attribute-in-ad?forum=winserverDS
  Best regards,
  Eric

• Managed users with Active Directory?

  Hi guys
  I was wondering if any of you can help me out. I'm looking to get a OS X Server 10.4 to act as a managed user server, with all the pros of Open Directory (ie Finder restrictions etc) and user home directories on the Xserve's HD, but to authenticate through a Windows 2003 Active Directory Server.
  I have been reading a number of sites and there seams to be two ways to do it.
  1) Bind the Xserve and the client Macs to the Active Directory and then on the PC server specify the home folders as a share point on the Xserve. Ie \\Xserve\Users\Tom
  This way the Xserve is basically a file server.
  2) And I'm cutting this story short because I've only briefly read this one. But you can set the Xserve as an Open Directory master, some how import the users and then remove the directory master roll.
  I really need to be able to have the usernames and passwords live from the Windows Server due to passwords being changed every 30 days blah blah blah so I guess point 2 is out of the question.
  To be honest a yay or nay to the above would be a good start, could obviously save a lot of wasted time, but if anyone can recommend me a website or a pdf that will walk me through it.
  I've managed to get my laptop to authenticate to AD but cant get the home directories to work. Every time I log in with a user account it creates it locally on my HD. I do not have "Force local home directory" checked. I guess I need to configure LDAP to the AD server as well? I gave it a go an managed to get Address Book pulling users and emails from the AD sever. I then preformed a lookupd lookup on a user bob and found that the home directory was set to /Users/bob even though on my AD server I've set it to \\Xserve\Users\bob is this something I'm doing wrong with LDAP? If thats all it is I'll be able to get point 1 above working and it will all be good.
  I hope I've made this clear enough for someone to be able to help me.
  Thanks in advance for any help you might be able to give me.
  Tom
  1.25GHz PowerBook G4   Mac OS X (10.4.4)  

  With an OD master you could manage your clients at the group and computer list level.
  So when you setup the user's profile in AD, you mapped a network drive and provided the UNC path \\Xserver\Users\bob. You did bind the OD Master with the name Xserve? Also, by default it will use smb to connect, which you can change to afp instead in the AD plugin. smb will not create the home folder for you. You could try to create the home folder yourself in advance. (sudo createhomedir -a may do the trick)
  For troubleshooting purposes, you could create a share on the AD server and adjust the user's profile to point to it instead of the OD Master. Try and login and see what you get.

• Can I distribute s/mime certificates to MDM managed users via Mavericks Server?

  We have a private CA and right now users have to share S/MIME certificates with others manually. Is is possible to embed these certs into each user in Address Book, or distribute them some other way using Mavericks Server?

  Couldn't fix the problem. Had to attach another external storage drive to each computer to use for backup, then erase and rename the TimeCapsule hard drive via Airport utility as well as the second hard drive in the MacMini Server via Disk Utility. I removed both the Time Capsule drive and the second internal hard drive from the "Settings" pane in the "Time Machine" section of Server.
  I still have no idea of what went wrong or if the problem will happen again. It may have been a corrupted file on the backup drives. It may have been Tech Tool Pro or Adode Creative Cloud updater, who knows. But for now, it is working as anticipated. The iMac clients and the MacMini Server are all backed up to the Time Capsule as well as the Mac Mini Server's second internal drive.
  I sure wish there were better documentation available for using Server to manage Time Machine backups!

• How to globally set WiFi to use device management identity certificate for all users?

  I'm using Apple's Profile Management service in Mountain Lion, and discovered through serendipity that an enrolled device can authenticate on EAP-TLS to our WPA2-Enterprise Wifi using the Device Managment Identity Certificate instead of an individually-generated-for-user x509 cert. This is extremely convenient, because then we can effectively revoke a device's cert by unenrolling the device.
  However, I haven't been able to figure out how to make WiFi always designate EAP-TLS and select the Device Management Identity Certificate globally (whether through /usr/bin/networksetup or through the Profile Manager).
  Does anybody have any pointers on how to do this? My goal is to have an OS X >= 10.7 machine at a network login prompt capable of logging into the machine, authenticated against the Open Directory server the machine is already bound to. At present a wireless user cannot do this, as the machine's Wifi preferences haven't yet been set to use the aforementioned device management cert.
  Thanks!

  Making customisation from the default profile is generally considered poor practice and quite often doesn't work out as planned. (If you're interested in some more information on this, [http://mockbox.net/windows-7/227-customise-windows-7-default-profile.html see here] see here)
  This article should help you with developing and deploying your customised Firefox 4 installation (without touching the Windows 7 default user profile):
  http://mockbox.net/configmgr-sccm/174-install-and-configure-firefox-silently.html

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• User from certificate with Cisco VPN client and ASA (and radius)

  Hello,
  we are trying to migrate a vpn client connection from GROUP to certificate. We want that client uses the user from the certificate and doesn't ask user, only password. Is it possible? Now, with user certificate, you can connect as another user if you know the user and the password of the other user with your own certifcate.
  Thanks!
  Santiago.

  mrbacklash wrote:
  Ok with that being said will the MBA 11.6 1.4ghz have the guts to make it run mostly internet based programs over the VPN connection?
  I think if you are running apps over the Internet the bottleneck will be the Internet and your VPN bandwidth. Your computer can certainly execute faster than Internet communications.
  Besides, Internet or remote applications run on the remote server. All your local computer does is local processing of the data if necessary.
  Message was edited by: BobTheFisherman

• Sap UM connector 9.1.2 trouble with "SAP User Management User Recon" task

  Hello All,
  i have a problem with Sap UM Connector version 9.1.2.
  OIM version 11.1.1.5
  Windows 2008 R2
  Problem is:
  Then accounts in Sap are created through direct provisioning feature of connector everything works ok (subsequent update or delete an account).
  But if a user account is created in Sap using Sap GUI, scheduled task "SAP User Management User Recon" of connector doesn't create reconciliation event to link user.
  Sometimes it does though, but for one user account created using Sap GUI in OIM created two reconciliation events, so corrsponding user in oim have two records for resource SAP.
  In this reconciliation events, one have full set of attributes (Login, First Name, Last Name, E Mail, etc), another one - just these 3 attributes: IT Resource, User ID, Lock.
  "SAP User Management Delete Recon" scheduled task works ok then user account has been deleted using Sap Gui.
  How one can troubleshoot such behavior?
  Can anyone advise please?

  resolved the issue by updating sap um connector to version 9.1.2.5

• I want to bind my client certificate with machine certificate in order to bind user with dedicated one machine. Kindly help

  I have created one dedicated root CA for domain and auto enrollment has been enabled through Group Policy.
  I want to bind my client certificate with machine certificate in order to bind user with dedicated with one machine. In order to prevent duplicate logins

  Hi,
  How about using
  User Rights Assignment?
  You can deny all other users’
  log on locally right on the machine.
  User Rights Assignment
  http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
  Best Regards,
  Amy Wang

• Can't import user certificate in wallet manager EBS 12

  Hi there.
  I'm trying to configure my EBS 12 with SSL and I'm following the instructions described in metalink note number 376700.1
  Everything went well untill I tried to import the user certificate isued by verysign, when I try to do that the following error occurs: user certificate import has failed because the ca certificate does not exist.
  I created the request certificate, I sumbited to verysign, got my free trial certificate and when I try to import it, the error happens.
  Got any sugestions in how to overcome this problem?
  Regards,
  Ricardo Vilhena

  Ricardo,
  There is one reported issue with the test CA Root is that it is saved as DER encoding, but OWM expects BASE64 encoding. Please refer to the following note for the suggested solution.
  Note: 228638.1 - How to configure SSL Communication between SSO Server and OiD in 9iAS Release 2
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=228638.1
  If the above does not help, then please review the following:
  Note: 300723.1 - OWM Import User Certificate Key Error
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=300723.1

• Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)

  Hi folks,
  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
  Anybody been there done that?
  Thanks very much,
  -Adam vonNieda

  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
  Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1]     To BottomTo Bottom     
  SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
  Thanks,
  Hussein

• Anyone has experience combining local users with managed user?

  I thought this would be pretty common. We started with each user being a local admin user (12 mac systems in the office). We now got a snow leopard server and wanted to migrate everyone to a Open Directory user. We did hours and hours of research and found a few supported way to do this but having some problems....One way was to send out an invitation email from Server Preferences. When the user receives the email he can automatically convert current user into a managed user. However, the feature is suppose to synchronize password between these two users but it didn't for us, so now the user is left with a different password for the local account and OD account. What is going on? Any tips?
  This is taken from a book that I am reading:
  From a Mac OS X Server email invitation—If your network directory service is being hosted from a local Mac OS X Server that is being managed via Server Preferences, then you can bind it automatically from an email invitation sent by the server’s administrator. Clicking the “Automatically Configure My Mac” button in this email will open the Accounts preferences and bind your Mac to the Mac OS X Server and tie your local account to the server account. Again, this process will synchronize the account passwords and can automatically configure client services. Further, the invi- tation email can have clickable links to other services hosted from the server like file and web services.

  I too was thinking about this, but punted after realizing it was too messy. My current solution is to make a local user called 'localadmin' and make this same user on every machine, give it admin privileges, etc. That way, if someone wants to install some software, they can fast-user-switch to localadmin, do the install, and then reset to their actual login. Once the logins are tied to an OD server and you become a 'managed' user, the individual can change their password locally and it will indeed update the OD master.