Restric manager certificate and grant authority

Similar Messages

• HT204074 whats the difference between managed devices and authorized computers

  What is the difference between the 10 managed devices and 5 authorized machines? What cant I do on the Unauthorized device that is a managed device?

  This is my understanding of it.
  Authorisation only applies to computers, not devices (iPads, iPhones, iPod Touches) - it allows you to play/use your iTunes downloads on that computer e.g. playing music, films etc., and to sync that content to a device. Up to 5 computers can be authorised at a time.
  Having a device associated (or managed) with your account, which can be up to 10 computers and devices (and as each associated computer must also be authorised to your account it means that at most 5 of the 10 can be computers) means that you've used iTunes Match, automatic downloads and/or re-downloaded past purchases on them. Once a device or computer is associated to an account it will be tied to that account for 90 days. You can still sync content to a device without it being on the associated list.
  A managed computer must also be an authorised computer, so you can't have one that is unauthorised but associated.

• Hospital management and Grant management addon for SAP B1 2005A / 2007 A

  Dear friends,
  I like to know if any company has made any addon on Hospital management and Grant management for SAP B1 2005 A or SAP B1 2007 A , in english.
  In case anybody know pl provide the info in company website,contact info and some details on add-on features.
  Regards,
  Pankaj Gandhi.

  Hi there,
  Try these guys - I found them on the SSP catalog
  Quintegra Solutions Limited
  they have a certified add-on entitled  "Hospital Management & Information System"
  or
  PT MITRAIS
  http://www.mitrais.com/medical/medicalHospital.asp
  regards,
  Stella (Partner Service Advisor)

• If I've installed an app from the app store and the author's distribution certificate expires, my app will still run or not? Thanks a lot.

  If I've installed an app from the app store and the author's distribution certificate expires, my app will still run in my device or not?
  For example in the case that the author won't renew the certificate itself, i guess his app will be removed from the app store; but what happens to the apps installed in the devices?
  Thanks a lot.

  The author's certificate is only used to authenticate the author when the app is uploaded to the app store.
  The app is then signed by Apple before being added to the app store.
  Nothing will happen to your app except you won't get any updates.
  Evertually, iOS upgrades could stop the app from working if you upgrade iOS beyond what the app supports.

• How to revoke and grant permission in java using Security Manager  ??

  I like to revoke and grant permission through java code..can anybody give me a sample code.

  Discussion is here:
  http://forum.java.sun.com/thread.jspa?threadID=731363

• "Certificate and Attachment uploading in SRM ROS at initial stage

  Hi....
  Can any one suggest ,
  1. Exactly which service need to be publisted  in SICF for the link of Supplier Self Registration , which we place at home page of company and intrested Supplier come &enter important information about him and assign himself to some product Catagory ?
  2. We need  Vendor /subcontractor should attach his Certificate and Licence ,maintain the expiraty dates ...in ROS at initial or 1st stage of registration is in SAP standard or need  some devolopment ?
  Thanks in advance.
  Regards
  NAP

  Hi,
  Regarding to the logon, create an anonymus user id with the SAP_EC_BBP_CREATEUSER and SAP_EC_BBP_CREATEVENDOR roles. When this is done (user id exists and password is set up) go to the ROS_SELF_REG BSP (DEFAULT_HOST->SAP->BC->BSP->SAP->ROS_SELF_REG) and in the Service Data tab page, enter the user name, password, and client. After this, you will be able to logon to the registration form.
  1.1), 1.3) Yes, you are right.
  1.2.) I am not so experienced in ROS, so i am little bit confused. The supplier montior is the "ROS_PRESCREEN" BSP. In here you can check the registered suppliers (via ROS_SELF_REG), check its data and you can accept or reject the vendor's registration request-> we are still only in ROS. If you want to transfer any vendor master data from ROS to SRM (!ERP IS DIFFERENT! I talk about it later) you have to "start" the trasfer from the SRM system. For this, i think you have to use the "BBP_SUPP_MONI" transaction in SRM and via OPI interface, the vendor master data is transfered into SRM (vendor is created). If the vendor is in SRM, on the SRM portal you can change the vendor's attribute to "Portal Vendor" and here you can define the user id/password in order to provide the authority for vendor to logon to SUS (SRMSUS BSP)
  Transfer from ROS to ERP (SAP R/3) is not possible in standard way (it is very strange, but true). I have to manage in this way the vendor master data transfer, but it can be managed only via custom interface (however, you can find some "templates" which can be reused)
  Regards,
  Attila

• Granting Author Permission to Specific Page

  Hi,
  I have the requirement to grant individual authors access to their specific page (and no other pages()
  I found something unexpected in doing this.
  I created a user "product1" and granted them read / write / create / delete access to:
  /content/mysite/en/products/product11
  This let them navigate to:
  http://myauthor:4502/cf#/content/mysite/en/products/product1.html
  However, they were unable to edit properties of the page widgets until I granted them read access to:
  /content/mysite/en/products
  http://192.168.99.174:4502/cf#/content/digitalmailbox/en/providers/telstra.html(i.e. the parent directory)
  Is that correct?  I would have expected that it was not required.
  I also confirmed that they did not have access to view sibling products i.e. the following was not visible:
  http://myauthor:4502/cf#/content/mysite/en/products/product2.html
  I also needed to grant read access to libs/*  - I'm not sure if that could possibly be a security risk.  I'm assuming it's OK for people to be able to read the foundation source code.

  You need to break permissions on the folder and add the user to the folder. Please note that once the permissions are broken on a folder, make sure to delete the default groups and users which get carried over. See this for more information: https://support.office.com/en-us/article/Manage-permissions-for-a-list-library-folder-document-or-list-item-9d13e7df-a770-4646-91ab-e3c117fcef45
  As far as the view is concerned, the user will be able to see only those documents on which he/she has access.
  Blog | SharePoint Learnings CodePlex Tools |
  Export Version History To Excel |
  Autocomplete Lookup Field

• How to erase all self signed certificates and force Server to use Signed SSL

  I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.
  I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).
  Can I replace those self-signed certs with the new one some how?

  Don't delete those.  However, you are on the right track.  Follow these steps to resolve.
  1:  Launch Keychain Access
  2:  Select the System Keychain
  3:  Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it
  4:  In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate
  5:  Press Save Changes to save.
  6:  Reboot the server or kill the servermgrd process to restart the service.
  That should resolve your issue.
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

• SSL certificates and GWIA

  I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
  Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
  Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
  It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
  Any suggestions would be welcome !
  Thanks !

  Hi, I very recently had a similar problem...our existing 3rd party ssl external Verisign certificate expired!!!!
  I have'nt been able to in the past configure a 3rd party ssl certificate into our current Groupwise 7 system due to lots of various methods of doing this task....i got quite confused and if you do not do things in the correct order the whole process will need to ber started over again.
  Ive managed to eventually cracked it and figure out a simple and more structured approach to setting this up.
  The following was in relation to applying the 3rd party external certificate to WEBACCESS
  This was the steps i took:
  Firstly ensure you have the registered details you completed already with your 3rd party SSL supplier, they should have provided you with a:
  OU
  O
  L
  S
  C
  the CN is the webaddress or DNS name your users will hit to access your secured page - we will add this later.
  1) Highlight the container where your server is located which will be the host application part of the webaccess that the ssl is assigned to.
  (my setup is, i have my main grpwise system in one tree, my application - webaccess component in a separate tree) - we need to re-create the SSL object in the second tree or the container where the application component is located.
  2) Right-click to create an object > from the list choose > NDSPKI:Key Material.
  3) Give a name for the certificate name object > then select the second option > Custom.
  (This will allow you to enter more specific information relating to the 3rd party ssl certificate)
  4) The next screen select "External Certificate authority" - this would be your 3rd party ssl. Click next
  5) Next screen asks for the Key size, accept the default value of "2048 bits" > tick "Allow private key to be exported", click next.
  6) Next screen asks for the Certificate Parameters, depending on the order of your, CN, OU,O,L,S,C
  I clicked the edit button and then clicked the small arrow icon to switch the SSL URL around so that my .cn=webserver url address will be read first then the - OU,O,L,S,C.
  (PLEASE NOTE: The (OU,O,L,S,C) should be identical to what was initially registered with your 3rd party SSL supplier.
  7)Once you are happy with the details click "Finish".
  8) You will immediately be asked where to save the "b64" file that will be generated which will be sent off to your 3rd party supplier for re-minting.
  choose a file name - ensure no hyphens,or special characters etc are used and keep to the 8.3 naming length just to avoid any long name issues, i do believe that by adding a hyphen may cause problems as the system automatically puts a hyphen to separate the names automatically hence that is why its advised not to use this.
  I saved my file to root of my c:\
  9)Once this has been done and you click save, send the file off to your 3rd party SSL supplier, they will re-mint the "b64" file and you should get back 2 files:
  a)file.cer
  b)Intermediate.cer
  (filenames could be anything)
  10) Select the "KMO object" you created earlier in step 2, then goto the Certificate tab > Trusted Root certificate" tab to import the Intermediate.csr file sent to you.
  Select import > then read from file and browse for the "Intermediate.csr" file - i chose root of my c:\ to save the re-minted 2 files sent back to me.
  Select the Intermediate file, you should see some encrypted characters show in the blank screen, then select Ok or finish.
  If you see a pop up window stating " Subject name mismatch error" dont worry this is merely a cosmetic issue due to the details not being in the exact naming order, it has been IMPORTED!!
  Click OK.
  Once you have done this you should see your first key pair file imported, check the subject name, Issuer name, effect date, expiration date, certificate status details, these should all show the 3rd party certificate details.
  Then next part is to import the second key pair file.
  Click Certificate>Public Key Certificate tab > import.
  Select to read from file> then browse for the file.csr
  You should see the encrypted characters, then select ok or finish.
  Now you have competed the difficult part you now need to tell you application what SSL object to point to in order to use the SSL encryption.
  For webaccess, you have to edit the apache conf files and enter the name of the SSL/KMO object you created earler.
  11) Goto your application server that will use the ssl, then browse to:
  server\sys\apache2\conf
  edit a file called "httpd.conf"
  then
  amend or add the section:
  SecureListen 443 "Verisign"
  Save theses changes - then shut down your web services on the server, apache, etc. ie, type :
  Apache shutdown commands:
  ap2webdn
  tc4stop
  admsrvdn
  Apache load commands:
  apache2
  ap2webup
  tc4stop
  admsrvup
  wait a minute or so so that the services can be unloaded.
  If you think its safer to do so, you can restart the server - that way you know for sure that everything has been unloaded and re-loaded cleanly.
  ALL done.
  SSL now in operation and working.
  I carried out this method - my own steps and this worked for me.
  Good luck!!!
  Dennis
  Originally Posted by shale999
  I have run up against a wall trying to install a third party SSL certificate with GWIA 7.0.3 and securing IMAP connections;
  Certificate (And SSL) works fine, but the infamous "The origin of this certificate cannot be verified" type of message comes up for all mail clients attaching, and this is particularly bad for handheld devices like iPhone connecting via IMAP using SSL.
  Has anyone ever successfully installed a 3rd party SSL cert into GWIA with chain of trust back to root CA and been able to overcome this ?
  It' basically the same problem one would run into if issuing a self-signed cert out of NDS/Edir Cert server 2.x or 3.x.
  Any suggestions would be welcome !
  Thanks !

• Asking specific client certificate (not certificates trusted by authority)

  As I understand from what I read so far, during the handshake negotiation for two way ssl, the server sends the client a list of trusted certificate authorities and say to the client: "hey, those are the authorities I trust. send me a certificate that can be verified by one of them".
  I also read how you can customize SSLSocketFactory to, on the client side, look for a specific certificate alias (http://www.ibm.com/developerworks/java/library/j-customssl/). I would like to move this idea further and ask for specific certificates depending on what resources the user is trying to access.
  For example:
  Let's suppose I have two resources on my server called "bobPrivateStuff" and "alicePrivateStuff". I also have a certificate authority who can validate both Bob and Alice certificates on a custom trust keystore. In a regular scenario, the server will ask for a client certificate and will accept either Alice or Bob certificate, as both can be verified by the custom trust.
  But what if Alice can't access "bobPrivateStuff"? What if when trying to open a connection, to say http://myserver.com/services/bobPrivateStuff, the server asks specifically for Bob's certificate? Can I setup the handshake in a way it will actually ask for Bob's certificate instead of only just "any certificated trusted by this CA"?
  And what piece of information could be used to distinguish one certificate from another? Is the serial number unique between multiple certificates? Is this pushing the envelop too much and trying to use SSL for more than what it is intended for?

  I agree 100%. It's just that we want to use certificates to validate the client's identity (instead of relying on username/password).Fine, that's exactly what SSL & PKI will do for you.
  It might not be elegantBut it is!
  See my point?Of course I see your point. SSL already does that. I said that. You agreed. I agree. What it doesn't do is the authorization part. Because it can't. It isn't meant to. You are supposed to do that.
  Instead of the server asking for a specific certificate, it justs checks if the certificate sent by the client has access to the resource.Not quite. It should check if the identity represented by the client certificate (Certificate.getSubjectX500Principal(), or SSLSocket.getSession().getPeerPrincipal()) has access to the resource.
  This way, we can leave the server untouchedNo you can't. The server has to get hold of the client principal after the handshake and authorize it against the resource.
  if Bob wants to access some resources, Bob has to prove he is who he says he is.You're still confused. That's authentication, and SSL already does that for you. SSLSocket.getSession().getPeerPrincipal() returns you the authenticated identity of the peer. The server then has to check that that identity can access that resource. This is 'authorization'. You can't automate it via keystores and truststores. That's not what they do and it's not what they're for.
  So I think it is perfectly plausible to do this kind of verification on the server side (i.e. "hijack" a certificate sent to validate the ssl handshake to also verify if the user has the correct privileges).There's no 'hijacking' about it, but you're concentrating on the certificate instead of the identity it represents. A client could have a large number of certificates that all authenticate the same identity. You need to think in terms of authorizing Principals to access resources.

• Why SharePoint 2013 Hybrid need SAN certificates and what SAN needs ?

  I've read this article of technet, but I couldn't undarstand requied values of SubjectAltname.
  https://technet.microsoft.com/en-us/library/b291ea58-cfda-48ec-92d7-5180cb7e9469(v=office.15)#AboutSecureChannel
  For example, if I build following servers, what SAN needs ?
  It is happy to also tell me why.
  [ServerNames]
   AD DS Server:DS01
   AD FS Server:FS01
   Web Application Proxy Server:PRX01
   SharePoint Server(WFE):WFE01
   SharePoint Server(APL):APL01
   SQL Server:DB01
  [AD DS Domain Name]
   contoso.local
   (Please be assumed that above all servers join this domain)
  [Site collection strategy]
   using a host-named site collection
  [Primary web application URL]
   https://sps.contoso.com
  Thanks.

  Hi,
  From your description, my understanding is that you have some doubts about SAN.
  If you have a SAN, you can leverage it to make SharePoint
  a little easier to manage and to tweak SharePoint's performance. From a management standpoint, SANs make it easy to adjust the size and number of SharePoint's hard disks. What you could refer to this blog:
  http://windowsitpro.com/sharepoint/best-practices-implementing-sharepoint-san. You could find what SAN needs from part “Some
  SAN Basics” in this blog.
  These articles may help you understand SAN:
  https://social.technet.microsoft.com/Forums/office/en-US/ea4791f6-7ec6-4625-a685-53570ea7c126/moving-sharepoint-2010-database-files-to-san-storage?forum=sharepointadminprevious
  http://blogs.technet.com/b/saantil/archive/2013/02/12/san-certificates-and-sharepoint.aspx
  http://sp-vinod.blogspot.com/2013/03/using-wildcard-certificate-for.html
  Best Regard
  Vincent Han
  TechNet Community Support

• Error showing while adding a management pack to 2007R2 authoring console

  Hi Every one,
  While trying to add an unsealed management pack to 2007 authoring console we are getting error 
  XSD Verification failed for management pack[line: 1,  "color:#222222;font-family:arial,sans-serif;font-size:13px;line-height:normal;">
  system.xml.schema.xmlschemavalidationException:The schemaversion atribute is not declared
  any help will be thank full
  Regards,
  Nikhil

  The Authoring Console has not been updated and does not understand the OpsMgr 2007R2 MP Schema version. It can still be used to produce MP that will work on OpsMgr 2007 R2, but you need to reference the old versions of the libraries.
  You can check this link , it will help you in your issue
  http://blogs.inframon.com/post/2012/06/12/Choosing-the-correct-Management-Pack-Solution-with-Visual-Studio-Authoring-Extensions.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Since the most recent Firefox update 3.6.8 by banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you g

  Since the most recent Firefox update 3.6.8 my banking institution no longer shows as having a secure encrypted connection, however, my bank assures me all is well with their certificates and that is a problem with the new Firefox browser update, can you give me some idea why it is doing this?
  == This happened ==
  Every time Firefox opened
  == Right after the new Firefox update

  Hello Anne.
  Can you please try it in a new (temporary) Firefox profile and see if the issue is still present? See [http://support.mozilla.com/en-US/kb/Managing+profiles this article] to know how to create a new Firefox profile. Please report back the results.

• Unable to manually manage music and videos on iPhone 4 without erase and sync, same computer!

  Ok, so I know you all have heard this before but I do believe my case is rather unique, and quite frustrating.
  I purchased an iPhone 4 and synced it to the same computer I am using now - created the playlist and used it to sync with phone. Worked great for awhile; but one day I contracted some nasty malware and had to wipe my computer and reinstall my OS (Windows 7). Albeit my music library was on my external HDD which survived the onslaught. I obviously had to reinstall iTunes afterwards. The playlist was gone on reinstall.
  Afterwards I still didn't see an issue with my iPhone and iTunes: When I plug it in it syncs, everything seems to be working accordingly.
  But I recently transferred some new music from a CD to my iTunes and wanted to throw those songs on my iPhone, the drag and drop method I was so very used to did not work and I noticed that "manually manage music and videos" was uncheck under my devices summary.
  When I attempt to check this option in iTunes it gives me a popup notification telling me I need to erase and sync in order to use this option because my 'iPhone is synced with another library". Again, I DID have to reinstall iTunes after reinstalling my OS.
  I have tried all the tricks that google could supply me with with no avail; authorizing, stopping the sync from automatically starting.... yada yada - none of these cookie cutter methods have worked for me.
  Here's a too long didn't read:
  >iPhone 4 was working fine - used playlist to sync with.
  >Had to reinstall OS (Windows 7) Playlist gone.
  >Reinstall iTunes.
  >iPhone still syncs with library, no error messages on connect.
  >Unable to manually manage music and videos without erase and sync.
  >None of the usual methods work.

  Hmm, I will say after posting this and looking at the related threads it seems I can only either use manually manage or sync.
  I was using sync before but since the playlist disappeared I was syncing with I simply want to add music to my phone without deleting everything. Is this possible?
  If I use "manually manage music and videos" will it delete everything or just the music and videos? It doesn't specify...
  Could I just create a new playlist and sync it with that? If so how?
  The bottom line is it isn't that big of a deal if I need to simply rebuild my iPhone music library but losing my configuration, contacts etc is not an option. Optimally I would just like to be able to add my new music to my iPhone without having to rebuild my library.

• Cannot manually manage music and videos without erasing and syncing first

  I have an iPhone 3G bought new from the Apple store using 2.1. Using iTunes 8.0 and checking the "Manually manage music and video" checkbox, iTunes prompts me to "Erase and Sync", no other option is available to me. It was the same when using version 7.7 as well.
  I'm not syncing to another computer, it's the same MacBook I've had for almost a year. How do I get the Library Persistent ID in iTunes to match the iPhone. I have the ID from the iTunes Music Library.xml file. I just need to know where the matching file for the iPhone is so I can make them match.
  The ID doesn't match because I had to rebuild my drive a month ago and my question to Apple (actually Steve) is why can't I sync the other way from the phone to the computer.
  Why does my library on the phone have to be wiped out. Who had the warped thought to come up with this genius idea.
  Message was edited by: ep1curus

  I cannot express how disappointing this was for me to find out.
  I want my music to be mobile, I don't want to have to copy it to every computer I want to listen to it on. I want to listen to it from the device, and be able to buy a new album at work or at home. This is a major disappointment for me, as every other device I have owned including my iPod Touch had this capability. I could authorize 5 machines and manually sync, and the music on that device could be played and managed on those authorized machines. For example, my wife has her own music collection, and I have mine, but we have a media center connected to our flat-screen in the living room, that we use for playing music when we are entertaining guests, and with our old iPods and iPod Touch devices, we could unplug one of our devices and plug the other persons in and listen to music from both our libraries without copying the music to that computer, as long as we authorized that machine for the both of us. Now with our iPhones there is no way to keep our seperate librarys and be able to play music on multiple computers in our house and at work, which we have always been able to do until our iPhones. The whole point of the iPhone for me was to be able to combine two devices and now because of the lack of this feature I still have to keep all our iPods around too... Dumb. I almost took our phones back because of this, and if apple doesn't fix it, I probably won't buy another. They should have at least mentioned this little fact before selling the devices to us. I know it's a different device, but it's similar enough that you expect it to work the same as the iPod and iPod Touch. It's not like I am wanting to be able to copy music from the device to multiple machines, it's exactly the opposite... I just want to be able to copy music to the device and listen to it at home and at work... why all apples other devices do this, and the iPhone doesn't is completely perplexing to me, and a serious oversight on there part. This pill would not be so hard to swallow if I had been warned about this prior to dropping almost a grand for iPhones for myself and my wife, expecting what I saw as a more advanced device to work at least as good as the other similar devices I own did.