Points / Certificate question

I preordered Destiny and used (what I thought) was a combination of available certificates and gift cards. I have been unable to access my points history, but it is saying that I have $5 in certificates to use. I have two questions,
1) Looking at the order history, I see the gift cards were used, but the points do not seem to be. Can this be confirmed for me?
2) Can the existing certificate be applied to an existing order? I am concerned with cancelling and replacing the same order as it is for a high demand product and I do not want to lose my ability to get the item.
3) Since the points history has not been accessible for me, as it seems to be the case with others, will Best Buy make an exception to the policy of reissuing rewards certificates based on this issue?
4) I have my rewards certificates set to issue at $20. Is there a way to see when I changed this versus when the last two certificates were issued?
I understand the policy of reissuing, so if that is the final answer, you do not need to send me to the fine print link. I am just hoping the interest of customer service some sort of resolution can be found. If not, I'll chalk it up as lost money to a confusing and broken system.
Also, if this is Derek answering, you have helped me multiple times with other issues. This is not intended to criticize any individuals. Thanks!

Good morning ToxicLogics,
I am more than happy to see if I can help answer your questions!
Based on your pre-order, it does not appear that any My Best Buy certificates were redeemed.
If you want to apply any active My Best Buy certificates to your pre-order, then you would need to cancel the existing pre-order and place a new pre-order.
Are you trying to view your points history by logging into BestBuy.com? If you want to view the details of your account and access your points/certificates , then you are going to wan to login to MyBestBuy.com. Your My Best Buy and BestBuy.com accounts appear to be linked.
I am unable to see when you changed your certificate preference
I would like to go over your My Best Buy account with you to ensure it is up-to-date and that your certificate preference is correct, so I will be sending you a private message. You can check your private messages by logging into the forum and clicking on the little yellow envelope at the top of the page.
Thank you for posting to the forum!
Derek|Social Media Specialist | Best Buy® Corporate
Private Message

Similar Messages

Can anybody send me the interview point of Questions on OO ABAP?.

Can anybody send me the interview point of Questions on OO ABAP?.

Hello Satish
ABAP-OO is by no means different from other object-oriented languages. Thus, you can take a book like the one for the <b>Java certification exam</b>. Having read and understood this book you are well prepared for any interview question.
Regards
Uwe

Can anybody send me the interview point of Questions on BADIs?.

Can anybody send me the interview point of Questions on BADIs?.

Check this out:
www.sap-img.com/abap/difference-between-badi-and-user-exits.htm
Re: BADI OR USER EXIT.........
www.bwexpertonline.com/archive//Volume_01_(2003)/Issue_08_(September)/V1I8A5.cfm?
Reward if helps
Vivek

MAIL certificate question

Lately I get a question box when I open MAIL.   I have Snow Leopard, and opted to keep Mobile Me at the switch this summer.   It has been working just fine,
same as always with no change. Now I get this:    note: {   }   is a description from me for something I can not create here
Verify Certificate.
The certificate for this server is invalid. You might be connecting to a server that is pretending to be "mail.me.com" which could put your confidential infirmation at reks. Do you want to connect to the server anyway?
☐   Always trust "mail.mac.com" when connecting to "mail.me.com"
{then there is a box enclosure}
☐     {this one is bwown}   Verification Class 3 Public Primary Certification Authority - G5
{below, indented}    {an arrow like this one ↵ pointing to the right to this bluish box,} ☐     VeriSign Class 3 Extended Validation SSL SGC CA
{then a larger bluish box:     "Mail.mac.com"
Issued by: VeriSign Class 3 Extended Validation SSLSGC CA Expires: Friday, April 18, 2014.
{then a red circle with an X inside, statement in red}   This certificate is not valid (host name mismatch)
     Trust
     Details
{my choices}     Hide Certificate          Cancel     Connect {in blue}
--------------------------------end of warning--------
Thank you in advance.    What should I do?   Is anyone else getting this?   The emails still coming in are directed to my email address.
Tom

I have iCloud eMail running in 10.4.11 & 10.5.8...
Do not delete the old account yet. sign up for an iCloud account if you haven't.
I understand .mac mail will still come through. Do not delete the old account yet.
You cannot use .mac or MobileMe as type of Account, you have to choose IMAP when setting up, otherwise Mail is hard coded to change imap.mail.me.com to mail.me.com & smtp.mail.me.com to smtp.me.com, no matter what you try to enter.
iCloud Mail setup, do not choose .mac or MobileMe as type, but choose IMAP...
On second step where it asks "Description", it has to be a unique name, but you can still use your email address.
IMAP (Incoming Mail Server) information:
          •          Server name: imap.mail.me.com
          •          SSL Required: Yes
          •          Port: 993
          •          Username: [email protected] (use your @me.com address from your iCloud account)
          •          Password: Your iCloud password
SMTP (outgoing mail server) information:
          •          Server name: smtp.mail.me.com
          •          SSL Required: Yes
          •          Port: 587
          •          SMTP Authentication Required: Yes
          •          Username: [email protected] (use your @me.com address from your iCloud account)
          •          Password: Your iCloud password
Also, you must upgrade your password to meet the new criteria: 8 characters, including upper and lower case and numbers. If you have an older password that does not meet these criteria, when you try to setup mail on your mac, using all of the IMAP criteria listed above, it will still give a server error message. Go to   http://appleid.apple.com         then follow directions to change your password, then go back to setting up your mail using the IMAP instructions above.
Thanks to dpepper...
https://discussions.apple.com/thread/3867171?tstart=0

Reward Certificate question

Is it possible to purchase Reward Certificates using a Best Buy gift card? Thanks.

Hello daniel77733,
I hope that you enjoyed your weekend.
The easy answer to your question is no. A certificate is usually issued when points that have posted to a member's My Best Buy account are converted into a certificate. There are occasions where we will issue bonus certificates as part of a promotional offer; however, a My Best Buy certificate cannot be purchased using a Best Buy gift card or any other form of payment. Let me know if you have any other questions.
Thank you for posting your question and for being a My Best Buy member!
Derek|Social Media Specialist | Best Buy® Corporate
Private Message

Certificate question in Web Dispatcher End-To-End SSL scenario

Hy experts,
in end-to-end SSL scenario the web dispatcher (WD) is not used to encrypt/decrypt data, it is only used to forward requests.
So I think we do need a certificate for the portal server, but none for the web dispatcher itself, right?
Another point is which data should be given for CN, DN, OU etc in this scenario (Portal or WD ??)
kind regards
Tom

Tom,
For end to end SSL you do not need a certificate for the Web dispatcher but your J2EE engine should be configured to be accessible over SSL.
If you get the SSL certificate issued for the J2EE based on the name of the J2EE host it will result in a warning message as portal will be accessed using host name of Web dispatcher, so get the certificate issued under the name of the web dispatcher hostname. So, adjust your CN, DN, OU accordingly.
Cheers!!

AMT VPRO Enrollment Point Certificate Issue

I am having issues provisioning some machines in ConfigMgr 2012 SP1. They get to the point where they say Not Provisioned in the console and detect the version, but they won't provision. I have a cert from GoDaddy with the right hash and have
followed the steps to set it up to the best of my knowledge, but it seems there is an issue between my Enrollment Point and my CA. The clients are AMT version 5.2.1. I'll include the 3 logs with errors. The first two are from the monitoring
section of ConfigMgr.
SMS_AMT_OPERATION_MANAGER
Severity Type
Site code Date / Time
System Component
Message ID Description
Error Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:15:09 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:14:05 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
Error Milestone
NCT 7/18/2013 8:13:01 AM
WAUSCCM2.NTC.EDU SMS_AMT_OPERATION_MANAGER
7218 The out of band service point failed to request a certificate by using the enrollment point.
SMS_ENROLL_SERVER
Severity Type
Site code Date / Time
System Component
Message ID Description
Error Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_ENROLL_SERVER
8304 Enrollment Point cannot accomplish tasks on the CA. Possible cause: The Certification Authority is down. Action to take: Check if the Certification Authority is running properly.
Possible cause: The credentials used to connect to the Certification Authority are incorrect.The CA is not functioning correctly. Action to take: Check if the Certification Authority is running properly. Check if the credentials used to
communicate with the CA server are correct.
Information Milestone
NCT 7/18/2013 8:16:13 AM
WAUSCCM2.NTC.EDU SMS_ENROLL_SERVER
8309 The Enrollment point connected to the Certification Authority successfully.
amtopmgr.log
>>>>>>>>>>>>>>>Provision task (In Band Provision) begin<<<<<<<<<<<<<<<
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Provision target is indicated with SMS resource id. (MachineId = 16780470 CHS2021A-49422.NTC.EDU)
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Found valid basic machine property for machine id = 16780470.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Warning: Currently we don't support mutual auth. Change to TLS server auth mode.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
The provision mode for device CHS2021A-49422.NTC.EDU is 1.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
The IP addresses of the host CHS2021A-49422.NTC.EDU are 10.1.22.20.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Root hash of provisioning certificate is 2796BAE63F1801E277261BA0D77770028F20EEE4.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Attempting to establish connection with target device using SOAP.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Create provisionHelper with (Hash: 2039F65277E499505D10AC073579B558582CFC97)
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Set credential on provisionHelper... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:38 PM 1132 (0x046C)
Try to use default factory account to connect target machine CHS2021A-49422.NTC.EDU...
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:38 PM
1132 (0x046C)
Core version of target machine CHS2021A-49422.NTC.EDU is: 5.2.1.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:41 PM
1132 (0x046C)
Succeed to connect target machine CHS2021A-49422.NTC.EDU using default factory account.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:41 PM
1132 (0x046C)
GeneralInfo.GetProvisioningState finished with HResult = 0x0, status = 0x0, clientErr = 0.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:45 PM
1132 (0x046C)
Get device provisioning state is In Provisioning
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:45 PM
1132 (0x046C)
Passed OTP check on AMT device CHS2021A-49422.NTC.EDU.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Processing provision on AMT device CHS2021A-49422.NTC.EDU...
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Successfully get AD account for AMT device CHS2021A-49422.NTC.EDU.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
AMT web server certificate Template: ConfigMgrWebServer.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:48 PM
1132 (0x046C)
Call https://WAUSCCM2.NTC.EDU:443/EnrollmentService/AmtEnrollmentService.svc to issue Certificate
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: SCCMCertCredentials - finding self signed sms cert by thumbprint
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - finding in LocalMachine, store Sms, find type FindByThumbprint, validOnly = False
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - there are 6 certs in the specified store
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - Found certs via FindByThumbprint, count = 1
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].FriendlyName = Site System Identification Certificate
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].Subject = CN=Site System Identification
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
[EnrollmentWrapper]: FindCertificate - cert[0].Issuer = CN=Site System Identification
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
ERROR: [EnrollmentWrapper]: Enrollment service reports error: CertificateAuthorityError. Detail message: Submitting cert request and issuing cert failed
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
Fail to call SubmitRequest in IssueCertificateFromES
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
STATMSG: ID=7218 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_AMT_OPERATION_MANAGER" SYS=WAUSCCM2.NTC.EDU SITE=NCT PID=1952 TID=1132 GMTDATE=Wed Jul 17 19:40:49.352 2013 ISTR0="" ISTR1="" ISTR2="" ISTR3=""
ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
ERROR: Fail to issue certificate SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:49 PM 1132 (0x046C)
CStateMsgReporter::DeliverMessages - Queued message: TT=1201 TIDT=0 TID='Unspecified' SID=13 MUF=0 PCNT=1, P1='CHS2021A-49422.NTC.EDU' P2='' P3='' P4='' P5=''
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
CStateMsgReporter::DeliverMessages - Created state message file: C:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\csd1mn93.SMX
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
Error: Can't finish provision on AMT device CHS2021A-49422.NTC.EDU with configuration code (0)!
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
>>>>>>>>>>>>>>>Provision task (In Band Provision) end<<<<<<<<<<<<<<<
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
General Worker Thread Pool: Warning, Failed to run task this time. Will retry(3) it
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:49 PM
1132 (0x046C)
AMT Provision Worker: Wakes up to process instruction files
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: 1 task(s) are in the pending list.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: There are 1 tasks in pending list
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:40:58 PM
3540 (0x0DD4)
AMT Provision Worker: Wait 11 seconds... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:40:58 PM 3540 (0x0DD4)
AMT Provision Worker: Wakes up to process instruction files
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: Send task CHS2021A-49422.NTC.EDU to completion port
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: 1 task(s) are sent to the task pool successfully.
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: There are 1 tasks in pending list
SMS_AMT_OPERATION_MANAGER 7/17/2013 2:41:09 PM
3540 (0x0DD4)
AMT Provision Worker: Wait 20 seconds... SMS_AMT_OPERATION_MANAGER
7/17/2013 2:41:09 PM 3540 (0x0DD4)
Let me know if any other info would help.
Thanks,
Ross

Since no one has answer this post, I recommend opening a support case with CSS as they can work with you to solve this problem.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

2012 SCCM SP1 Distribution Point Certificate store error on Server 2003 R2

Has anyone had this issue on Server 2003 R2 where you are getting this error listed below? All content is being distributed ok. But, monitoring is showing errors with all my Distribution points and I want these errors to go away so I don't have to sift through
all the darn errors.
Thanks for your help. Daniel.
Report status message 0x40000952 to MP
Failed to create certificate store from encoded certificate.. This is usually caused by a problem with the program. Please check the Microsoft Knowledge Base to determine if this is a known issue or contact Microsoft Support Services for further assistance.
The parameter is incorrect. (Error: 80070057; Source: Windows)
Status message has been successfully sent to MP from remote DP

I have found the error message in the smsdpmon.log on a Windows Server 2003 SP2 system acting as a Distribution Point (only). The error shows up when / during a scheduled content validation on that server and is repeated after each package is "validated".
From the smsdpmon.log:
- Start to evaluate package share for package 'XXX0004F' version 5 ...
- Package XXX0004F is verified successfully
- Report state message 0x40000950 to MP
- Failed to create certificate store from encoded certificate.. This is usually caused by a problem with the program. Please check the Microsoft Knowledge Base to determine if this is a known issue or contact Microsoft Support Services for further assistance. The parameter is incorrect. (Error: 80070057; Source: Windows)
- Report Body: <ReportBody><StateMessage MessageTime="20140315150802.000000+000" SerialNumber="5"><Topic ID="XXX0004F" Type="901" IDType="0"/><State ID="2384" Criticality="0"/><UserParameters Flags="0" Count="2"><Param>XXX0004F</Param><Param>["Display=\\DPSERVNAME.domain.com\"]MSWNET:["SMS_SITE=XXX"]\\DPSERVNAME.domain.com\</Param></UserParameters></StateMessage></ReportBody>
- Report status message 0x40000950 to MP
- Failed to create certificate store from encoded certificate.. This is usually caused by a problem with the program. Please check the Microsoft Knowledge Base to determine if this is a known issue or contact Microsoft Support Services for further assistance. The parameter is incorrect. (Error: 80070057; Source: Windows)
- Status message has been successfully sent to MP from remote DP
- Report status message 0x80000954 to MP
- Failed to create certificate store from encoded certificate.. This is usually caused by a problem with the program. Please check the Microsoft Knowledge Base to determine if this is a known issue or contact Microsoft Support Services for further assistance. The parameter is incorrect. (Error: 80070057; Source: Windows)
- Status message has been successfully sent to MP from remote DP
I tried to pretty up the above - not sure that I was successful.
The site server is a Windows Server 2012 R2 Standard running SCCM 2012 R2.

EAP-TLS User Certificate Question

I've setup a test ACS server and have everything functioning correctly including the WLAN. However, is there anyway for EAP-TLS to use ONLY the machine certificate and not the user certificate? We are not currently setup with per-user certificates. I'm guessing not on this... My primary question then is with User Certificates, how do you handle the following scenerio:
I have many CoW's (computer on wheels) through out the hospital that nurses use for inputting patient information. They all have a simple generic username/password (BADDD!!!!) so with this user it won't be hard to have default_user certificate install on the machines. But what if Doctor X decideds to walk up to one of these CoW's and wants to logout and log back in with his user/password on a machine he's never used before. How do we handle making sure he's able to connect if doesn't already have a cert on this computer? I'm quite mistified by this.
Thanks
-Raun

If you are using the MS Supplicant, you need the following registry settings:
"HKLM\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global\AuthMode", 2, "REG_DWORD"
"HKLM\SOFTWARE\Microsoft\EAPOL\Parameters\General\Global\SupplicantMode", 3, "REG_DWORD"
This forces it to only use hardware certificates and sets the authentication to do the correct RFC polling.
As for the other issue, MS CA user certs do not "roam". Yet. There is discussion of roaming credentials being in Windows 7, but not entirely what that means. Roaming certificates can be easier with a product like Venafi. There "Encryption Management" tools are certificate management suites. The do have roaming management, or at least did when we talked to them.
Oh, and if you use two CAs (hardware and user), the separation keeps it straight too.

OIF 11.1.1.4.0 Signing Certificate Question

How does the old/new model for Wallets (Security and Trust) used for Signature and Encryption works?
We are trying to roll out two signing certificates at the same time. This will allow our customer to update their IdPs (the ones that decided to verify our signature) at their own pace.
When I install two certs (PKCS wallet) I can retrieve them with /fed/sp/cert?type=new and /fed/sp/cert?type=old . But how does the SP knows which cert needs to sign with? At this point it seems that all request to the ACS (fed/sp/samlv11sso) are being answered with the old certificate.
I have been looking all over for documentation on this process and still can't find anything relevant.
*PS we use SAML 1.1 Artifact profile.
Thanks!
-Noel

I found the answer and I guess is not what I was thinking it was.
8.3 Managing Signing and Encryption Wallets
Oracle Identity Federation provides a way to update signing and/or encryption wallets smoothly, without interrupting service.
When you need to replace a signing or encryption wallet and a new one is uploaded, Oracle Identity Federation saves the old wallet. The server then continues to use the old wallet in all transactions until it is removed. However, generated metadata will contain the new wallet information as well as the old information. This allows time to notify remote providers about the change.
Once new metadata has been created and distributed to all remote providers, the old wallet can be deleted and Oracle Identity Federation will use the newly uploaded wallet for all subsequent transactions.

Certificat question

Hello Friends.
PERFORM subroutine USING var.
The var field is known as what type of parameter?
A: Formal
B: Actual
C: Static
D: Value
thanks in advance,
Moderator message - Please see Please read "The Forum Rules of Engagement" before posting! HOT NEWS!! before posting. Certification questions not allowed - post locked
Edited by: Rob Burbank on Oct 22, 2009 11:34 AM

<< Content and points removed>>
Edited by: Rob Burbank on Oct 22, 2009 11:36 AM

Client certificate question

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Hello,
I am novice with certs and I have a question. I want to implement EAP-TLS in a WPA deployment and I have a question about the client-side certificate.
When I install a client certificate in a machine for a specific user, is this certificate only valid for this machine and this user? Or can I export this certificate and use it in another machine but the same user?
Thanks in advance,

From my experience, you can copy the certificate to another computer (assuming a modern OS). There are two problems with this, though:
1 - You must be able to export the entire certificate, including the private key, to be able to use the certificate on another machine. Most PKI implementations prohibit/disable this.
2 - If you can export the certificate, including the private key, then you are risking the loss of integrity of your PKI. Someone else can get that cert with the private key and impersonate the user.

Aperture2 - Recovery and Black Point adjustments question

I purchased the Aperture2 upgrade and, I'm impressed!!!
I have a question:
In the *Adjustment Tab*:
Two features in the *Exposure area, "Recover and Black Point"*, works sometimes and other times it does not.
There must be a reason for it - I just can't figure out why this happens. One would think that it should work all the time!?
Anyone know?

C and Scott, thanks so much for trying to help this old codger learn new tricks.
All the images I imported into Aperture2 are projects already completed and therefore I won't need to make adjustments to them. I was using them to test and learn the new Aperture2 features.
But, Just in case I ever need to convert a RAW image from A1x to the A2 format I'll know how to do it.
As I said before, as long as my new RAW images that I import directly into A2 have all the features available, I'm a happy camper. I won't be importing any images into A2 until after my shoot this evening, so, do you know if this is the case?

A PKI Code Signing Certificate question.

Hello,
Can someone please help me with the following question.
I have created and used a code Signing certificate from our Microsoft Enterprise CA before which works OK, but I am not sure I did it correctly, and have a few related questions please.
what I did.
1: Logged on the CA directly, went to the CertSvc web site, requested a code signing cert, issued it and exported it along with the private key.
2: Imported the above certificate into CurrentUser/My store on PC and used it to sign code
3: Took the came certificate (along with the private key, and this is where perhaps I made at least one mistake) and imported it into the 'Trusted Publishers' store the PC that will be running the signed code. This step was done so the user does not receive
a message asking if they want to run the code signed by "AAnotherUser" as it were, as although the code is signed by a trusted CA, the user still gets this warning message as the 'Publisher' is not in the 'Trusted Publishers' list. Therefore the
way I sorted this at the time was to take the whole certificate as above and import to this store.
The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store? in other words should I have imported the certificate 'minus its
private key' into the trusted publishers store?
Also, I understand you have to have the certificate along with is private key to sign code. I am 'assuming' a Hash of the code is taken and this is signed (encrypted) with the private key (in the same way a CA signs a CSR for a WEBServer cert for example),
is that correct i.e. is that what it mean to sign code?
if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same value.
Is this correct?
My next question is regarding the private key. As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
if the above is possible (which would make good sense to me I think) then I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me. It would also mean which every computer I logon to in the domain I would
have access to the private key (but no other user) and therefore be able to sign code I assume. Does this last paragraph make sense can this be done/is this done?
Basically I need to understand the above, in order to understand more about Crypto.
I also need create a code signing cert for a 'department' of about 10 people. Therefore I was thinking about creating and AD account called 'XYZCorpCodeSigning' or what ever, and issuing a code singing cert to this entity. If the private key could be stored
in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure, I think.
I know there are several question above, but it would be great it they would be answered as I would help me understand more about how it all works and to solve a problem too
Thanks very much
AAnotherUser__
AAnotherUser__

> The first mistake I made (as far as I can see as I am new to this area) I think I should have not imported the certificate 'along with its private key' into the trusted publishers store
yes, it is not correct. Only public part should be imported to a Trusted Publishers container.
> is that correct i.e. is that what it mean to sign code
exactly. Encryption with private key and decrypting with public key is called "digital signature".
> if the above is correct then I assume you only need the 'public' key of the code signed cert in the 'Trusted Publishers Store' to verify the code was signed by a trusted CA and it has not been altered e.g. the Hash code still computes to the same
value. Is this correct?
yes. Client uses only public part of the certificate to validate the signature.
> As I need to 'Login' to AD in order to request a code signing cert, can the 'private key' not be stored securely in AD along with my AD User account?
normally code signing certificates are not stored in Active Directory and should not be there, because signing certificate is included in the signature field.
> I do not have to worry about looking after the safety of the private key as the system 'AD' can do this for me.
this is wrong assumption. A user is responsible to protect signing private key from unauthorized use.
> If the private key could be stored in AD then accessed used once signed in as this account (these 10 people would need to know the password for the account) this would make life easier/more secure
wouldn't, because if something happens -- you will never know who compromised the key.
as a general practice, we recommend to purchase at least few smart cards to store signing keys. Depending on a particular code development practice, there might be a dedicated employee (for example, manager of devs) who the only has access to a smart card
(and PIN) and signs the code upon dev request. Or issue a dedicated smart card with unique signing certificate to each developer. However this will add a complexity in signing certificate trust management.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.

Exchange OWA Certificate Question

Hello All
I just have a question regarding exchange owa certificate which is about to expire. (owa.domain.com, autodiscover.domain.com, mail.domain.com )
I have
Site one
Mailbox 2013 Server1
CAS 2013 Server1
Edge 2013
Site 2
Mailbox 2013 Server2
Cas 2013 Server2
Edge 2007
Exchange high availability configured. On ECP I am seeing my OWA certificate about to expire on both CAS on the same day(same cert)
I would like to create a new certificate, not renew as I have some old domains to remove from the cert.
My question is, when I create the the new request from ECP - Cas Server1, send to the CA and then install the, how will this reflect for the certificate that is expired on CAS server2?
Thanks

Hi nricki,
Agree with Hinte, you can export the new certificate which was created in CAS1 server and then import it to CAS2 server.
The following article for your reference:
How to Export/Import an SSL Certificate to Multiple Exchange 2013 Servers
Best regards,
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Niko Cheng
TechNet Community Support

Points / Certificate question

Similar Messages

Maybe you are looking for