Request a digital certificate from a certification authority

Similar Messages

• Firefox does not recognize SSL Certificate issuer Entrust Certification Authority – L1K, but Entrust Certification Authority – L1C is ok?

  We have a new Entrust SSL Certificate with issuer Entrust Certification Authority – L1K which Firefox does not recognize. Internet Explorer and Chrome are ok.
  On a different system we have an Entrust SSL Certificate with issuer Entrust Certification Authority – L1C which is ok with Firefox.

  Did you verify that all intermediate certificates are installed on the server?
  You can inspect the certificate chain via a site like this:
  *http://www.networking4all.com/en/support/tools/site+check/
  *https://www.ssllabs.com/ssltest/

• How do I request a Digital Certificate?

  Hi, I'm starting in this world of App development. I've got an HP PC with Windows 7 so I can't install Xcode or anything like that. I was using a program for iOS Apps development and I tried to build an App but it asked me for a "Digital Certificate". I've done a little research and I found that I have to request it to Apple. I'm a member of the iOS Development Centre but I can find where to request it. Help please!

  You need a Mac for that, Developing for Mac/Apple devices are not supported using Windows.

• How do I export a digital certificate from 8.0?

  I am updating the help docs for our online app and I am up to 'exporting your digital certificate. I have instructions for 3.5 but I'm now adding some for 8.0 and I can't find an export button. Help! (please)

  See if you can find the certificates on one of the tabs in the Certificate Manager:
  *Tools > Options > Advanced : Encryption: Certificates - View Certificates

• Importing a digital certificate from e-mail

  When receiving a digital certificate (in an fdf file) attachment in an e-mail in Outlook I want to automate importing it to the Acrobat trusted cert store using VBA with Acrobat classes.
  I use an Outlook rule and can get to saving the .fdf file with VBA. I have referenced the Acrobat type library in VBA. But I cant find an Acrobat import certificate function in the library.
  I am using Acrobat V8 and Outlook 2007

  I don't know if there is one,  but have you downloaded the Acrobat SDK? You cannot program Acrobat by "discovery" of classes and methods, you do need the documentation. You might have to use the VB:JavaScript linkage.

• Problem Signing Email with Digital Certificate from Smart Card, Outlook 2013

  Hi there, I'm the IT guy for a small company.  I've configured several people in the company to use their smart cards for email signing through Outlook 2013, but a a few computers are giving me this error:
  "Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address '<e-mail address>'. Either get a new digital ID to use with this account, or use the Accounts button to
  send the message using an account that you have certificates for."
  I've been in the Trust Center, I see the signing and encrypting certificates. (SHA-1 and 3DES).  Yet when I try to sign, Outlook always fails on the error.
  For my computer, I was able to fix this by adding a "SupressNameChecks" DWORD set to 1 in the Registry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook.  However, this fix is not working for the other people in the company.
  Any other ideas?  Really pulling my hair out on this one, I've tried everything I could find on the net it seems.

  Hi,
  Please checked “E-mail name” under the section ‘Include this information in alternate subject name” on the Subject Name tab of the certificate template.
  We can export the entrust managed services root CA cert from a working machine and import into the trusted root store of a non-working machine. For detailed steps about it, please refer to:
  How To Import and Export Certificates So That You Can Use S/MIME in Outlook Web Access on Multiple Computers
  http://support.microsoft.com/kb/823503/en-us
  Hope it helps.
  Regards,
  Winnie Liang
  TechNet Community Support

• Certification Authority

  We installed the Certification Authority service on a 2008 server.  How do we issue a certificate to a user to allow them to digitally sign Excel and Word documents?    When I try to sign a document the only certificate available says
  it cannot be verified. 

  Hi,
  Based on my research, we must obtain a digital certificate before we can obtain a digital signature. Therefore, we need to request a
  Code Signing certificate for this usage.
  Here are some related links below that could be useful to you:
  Walkthrough: Request a Digital Certificate from Certificate Server or create a testing Digital Certificate to sign a Package
  http://blogs.msdn.com/b/sqlforum/archive/2011/01/03/walkthrough-request-a-digital-certificate-from-certificate-server-or-create-a-testing-digital-certificate-to-sign-a-package.aspx
  Description of digital certificates
  http://support.microsoft.com/kb/206637
  What is a digital signature?
  http://technet.microsoft.com/en-us/library/cc545901(v=Office.12).aspx
  I hope this helps.
  Best Regards,
  Amy Wang

• Request Smartcard Logon certificates for more than 2 years from Certificate Authority

  Dear all,
  I have setup a Certificate Services in a Windows Server 2008 R2 domain and I request certificates via the CA webpage
  http://ipofdomainserver/certsrv using the SmartCard logon custom template.
  The problem is that my certificates are only valid for 2 years even though when I created my custom Smartcard logon I selected for validity period 5 years. 
  I read in documentation that issued certificates cannot have a greater validity than the root that signed them.
  What and where I should modify to be able to request certificates from the template for more years than standard 2 ?
  Ps: WINSC-CA is valid for 5 years. Should I generate a new WINSC-CA ? How ?

  I was successfully able to create a root CA for 20 years, issued a certificate and login using smartcard using the following procedure:
  1. I increased the CA lifetime to 20 years by using this link http://www.expta.com/2010/08/how-to-create-certificates-with-longer.html
  Created the file CAPolicy.inf in %SYSTEMROOT% with following content
  [Version]
  Signature=”$Windows NT$”
  [certsrv_server]
  RenewalValidityPeriod=Years
  RenewalValidityPeriodUnits=20
  2. Renew CA root using this guide  https://technet.microsoft.com/en-us/library/cc780374(v=ws.10).aspx
  Console Root -> Certification Authority -> select domain -> Right click -> All Tasks ->
  Renew CA certificate
  3. Delete from Console Root -> Certificates (local computer) -> Trusted Root Certification
  Authority -> Certificates the *WINSC-CA that has the previous lower validity, and from 
  Certificates (local computer) -> Personal, the *WINSC-CA that was lower validity
  4. I performed a reboot here
  5. Change in Console Root -> Certificate Templates -> Smartcard Logon Custom Template (my custom duplicate template) -> Properties -> Validity 10 years
  6. Change in registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSvc\Configuration\<CAName>\ValidityPeriod
  to value 10 for 10 years.
  7. Request a new certificate from CA webpage http://ipofdomain/certsrv and let the webpage write it to
  smartcard (I was making sure there is no other certificate on the smartcard)
  8. Try to log in. At this point it should throw an erorr that smartcard logon is not supported for this
  account type. This is becuase we need to enroll it again for domain authentication
  9. Console Root -> Certificates (local Computer) -> Personal -> Right click -> All Tasks ->
  Request new Certificate -> Next -> Active Directory Enrollment -> Next -> Select Domain Controller Authentication -> Enroll -> Finish.
  Now you should be able to login using your smartcard and 10 years generated certificate.
  Though I have a problem at step 3, after CA server reboots the *WINSC-CA certificate with lower
  validity is restored automatically, but the certificates are generated for 10 years.
  What am I doing wrong ? How can I delete the lower validity root CA ?

• Installing a certificate from a Certificate Authority

  I don't understand the process of a installing a certificate.
  I have got to the step where I have a sign request.
  Now I want to import the certificate. I am using tomcat.
  The instruction that I have say that I need to import a certificate from a signing authority. It give me the following command.
  keytool -import -alias root -keystore <your_keystore_filename> \
  -trustcacerts - file <filename_of_the_chain_certificate>
  I found link to verisign for installing the intermediate CA certificate that says you need to copy and past some text that basically says "begin certificate" block of text , "end of certificate".
  Where do I copy this block of text? Do I save it to a text file and them use it in the "filename_of_the_chain_certificate" example mentioned above. I don't see any examples that show all the details of the steps.
  Thanks.

  Hi Simon,
  It looks like you're trying to do PEAP authentication on a specific SSID, is that correct?
  Once you have the certificate generated, you'll upload it at the following location:
  Topline Menu -> Commands
  Then you'll choose "download file" and choose the certificate type to install it.
  PEAP usually calls for a server side certificate (on your authentication server) to be installed on that server. Then you have to configure the controller for 802.1x authentication on the SSID itself. Pointing to one of the authentication servers listed on the "WLAN" Menu under security "AAA Servers". The servers themselves are entered in the "Security" Menu under either RADIUS or TACACS+ tab.
  I can point you in the proper direction if you need more assistance, as I've done this many times. I just need more clarification on what you're trying to accomplish.
  Regards,
  Jerry

• CIDX Adopter Digital Certificates

  Guys,
  Here is the scenario..
  We are getting the HTTPS message from external system to XI.
  We are using CIDX Adopter to read external message and validate the digital certificates and map to ORDERS05 Idoc. As soon I trigger the message from external system (HTTPS message), I am seeing message in XI RWB adopter engine, when CIDX adopter is trying the validate the digital signatures somehow it is pointing to J2EE_GUSET user. And it is giving error as below mention.
  <b>ERROR</b>
  "Signature verification failed, alerted;Error when accessing keystore:service_ssl
  Signature verification failed, alerted
  Unexpected error while packing the CIDX message -
  null
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Error encountered while receiving inbound action; See nested exception for detailed error message -
  Message Processing caused Failure. -
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Delivery of the message to the application using connection CIDXAdapter failed, due to: Error encountered while receiving inbound action; See nested exception for detailed error message. "
  <b>Regarding Digital Certificates</b>
        We got the digital certificates from my external party and installed and
         created the Key stores in XI Visual Administration tool.
         We configured in sender agreement by selecting those key stores..
  Can any one help me on how to resolve the issue, is there any problem in Visual Admin Toll, while installing the certificates..
  Thanks
  Murali
  Message was edited by:
          Murali Babu Pallabothula

  HI,
  See the below links
  HTTP* Errors /people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  also see the below links may be useful..
  See the below links
  /people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
  SAP Java Cryptographic Toolkit
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  http://help.sap.com/saphelp_nw04/helpdata/en/fb/322f41d606ef23e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/45/341a2176b74002e10000000a155369/frameset.htm
  Also see the below threads.
  how to deal with digital signatures when converting messages?
  Certificates Vs Digital Signatures
  Security Issues: SSL on SOAP Adapter and Digital Signature in BPM
  message level security: difference digital signature and certificate
  Loading Invoice XML IDoc with digital signature via XI into R/3
  Regards
  CHilla

• Automatically download digital certificates form Net

  Hi!
  I have to download digital certificates from the prespecified URLs. I cannot use servlet. By network programming I am able to connect to the site and I can store the certificate by using IO package. But this way, the format of the stored certificates are not valid.
  Is there any way I can automatically(through coding) download the certificates or can store in a valid format?
  Regards
  Vivek

  Hi!
  I have modified my code and now the file sizes are same. but still cannot open the file. One more thing I would like to add is that, with this code if I download some exe also. the same problem happens. For normal text it works fine.
  I am attaching the code also:
                 URL url=new URL("http://www.secdom.com.au/general/certs/sdplrootca_der.crt");
                 URLConnection con=url.openConnection();
                 System.out.println("Content type is : "+con.getContentType());
                 BufferedInputStream htmlPage =new BufferedInputStream(con.getInputStream());
                 byte [] data;
                 int contentLength = con.getContentLength();
                 if (contentLength > 0)
                 try
                      data = new byte[contentLength];
                      int h=htmlPage.read(data,0,con.getContentLength());
                      htmlPage.close();
                      FileOutputStream fou=new FileOutputStream("aa_v.crt");
                      fou.write((new String(data)).getBytes());
                      fou.close();
                 catch(Exception e)
                      System.out.println("error");
                      e.printStackTrace();
                 }

• Install digital certificate (p12) in BPEL Server on 10.1.2.0.2

  Hi Guys,
  I have been using BPEL for quite some time but havent come across this one.
  We have a Business Partner whose webservice we need to call to provision something.
  For security reasons they want us to get a digital certificate from Verisign, Entrust, thwate which we got from http://www.entrust.com/freecerts/ for testing purpost.
  Its a p12 file and I cant seem to install it on our bpel server.
  Once its installed on the server they would take a cer file exported from the p12 file.
  Has someone done this already. It would be a great help
  Thanks ! ! ! !

  hi Rajesh...
  Its not creating any log file.
  I have updated in the webutil.cfg file as mentioned below
  logging.file=C:\rag.log
  logging.enabled=TRUE
  logging.errorsonly=TRUE
  logging.connections=TRUE
  And also updated in the formsweb.cfg as mentioned below
  [webutil]
  WebUtilArchive=frmwebutil.jar,jacob.jar #raghu
  WebUtilLogging=All
  WebUtilLoggingDetail=Detailed
  WebUtilErrorMode=All
  WebUtilDispatchMonitorInterval=5
  WebUtilTrustInternal=true
  WebUtilMaxTransferSize=16384
  baseHTMLjinitiator=webutiljini.htm
  baseHTMLjpi=webutiljpi.htm
  archive_jini=frmall_jinit.jar,icons.jar
  baseHTML=webutilbase.htm
  archive=frmall.jar
  lookAndFeel=oracle
  envFile=default.env
  Still it is not creating any log files.
  Is there any problem in above code and also tell me any other additional setups is required.
  Thanks
  rag.

• Requesting certificate from certificate authority

  I am in the last step of migrating from a personal account to a business account. I need to remove my old certificate, request a new one from the Certificate Authority in my keychain access. I attempt to get the new certificate, but it says the Certificate Authority email address is required. Does anybody know it or know how to bypass this step? Thanks

  I am actually working on getting this setup for user Certs. and I am having some trouble. Can you tell me how you got this working?

• How to request certificate from a non-domain computer

  We using a Windows Server 2008 R2 Enterprise CA to issuing webserver-certificates (SSL). The CA-Server is a member of a AD-Domain and online. Now we want to request certificates from computers like Windows Server 2008 R2 or Linux Server which aren't member
  of the domain.
  How we can request certificates automatically with a script remote from these Windows Servers, for example ? Is it possible to use  the "Certificate Enrollment Web Service" without the "Certificate Enrollment Policy Web Service" ?
  Is it possible to use certreq in this scenario ?
  Thanks for your help.

  Now I have found a solution. Shortly I want describe the way:
  Prerequirements:
  1. ADCS Enterprise Certification Authority is installed
  2. ADCS Certificate Enrollment Web Service is installed on a server
  3. ADCS Certificate Enrollment Policy Web Service is installed on an other server
  Steps to do:
  1. Prepare a request-file for a certificate
  2. On a computer which is not a member of the Domain/Forest of the CA-Service: submit the request to the CA and receive the issued certificate. The following command have to written in one line without line breaks.
    certreq -submit
      -Username {domain}\{username}
      -p {password}
      -PolicyServer "https://{FQDN CertificateEnrollmentPolicyWebService-Server/-Alias}/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
      -config "https://{FQDN CertificateEnrollentWebService-Server/-Alias}/{CAName}_CES_UsernamePassword/service.svc/CES"
      -attrib "CertificateTemplate:{TemplateName}"
      {Enter Path and Name of the Request-File}
      {Choose Path and Filename for certificate}
     Sample:
     certreq -submit
          -Username contoso\Serviceaccount
          -p P@ssw0rd
          -PolicyServer "https://CAPolicyEnroll.contoso.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP"
          -config "https://CAWebEnroll.contoso.com/IssuingCA1_CES_UsernamePassword/service.svc/CES"
          -attrib "CertificateTemplate:MyOwnSSLTemplate"
          request.req
          sslcert.cer
  3. Now you can find a file with your requested certificate locally in path you have choosen for the certificate-file.
  I hope this will be helpful for other people enrolling certificates on non-domain member computers.

• Issue generating a subordinate certificate - The certification authority's certificate contains invalid data

  Other recipients:
  Hi Guys, I have a root CA and a sub CA. I want to generate another Sub CA certificate from my current sub CA however when I try to do so either via web or csr file I get the below error: The certification authority's certificate contains
  invalid da
  <input role="presentation" style="width:1px;height:1px;opacity:0;" tabindex="-1" type="text" />
  Hi Guys,
  I have a root CA and a sub CA both windows 2008 R2 ent. I want to generate another Sub CA certificate from my current sub CA however when I try to do so either via web or csr file I get the below error:
  The certification authority's certificate contains invalid data. 0x80094005 (-2146877435). Denied by policy module.
  I have confirmed that the basic constraint attribute for my current subca is none so I should be able to generate a certificate for a new subca.
  Any assistance is greatly appreciated.
  Thanks.

  Hi,
  According to your description, you want to build a new CA which is under an existing sub CA (one of your two working sub CAs) to issue certificates to other devices, am I right?
  Based on my research, to achieve this, we need to install another
  Subordinate Certification Authority. During the installation process, this new sub CA will generate a certificate request to its parent CA.
  “The subordinate CA cannot be used until it has been issued a root CA certificate and this certificate has been used to complete the installation of the subordinate CA”, I quoted this
  sentence from the article I posted in my last reply.
  Therefore, in your case, the process flow should be like:
  Install a new sub CA.
  Generate a certificate request to its parent CA during installation.
  The parent CA approves this request.
  Installation of the subordinate CA has completed.
  The new sub CA issues new certificates to other devices.
  Please feel free to let me know if this method is not working.
  Best Regards,
  Amy Wang