UCS Manager and using Microsoft Certificate Authority
Has anybody gone through the process of setting up UCS Manager with a certificate issued from a Microsoft Certificate Authority? If so I would appreciate some assistance. I was able to successfully create a request and have generated the certificate, but I see no way of being able to put the request and the certificate chain back into UCS Manager.
First you have to create a trusted point (under the Admin Tab -> Key Management). In the new trusted point, paste the public cert in base64 format of your root certificate authority. If you have a subordinate CA that's issuing then add that CA's cert too. If you have a whole tree of CAs, then you need to create a trusted point with all the CAs in the chain from the issueing CA up to the root. Paste one cert after the other, in order, up the chain, all in the same trusted point. If they're not in the right order or if you're missing the root, then the TP won't accept the cert.
Once you have a trusted point you can accept the certificate you generated. In the KeyRing you used to generate the request, choose the new Trusted Point, and paste the new certificate in Base64 format into the Certificate field.
Once that's done, you can go to Communication Management -> Communication Services, and for the HTTPS protocol, choose the new Key Ring. It might not take effect immediately, but after a few minutes your UCSM web site should start responding with the new certificate.
I hope that helps.
Note: There's a bug in UCS currently issue number CSCth62582. If your fabric interconnects fail over, the SSL cert will revert to the default self signed cert. You have to go back into Communication services and set it to default, save, then set it back to the new Key Ring.
Similar Messages
-
how do i solve this in order for the e reader to open the file?“this document is protected by DRM ( adobe digital rights management ) and is not currently authorized for use with your adobe id
thnaksThis is something you will need to talk to the publisher of the document. They might have to do something to allow you to open the file. (If you changed Adobe ID since buying the file, for instance, they might have to allow for that).
-
How do you install windows XP on macbook and use microsoft access
how do you install windows XP on macbook and use microsoft access?
there are two methods to intall windows on your macbook
1st is through Parellel software
2nd is through Boot camp. -
Tools to manage and use oracle scripts
Easyscript for Oracle is a tool to help you manage scripts efficiently
and use scripts easily. The goal of easyscript is providing you a uniform
and easy envrionment to manage and use your scripts.
With hundreds of ready-made scripts, easyscript is also a monitoring and tuning
tool for Oracle DBA and application developer.
With Easyscript for Oracle there is no more hunting around on your hard drive for your favorite and important scripts!
Manageability
1. Scripts are well organized in tree structure, can be nested in any level, divided into
different categories as you like. Each tree node represents a script.
2. Using the search function, you can find a particular script even faster.
With a mouse click, you can view the entire script,and even flip back and forth between scripts.
3. Add script into (delete script from,modify script name in) script tree can be done on the fly.
4. SQL statement, sqlplus command and pl/sql block can be mixed together into a script,
edit script in script window with syntax highlighting.
5. Able to convert old scripts located in directory and subdirectory to a well organized script
tree used by easyscript, so migrate your old scripts in file system to easyscript is very handy.
Usability
1. Script is sqlplus compatible, so any scripts previously run in sqlplus can be run
by easyscript, and vice versa.
2. Execute script in easyscript is just one mouse click.
3. All scripts or scripts located under a categories can be runned in batch mode.
4. Scripts can be scheduled to run in batch mode to generate report of any targeted databases.
5. Report generated by easyscript can be in htm or txt format.More output format such as cvs,excel
will be supported soon.
6. Able to highlight column data of query result when it's value meet pre-defined condition,
this makes report more readable.
Script depot
1. Hundreds of ready-made scripts,These scripts cover all
aspects of day-to-day Oracle administration, from installation
to system monitoring and backup and recovery.
2. Easy to share and exchange scripts with others in a uniform way.
3. Affiliate with other famous Oracle site to provide more scripts continuously.
Get more information about easyscript for oracle from
http://www.wangz.net/easyscript.php
Here are scripts can be used by easyscript for oracle:
http://www.wangz.net/scripts.phpMy thoughts on this (if anyone cares) are Tools to manage and use oracle scripts.
Cheers, APC -
SSL certificates and/ or Oracle Certificate Authority
Our Oracle infrastructure is as follows:
1.Database server
(a)Oracle 9i R2 database
(b) Oracle ApEx 2.2
2. Infrastructure server
(a) Oracle 10g (9.0.4.x.x) Infrastructure
(b) OID - configured as external authentication to Microsoft 2003 Active Directory LDAP version 3
(c) SSO - configured as Windows Native authentication
3. Application server
(a)Oracle 10g (9.0.4.x.x) Forms and reports server
Network traffic currently is not encrypted. All we need is to ensure that network traffic is encrypted between the the end-user PC and all servers (database or app server)
I was reading through Oracle Certificate Authority and Secure Sockets Layer.
1. Is there a difference between the two products?
2. Which product would be best to ensure the encryption (authentication is provided through MS LDAP)
Thanks,
MayuraCertificate authority and SSL are two completely different concepts. They can be related but are by no means similar.
SSL is a service or a feature, not a product. SSL is used to encrypt the traffic. Part of SSL is the use of certificates for authentication. A server or user would pass a certificate as part of an SSL transmission.
The certificates used for enrypted transmission(SSL), can be obtained from the Oracle Certificate Authority(OCA), or by a third party certificate authority. OCA is not required to use SSL.
To achieve a fully encrypted envrinment, you would need to use SSL at several layers. This would be done with or without the use of the Oracle certificate authority.
1. From the web browser to the middle tier
2. End user to database
3. from the middle tier to OID
4. from the middle tier to the database
5. From OID to active directory -
Nexus 1000v UCS Manager and Cisco UCS M81KR
Hello everyone
I am confused about how works the integration between N1K and UCS Manager:
First question:
If two VMs on different ESXi and different VEM but in the same VLAN,would like to talk each other, the data flow between them is managed from the upstream switch( in this case UCS Fabric Inteconnect), isn'it?
I created a Ethernet uplink port-profile on N1K in switch port mode access(100), I created a vEthernet port-profile for the VM in switchport mode access(100) as well. In the Fabric Interconnect I created a vNIC profile for the physical NICs of ESXi(where there are the VMs). Also I created the vlan 100(the same in N1K)
Second question: With the configuration above, if I include in the vNIC profile the vlan 100 (not as native vlan) only, the two VMs can not ping each other. Instead if I include in the vNIC profile only the defaul vlan(I think it is the vlan 1) as native vlan evereything works fine. WHY????
Third question: How it works the tagging vlan on Fabric interconnectr and also in N1K.
I tried to read differnt documents, but I did not understand.
ThanksThis document may help...
Best Practices in Deploying Cisco Nexus 1000V Series Switches on Cisco UCS B and C Series Cisco UCS Manager Servers
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/white_paper_c11-558242.html
If two VMs on different ESXi and different VEM but in the same VLAN,would like to talk each other, the data flow between them is managed from the upstream switch( in this case UCS Fabric Inteconnect), isn'it?
-Yes. Each ESX host with the VEM will have one or more dedicated NICs for the VEMs to communicate with the upstream network. These would be your 'type ethernet' port-profiles. The ustream network would need to bridge the vlan between the two physicall nics.
Second question: With the configuration above, if I include in the vNIC profile the vlan 100 (not as native vlan) only, the two VMs can not ping each other. Instead if I include in the vNIC profile only the defaul vlan(I think it is the vlan 1) as native vlan evereything works fine. WHY????
- The N1K port profiles are switchport access making them untagged. This would be the native vlan in ucs. If there is no native vlan in the UCS configuration, we do not have the upstream networking bridging the vlan.
Third question: How it works the tagging vlan on Fabric interconnectr and also in N1K.
- All ports on the UCS are effectively trunks and you can define what vlans are allowed on the trunk as well as what vlan is passed natively or untagged. In N1K, you will want to leave your vEthernet port profiles as 'switchport mode access'. For your Ethernet profiles, you will want them to be 'switchport mode trunk'. Use an used used vlan as the native vlan. All production vlans will be passed from N1K to UCS as tagged vlans.
Thank You,
Dan Laden
PDI Helpdesk
http://www.cisco.com/go/pdihelpdesk -
UCS Manager and C Series questions
My reading of the documentation is that in order to use the UCS Manager with a standalone C series server (C200, C210 or C250, anyway) is that in addition to UCSM 1.4 and a pair of 6108 fabric interconnects you also need a pair of 2248 fabric extenders.
First, is Cisco planning to add support for additional fabric extenders? I have a customer with a pair of 2232's who is looking at adding some standalone C series servers to be managed along with an existing B series chassis.
Second, I'd read on this forum that the Palo card may not be supported on M1 servers. Is it safe to assume that the Palo card is supported on M2 servers?
Thanks!Michael,
Correct, for the current revision of UCSM (1.4) you require two 2248's for Management traffic (CIMC) while your two 10G connection for the dataplane will connect direclty to each Fabric Interconnect. Future planning is going to have a single I/O path and remove the need for the additional 2248's. Future support for 2232 (10G FEX) will also be added to increase port density on the Interconnects.
Palo may "work" with M1 servers, but is only "supported" on M2.
Regards,
Robert -
VPN Design using CA (certificate authority)
In the process or redisgning current VPN deployment. Currently we have 300+ ASAs and 100 remote users on Windows Domain (Both are growing). Would like to use Certificates instead of Preshared Keys. Have some questions about the CA.
1) What are the pros and cons between using Enterprise or Standalone CA?
1a) What is more secure and more reliable?
1b) If we already have a domain, does using enterprise help? Benefits or problems?
2) Is it better to use 3rd party CA or manage one ourselves?
3) Any configuration tips or suggestions?Did you check metalink Note:178806.1 ?
How to get SSL Certificates from a Microsoft Certification Services CA
You have to change some registry keys in the Mircosoft CA so it will work with Oracle.
Steve -
Workflow and uses for iBooks Author ?
02-04-2012 Sat
Before I begin I want to thank the developer team from Apple for the last update. Now all the iBooks in my library are opening smoothly and the system is not locking up anymore. Thanks guys.
Besides the typical Questions, Problems, Suggestions, . . . I'd like to hear how others WRITERS are using iBooks and how they have incorporated it into their daily workflow.
I don't think there are many writers out there using iBooks Author as a complete replacement for their notes, outlines, and drafts. But, I would think that they would share some kind of common approach before publishing a book.
For me, I'm guessing you would need a good calendar to keep a schedule, a notebook to catch all your thoughts and some form of a word processor to organize your thoughts, create an outline, and start writing the chapters.
The combination of The iPhone, Siri, iCal and Notes seems to work perfectly to catch thoughts before they make it to a written page. Thank you Apple.
Entering text directly into iBooks never worked well for me. So I prefer to pre-write the copy and paste it into my iBooks file. To do this I use an app called iA Writer but you always have the option to use Pages if you feel more comfortable in that environment.
I'm sure we would all like to think that we are going to start publishing books and make a lot of money. But odds of that happening are very slim. The point is to focus on the true strength of using iBooks Author and for me that is publishing my own content to my iPad.
Here are a few examples that I would like to share with you, if you have any others ideas please post your thoughts here.
Make your own List of Affirmations.
Once you read a book you can always write a review that highlights your thoughts at the time of reading.
Create a Menu or your own recipe book.
Create scrapbook.
Document a time period.
Use it as a business tool to distribute company information to clients.
A student can maintain class notes, highlight them, and create study cards.
Create some form of yearbook or travel log.
I recently made a complete timeline that includes all the major events in my life.
Don't forget you can use aperture to create a short introduction video explaining who you are and why you are publishing your book.
Well thats my list, I'd like to hear your ideas. Thanks for listening - John FrancoWhen asking about a product, always ask the seller...
-
Goldmine Contact Management and using Verizon as SMTP server
One of our sales reps must use his personal Verizon settings to send his email in Goldmine. His user name and password are correct and work with Verizon web mail. When using his Verizon SMTP settings in Goldmine, server keeps rejecting as bad user and password. Using port 465 SSL and Login type authentication. Need to contact someone at Verizon, but can't locate anyone who can help me since this is not my account.
For the sake of example, we are going to pretend that we are setting up fictional account "[email protected]" and the password for logging into that account in webmail is "fakepassword" - Again, this is a fictitious account for the sake of an example.
The settings for using Verizon's SMTP (outgoing) server would be:
Outgoing Server: smtp.verizon.net
Server Requires Authentication: Yes
Username: fakeacct
Password: fakepassword
Requires a Secure Connection (SSL): Yes
Port: 465
If you are given the option anywhere for Secure Password Authentication (SPA), set it to No, Normal, Plain, etc.
These settings should work unless it is a Verizon/Yahoo account, in which case the SMTP server name is outgoing.yahoo.verizon.net
If all of that is set up and it's still not working, your best bet is to provide a screenshot of the settings (with personal information blocked/removed) and any errors you are getting.
If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.
"All knowledge is worth having." -
Web content management and using word to contribute
Hello - our users are having issues using word to contirbute and edit content. They contibute something, sometimes in word tables and sometimes not, and it may look fine in word but when it gets converted, it looks differently. Are there any tips/tricks out there that I can share? DC template changes I can make? And thoughts would be great!!
I assume you mean a HTML conversion.
Make sure your people are using Word "styles" and not simply changing the font sizes. You will then need to set up a DC template to render tables & images in specific ways depending on the Word style used. Note that styles can only be paragraph-based. Set as your DC template the default template. -
Syncronising Outlook and using Microsoft files
Is it possible to syncronise everything that is in Oultook with iPod Touch - Calender, Contacts, Notes, Tasks. And can I use USB-cable for sync?
The other question is: is it possible to load Windows files to iPod Touch - Word, Excel, Pdf, etc. To open, change and save them? Do I need a special programme for that? Is it available at all and where could I find it?you can only sync contacts and calendars.
there are apps around which allow you to read different files on your ipod, but i'm not sure if you can edit them. -
Licensing requirement for deploying Certificate Authority Server
Is there any separate license that we need to purchase from Microsoft in order to use and implement Microsoft Certificate Authority Server
in an organization. Or is it a free feature which comes as a part of Windows Server licensing.
Also, do we require any separate license for clients connecting or using the certificates.
If there is any licensing involved kindly share information of the same.
Server - 2008 R2
Clients - 7, 8, 8.1Hi Rahul,
In addition, if there are any specific queries about licensing in the future, you may contact Microsoft via phone numbers listed here:
Microsoft Volume Licensing Activation Centers Worldwide Telephone Numbers
http://www.microsoft.com/licensing/existing-customers/activation-centers.aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
Hello,
I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
* Note. No back ups to work with aside from whats mentioned below.
DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up.
The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
"No Exchange servers are available in any Active Directory sites. You can’t connect to remote
Powershell on a computer that only has the Management Tools role installed."
Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc per instructions only to discover I couldnt relaunch it because there was
no way how. So I copied another msc file that happened to be on the DC Server 1 back to Exchange Server 2 and got it to launch again.
Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
it is using the Certificate Authority Service.
I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
"The Trust Relationship between this workstation and primary domain failed."
I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started.
I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
MartyI recommend that you open a ticket with Microsoft Support before you break things more.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." -
Can you use microsoft word on an ipad 2 for free and how?
HI
my family and friends tell me I can do my coursework on the ipad2 and use Microsoft word. Is it true and how do I set it up and download it
thanks
ShannonYou can't use Microsoft Word on the iPad because of the different operating system but you can have a look at the following apps.
http://itunes.apple.com/sg/app/quickoffice-pro-hd-edit-office/id376212724?mt=8&l s=1
http://itunes.apple.com/sg/app/documents-to-go-premium-office/id317107309?mt=8&l s=1
http://itunes.apple.com/sg/app/office2-hd/id364361728?mt=8&ls=1
Maybe you are looking for
-
External Hardrives - Can they be switched from PC to Mac?
Hi- I'm a poor grad student which means I have a hand-me-down PC, and I hate it. But dollars to buy a new Mac won't come for another few months at least so I am stuck with this piece of crap. For my research I am taking scads of photos (many gigabyte
-
I am unable to update my IPhone 4 to the IOS 6. I managed to back up and transfer and then when it asked to update I said yes and the sync process started, left it overnight and it came up with an error if continue you will loose all your data. So
-
Hi, I work with EP 6.0 SP2 PL 29. When I upload a document with a name which already exist, EP generate a new file, with the same name and with another ID. With the previous version, it was possible to overwrite the file. It is still possible ? Regar
-
Authorization Sap Solution Manager
Hello, Does anybody know if and how it is possible to restrict authorizations on organizational levels in solution manager? For instance: The team in the Netherlands may only list the messages directed to the Netherlands where the messages directed t
-
Safari - strange question marks
Hi I've got Safari 6.0.1 and Mountain Lion. Just recently, when I search a video on youtube, it crashes,, and these question marks appear. I've already tried uninstalling flash and then reinstalling. I disabled the HTML 5 beta, yet nothing works. Any