Purchasing a digital certificate for SCOM usage
I am having problems with certificiates for SCOM (based on our infrastructure I believe not SCOM) and have asked some questions on it below -
Digital certificate issues
However I would like to break out one question and that is if I dont want to (read cant) use an internal CA at the moment where can I purchase two certificates for SCOM MS and gateway? When I look on the obvious sites such as Entrust and Thawte for instance
it seems easy to order a web SSL certificate for instance but how would I go about ordering the type I need and what sort of information would I need to provide?
Many thanks
Hi,
This can be a public CA such as VeriSign. Please check if the following post is helpful.
http://social.technet.microsoft.com/Forums/systemcenter/en-US/7e8dde55-6e55-4109-8da5-85a93fa64ea0/using-a-thirdparty-for-ssl-cert-for-scom-gateway?forum=operationsmanagerdeployment
Niki Han
TechNet Community Support
Similar Messages
-
How to filter list of digital certificates for signing PDF
Is it possible to change the configuration of Reader installation to filter the list of installed certificates that can be used for digitally signing documents?
The filtered list will appear when users attempt to select a certificate for digitally signing a document.
Thanks.Hi Carla,
Unfortunately, Extended Key Usage is not one of the properties you can enforce.
The things you can set are:
appearanceFilter (i.e. enforce the use of a custom signature appearance)
certspec(i.e. the signing certificate must meet some specific criteria) <<<----- This is what you are more interested in, more below
digestMethod(i.e. enforce the use of a specific cryptographic hashing algorithm)
filter (i.e. enforce the use of a specific security handler if you want to use something other than the one built into Acrobat)
legalAttestations (i.e. enforce the reason or purpose of the certifying signature)
lockDocument (i.e. enforce any further changes to the document after the signature is applied)
mdp (i.e. the rules for changing the document applied as part of a certifying signature)
reasons (i.e. a list of one or more reasons the signer can use, as opposed to them adding their own)
shouldAddRevInfo (i.e. force the inclusion on the revocation information (CRL or OCSP response) in the PDF file)
subFilter (i.e. require the use of a specific signature format. This is very arcane)
timeStampspec (i.e. require the use of a specific time stamp server)
version (i.e the minimum version of Acrobat that can decipher the signature. the only two options are versions 6 or 8)
The second item is the certspec, and this is what I've been pointing you towards. For the sake of discussion, think of everything you can read in a certificate as an extension. The serial number is an extension, the subject is an extension, the valid from date is an extension, etc. When a certificate is created, some of these extensions are required, other optional, and you can even add in extension that are not publicly defined, and only you will know about.
Acrobat has the ability to enforce the signer to use a certificate that contains some, but not all of the known extensions. The extensions it can enforce are:
issuer (i.e. require the use of a certificate that is issued by a specific Certificate Authority)
keyUsage (i.e. require the signers certificate contain one or more of the nine possible values that can be included)
oid (i.e. require that the Certificate Policy extension contain a specific value)
subject (i.e. require that the document is signed by one specific person using one specific digital ID)
subjectDN (i.e. require that the document is signed by one specific person, but they get to choose which digital ID to use)
url (i.e. if a required digital ID is not available, where the signer can procure an acceptable digital ID)
urlType (i.e. if the user is directed to the URL, should it be a web server where they can download a digital ID or a remote signing server where the digital ID stays on the remote server)
That's it. If it's not one of these items then Acrobat cannot enforce that the item is available. Extended Key Usage is not on the list.
Steve -
Best practices for buying a digital certificate for Exchange 2013
Good dayfriends,
Could you indicateme which are the bestpractices when buying
a public digital certificatefor use onExchangeServer 2013.
I'd be interested in knowing your opinion about
using wildcardor SAN certificates.
Likewise what are the best recommendations
to include names and why they should or
should not include the internal FQDN
of my servers.
Currently I have an infrastructure that has two
MailBox servers,two CAS servers and an EDGE
2010 server, but I'm planning update it to Exchange 2013.
I searched what are the best
practices according to Microsoft but
have found little information.
I would appreciate
if you can post links like
Microsoft KBs and other technical documents that
discuss the above mentioned.
Thanking your
invaluable support.
Greetings.Hi,
Personal suggestion, we can use two namespaces for your Exchange 2013:
Autodiscover.domain.com (Used for autodiscover service)
Mail.domain.com (used for all Exchange services external and internal URLs)
Please pointed mail.domain.com and autodiscover.domain.com to your internet facing CAS 2013.
For more information about Digital Certificates and SSL in Exchange 2013, please refer to the
Digital Certificates Best Practices part in the following technet article:
http://technet.microsoft.com/en-us/library/dd351044%28v=exchg.141%29.aspx?lc=1033
Additionally, here are some other scenarios about certificate planning in Exchange 2013:
http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx
Regards,
Winnie Liang
TechNet Community Support -
Bank of America Digital Certificates for Bank of America Direct & iphone 3G
I did a quick search and didn't see anything that i think i am looking for.
I am trying to access The Bank of America Direct Web Page. To do this from my work computer, I am given a Digital Certificate, that i download to my computer. I am then able to access the website, (after imputing usernames and passwords of course)
At work i use an IBM (LENOVO) ThinkPad.
I know i can export the digital certificte to other computers so that i can access the webpage from home or another desktop if i need to.
Does any know if it is possible to export this digital certificate to the Phone 3G, so that the webpage can be accessed from the safari browser?
Thank you
JoeThanks, but i beleive the BofA Direct website is separate from the general BofA personal account site.
-
How to use digital certificate for client authentication in PCK
My sap jca adapter need support digital certificate on client authentication. how to implement it in j2ee or pck?
Message was edited by: Spring Tangrefer the following links
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
please let me know if u dont find relevant information -
Creating Digital certificates for SOAP Receiver Adapter
Hi
In Visual Admin...> if we go to the "key storage" and try to create the certificates, we have the options of
selecting the below algorithms.
RSA-512,1024
DH -512,1024
DSA-512,1024
But SOAP Receiver Adapter supports only the below encryption algorithms.
3DES
DES
RC2-40
RC2-64
RC2-128
Still if I try to use any of the RSA, DH, DSA algorithms to create the certificates in visual admin and if I
use the same certificate in SOAP Receiver adapter, I am getting the below error in sxmb_moni
com.sap.aii.af.ra.ms.api.DeliveryException: Unsupported keysize or algorithm parameters.
Could you plz advise, is there any provision in XI to create the certificates using the algorithmS 3DES, DES, RC2 ? or We got to import the certificates from third-party which supports 3DES, DES and RC2 ??
Regards
kumarcan't wait further so closing the thread
-
How do I get a digital certificate for WebLogic Server?
I has three files(*.der, *.pem, *.pem)generated by weblogic certificate sevlet. And I has also got file from verisign throuth my CSR file. But when I give the *.der file to server key file name field on the console, some error occur in my weblogic:
<2002-6-12 %u4E0A%u534811%u65F622%u520614%u79D2> <Alert> <WebLogicServer> <Security configuration pr
oblem with certificate file config/mydomain/eintech-key.der, java.io.EOFExceptio
n>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
I don't know where is the error raise? help me?Hi.
Just a guess, but sometimes this happens when the .der file is actually in .pem format, or vice versa. You might try changing the name of the cert to .pem, specify it in the console and see if that helps.
You also might get a better answer posting this question on the security newsgroup.
Regards,
Michael
javachina wrote:
I has three files(*.der, *.pem, *.pem)generated by weblogic certificate sevlet. And I has also got file from verisign throuth my CSR file. But when I give the *.der file to server key file name field on the console, some error occur in my weblogic:
<2002-6-12 %u4E0A%u534811%u65F622%u520614%u79D2> <Alert> <WebLogicServer> <Security configuration pr
oblem with certificate file config/mydomain/eintech-key.der, java.io.EOFExceptio
n>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1045)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:480)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:202)
at weblogic.Server.main(Server.java:35)
I don't know where is the error raise? help me?--
Michael Young
Developer Relations Engineer
BEA Support -
I have the gift certificate I sent to My Daugther and it has two codes, one is PIN and the other one is a gift card number! I tried entering each one and every time it says code not valid!
Does anyone have a solution?You have a phone that was returned as defective. How it got into the market again is anyone's guess, but the ONLY way to resolve it is to call Apple, and that may not resolve it either if it was pilfered by someone at an Apple repair center.
-
How to get digital certificate informaiton of the email in mail adapter
Hi, expert:
I have a requirement to verify the validation of coming email with digital certification. The mail is with digital certification. If the coming email is valid, I 'll get the attachemt of the mail for further processing. I have a sender mail adapter and receiver file adapter configued.
I have already my own developed adapter module, which is configued in mail adapter. My question is how to retrieve the detailed certificate information in the adapter module developed by myself. Is it feasible?
Thanks a lot.Hi Oscar !!
refer this blog & links , you will get all you are looking for
<b>How to use Digital Certificates for Signing & Encrypting Messages in XI</b>
/people/varadharajan.krishnasamy/blog/2007/05/11/how-to-use-digital-certificates-for-signing-encrypting-messages-in-xi
http://help.sap.com/saphelp_nw04/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
Thanks !
Regards
Abhishek Agrahari -
Custom certificates for JAR file signing
Hi,
Can anyone please let me know how to check that we have custom certificates for JAR file signing set up in our instance
Thanks,
PraveenIt depends on the version of your $ADJVAPRG. See the referenced note.
How to use,create and /or update Digital Certificates for Jinitiator in 11i Applications
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=365735.1 -
Cisco ISE User Authentication Certificates for Wired and Wirless Users (BYOD)
Can any one tell me from where we can purchase User Authentication Certificates for Wired and Wireless Users (BYOD) for Cisco ISE. Also Confirm what certificates we required for the purpose.
Please suggest the Website form where we can purchase and ipmort in Cisco ISE certificate Section.
Thanks.Dear Mohana,
Thanks for your reply, Can you please confirm me in regards EAP-TLS certificate, which authorities you recomend if i go to Go dadday or very Sign to buy it and then import in ISE.
Looking forward for your reply.
Regards,
Muhammad Imran Shaikh
Resident Engineer, IT Network Section - PPL
Mobile : 0092-312-288-1010
LinkedIn : pk.linkedin.com/pub/muhammad-imran-shaikh/10/471/b47/ -
Exporting Digital Certificates in Yosemite
I just freshly installed Yosemite and my apps on my MBP, along with digital certificates for secured emailing. I'm trying to export these certificates from the Keychain for safekeeping but for some reason I can no longer export them as Personal Information Exchange Files (.p12). I get several other options but I'm not sure which option to choose, or if I should use any of those options. Any information will be greatly appreciated.
It appears that this problem was related to the same problem in my other discussion, which you were kind enough to respond to, as well:
Password Needed For Sending Emails - EVERYTIME
After I reseted the keychain I was able to export as a .p12 file just fine.
Correct me if I'm wrong, but it seems that only the .p12 format exports certificates with a paraphrase attached for security. -
Do you have to deal with a CA to get digital certificates?
Hi,
I'm investigating the use of digital certificates for communication
between our WLS internally. I would like to be able to generate my own
certificates and keys for our testing purposes. I'm under the impression
that the only way to do this is to deal with a Verisign or somethin like
that and to buy a license. Am I correct? Or is there another way to do
this?
Thanks,
L
Laurent Duperval <mailto:[email protected]>
Je suis le plus fort! ... Je suis encore plus fort que tout à l'heure! ...
Tiens... pour me définir, le mot fort ne l'est plus assez!
-Léonard le géniethanks everyone, helped alot, cant wait to buy one of these
-
Multiple SAP Passports(Digital Certificates)
Hi Guys,
I want to know how i could have multiple digital certificates created to login to service.sap.com.
My case is that i have 2 S IDs. I have created an SAP Passport(digital certificate) for 1 S ID, so that i dnt have to enter the user name and password every time i login to service market place. However i would want to create a digital certificate for my other S ID as well. How do i do that..
Help appreciated
Rgds,
PrabinathHi Aj,
When your SAP passport expires SAP recommends to delete your old SAP Passport and create new passport. Since the new SAP Passport is valid already, there is no reason to retain the old one.
Please check and let me know if you need any information.
Regards,
Kiran .V -
I want to give an email gift certificate for a single song download ($1.10)
Hello
Is there a way to give an email gift certificate for less than $10 USD?
I want to give an email gift certificate for a single song download ($1.10) and can't figure out how to do it.
Please help
Thanks
RichardThere isn't a way to purchase a gift certificate for that specific amount, but it is possible to gift one particular song to someone as a gift. You can read about it here.
Maybe you are looking for
-
Having issues with acrobat 9 standard installation
I'm having problems with acrobat 9 not printing PDF documents. I uninstalled the program without deactivating. Now when I attempt to reinstall I get the following error 1935. An error occurred during the installation of assembly component {6633265
-
Help! Can't open Raw files
Hello all, Not exactly an expert here but I am trying to follow the instructions. I have cs2 and trying to open raw files. I have downloaded the update, as instructed, unzipped and placed in the file, again, as instructed. CS2 STILL says 'can not ope
-
Hi After migration from UCM 11.1.1 to WCC 11.1.1.7 and browse through my sites I see are not loaded js, images and css files, in my source Content Server i have: Mapped Folder Web Location http://hosts:port/cs/xx/Pages/css/stylePage.css Web Loc
-
Nokia N97 Mini Can't Open Photos
So I downloaded the latest version of Nokia Photos from Ovi Suite today. When I unplugged it from the laptop, I found that I couldn't open my photos in albums, captured or months. I double tap it but this doesn't do anything. Please Help! Is there a
-
Hello everybody, I have a problem with the search terms in the BP transaction. In the 'Adress' section, I want to replace the field 'Search term 1/2' by 'UID/N° de Siret' and I cannot manage to do it. I tried with the Screen Painter but since the fie