Use of Certificate for secure communication

Similar Messages

• Setup crypto for secure communication with other switches

  What kind of code can be used to setup crypto for secure communication with other switches.

  ok but is there any special code i need to write if i need to create a crypto secure communication between some particular switches.

• 2: error while reading configuration for secure communication

  Hello,
  Getting the error while opening sxmb_ifr
  2: error while reading configuration for secure communication
  Please suggest

  Check the business system defined for your XI/PI in SLD --> Integration tab and check the URL
  The URL should be http://<PI host>: <ABAPport>/sap/xi/engine?type=entry
  Hope this helps
  Edited by: William Lee on Nov 26, 2009 12:32 AM

• I have a new 4s. My wifi uses Mach ID for security. How can I find the machID for my phone? Thanks

  My wifi connection uses mACH ID for security. I need to find the Mach I'd for the iPhone in order to get on the Internet to set up my phone. Can anyone tell me how to locate this? Thanks.

  Settings > General > About
  Scroll down to the item labeled "Wi-Fi Address" It will be a series of 12 letters and numbers separated into groups of 2 by colons. That's the MAC id.

• Retrieving personal user certificate for secure webservice

  All,
  I am currently creating a WLW 8.1 webservice that will interact with a non-browser client. The reason I mention non-browser is that in order to secure this webservice and also have it function correctly I need to retrieve a user's personal certificate. Our team has done this for web-content in the past with simple retrieval via the browser, but in this case the client is non-configurable and will be talking directly with my webservice.
  My question is: is it possible to retrieve the user's certificate via a webservice? The certificate is not only used for security validation, but their credentials are also used to validate them in other programs on the back-end of the webservice. This allows personalized content based on the certificate.
  Thanks for any help you can provide. I know that was long winded and semi-complicated so if any clarification is required please ask.
  Thanks,
  Sam

  So in essence, then, Credential Roaming is exactly what we need.
  yes.
  > but if the cert needs to be in the Personal store PRIOR to the user being authenticated on 802.1x
  this is one pitfall of this scenario. You need to have locally installed certificates prior to connecting to wireless network. This means, that you cannot initially connect to wireless prior logging on to domain by using wired network. Once certificates
  are cached, you can connect to wireless networks with cached certificates.
  Vadims Podāns, aka PowerShell CryptoGuy
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell File Checksum Integrity Verifier tool.

• Using Identity Management for Securing Web Services

  My goal is to associate my services with an Oracle Internet Directory. I made some attempts to set up SAML authentication for the web services, but it didn't have the right outcome.
  (My identity management server and OID is up and running and I have successfully made authentication modules for other web applications)
  Here is what I did:
  1. I wrote a simple java file, used jdeveloper tools to create and deploy it as a web service to OC4J. I associated an identity management server with this service through OC4J web tools as security provider.
  2. I made a data control for the web service and put it in an ADF application . (client)
  3. I deployed the client project(2) to OC4J.
  I could use the web service through the page.
  Then
  I secured the webservice to expect SAML for authentication.
  Surprisingly, the client could still communicate with the webservice, Why? Shouldn't it have rejected the request because of the problem in SAML token? (The proxy and the data control were not secured, and didn't provide any SAML tokens)
  4.
  I added login page to my client project (through ADF security wizard). It used idenity management for authentication successfully. login process completes and web service data control is displayed.
  5. I want the authentication information to be propagated through the page so that the web service receives the data and uses Identity Management.
  I know I should add <property name="oracle.security.wss.propagate.identity" value ="true"/>
  to one of the configuration files, but don't know where exactly.
  Best Regards,
  Farbod

  It doesnt matter whether the service is invoked as part of your larger process or not, if it is performing any business critical operation then it should be secured.
  The idea of SOA / designing services is to have the services available so that it can be orchestrated as part of any other business process.
  Today you may have secured your parent services and tomorrow you could come up with a new service which may use one of the existing lower level services.
  If all the services are in one Application server you can make the configuration/development environment lot easier by securing them using the Gateway.
  Typical probelm with any gateway architecture is that the service is available without any security enforcement when accessed directly.
  You can enforce rules at your network layer to allow access to the App server only from Gateway.
  When you have the liberty to use OWSM or any other WS-Security products, i would stay away from any extensions. Two things to consider
  The next BPEL developer in your project may not be aware of Security extensions
  Centralizing Security enforcement will make your development and security operations as loosely coupled and addresses scalability.
  Thanks
  Ram

• Use ssl certificate for Exchange Account

  Hello everyone!
  I have some problem with Exchange instance and iphones.
  I have Front server with client authentication via ssl certificates. How i can use this certificate on iphone to connect iphone to exchanges account?
  After few hours of googling i find only one solution here - http://www.msexchange.org/articles-tutorials/exchange-server-2010/mobility-clien t-access/configuring-certificate-based-authentication-exchange-2010-activesync-p art2.html
  In few words - it can be done with iPhone Configuration Utility
  Does this ONLY solution or i can import ssl cert directly to iphone?
  Thanks a lot for any help

  Hi bb9193, this will not be no short-term solution, but you might consider using a MDM-solution. With MDM it is possible to deinstall and reinstall the Exchange profile over the air, so your users will not need to do more than just reenter their Exchange password.
  Best regards,
  Detlev

• How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

  Hi,
  I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
  Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
  Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
  Please suggest how to pass both the certs from client Application..

  Hi,
  This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
  And for more information, you could refer to:
  http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
  Regards

• Best practices for securing communication to internet based SCCM clients ?

  What type of SSL certs does the community think should be used to secure traffic from internet based SCCM clients ?  should 3rd party SSL certs be used ?  When doing an inventory for example of the clients configuration in order to run reports
  later how the  data be protected during transit ?

  From a technical perspective, it doesn't matter where the certs come from as there is no difference whatsoever. A cert is a cert is a cert. The certs are *not* what provide the protection, they simply enable the use of SSL to protect the data in transit
  and also provide an authentication mechanism.
  From a logistics and cost perspective though, there is a huge difference. You may not be aware, but *every* client in IBCM requires its own unique client authentication certificate. This will get very expensive very quickly and is a recurring cost because
  certs expire (most commercial cert vendors rarely offer certs valid for more than 3 years). Also, deploying certs from a 3rd party is not a trivial endeavor -- you more less run into chicken and egg issues here. With an internal Microsoft PKI, if designed
  properly, there is zero recurring cost and deployment to internal systems is trivial. There is still certainly some cost and overhead involved, but it is dwarfed by that that comes with using with a third party CA for IBCM certs.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• How to use one certificate for two directory servers?

  Hi,
  running Sun DSEE 6.3.1 on two servers, server 1 has name ds1.example.com, server 2 has name ds2.example.com. There is a round robin DNS record ds.example.com, which alternates between:
  ds1.example.com
  ds2.example.com
  and
  ds2.example.com
  ds1.example.com
  An LDAP client connects to one of the servers over SSL using the name ds.example.com. We want to generate a certificate using the name ds.example.com and use it on both directory servers.
  If we generate a CSR using DSCC on server 1 and get back a signed certificate, the certificate can be installed correctly on server 1. However, if we use the same signed certificate on server 2 it fails with error:
  Unable to find private key for this certificate.
  Failed to add the certificate.
  Error executing the operation. The error code is 11.
  What is the correct way to generate one CSR, have it signed by a CA and then implement this signed certificate on multiple servers?
  /rolf

  From one Directory Server (ds1) generate CSR with the name ds.example.com in the request. Once you get the signed cert import it into the same server you generated CSR with. Then from ds1.example.com :
  scp -p <slapd install/instance path>/alias/* <account>@ds2.example.com:<slapd install/instance path>/alias/
  to copy the contents of the alias path to the same location on the other Directory Server. Make sure file permissions are the same.

• Variables used  as values for Security fields.

  Gurus,
  Since we are all friends, let me show my ignorance.
  There are variables that con be used instead of actual values in security fields, $USER being one of them.
  We use $USER as the value for field BTCUNAME for object S_BTCH_NAM, to indicate that the user ID of the person logged in, is the value to be used.
  Are there any more?
  If so, where can I find information about them?
  This would be for an ERP system, not BI.
  Thanks
  Juan

  > Since we are all friends, let me show my ignorance.
  We are all in the same boat
  > There are variables that con be used instead of actual values in security fields, $USER being one of them.
  > We use $USER as the value for field BTCUNAME for object S_BTCH_NAM, to indicate that the user ID of the person logged in, is the value to be used.
  This is not correct. Please see [SAP Note 101146|https://service.sap.com/sap/support/notes/101146]
  > Are there any more?
  Plenty..see [SAP Note 119147|https://service.sap.com/sap/support/notes/119147] for a tricky example.
  > If so, where can I find information about them?
  [SAP Note 323817|https://service.sap.com/sap/support/notes/323817] and the last paragraph of [SAP Note 410993|https://service.sap.com/sap/support/notes/410993].
  Cheers,
  Julius

• I have a working sample of UIX using PKI certificate for Authentication

  If you are interested please email me at [email protected] The working version uses the X509 certificate and the dynamic JDBC authentication in JDeveloper 9.0.5.2.
  I'm planning to post a zip file to a blog where it can be downloaded. Since I don't have a blog of my own (nor do I have the time to maintain one), I'm looking for someone to host it for me.
  See ya,
  Connie Adams

  Hi,
  Long shot, but...
  Open Audio Midi Setup in Applications>Utilities, see the input & output options & KHz setting there, some things will change it for their own use, then not set it back.

• Need to use  x509 certificate for a SMTP server

  Hello everybody,
  if I want to send e-mail from a location different than my company builing, my company SMTP server requires authentication with my peronal x509 certificate.
  I had no problem using Thunderbird, but I would like to use OS X Mail.
  I installed the x509 certificate into the keyring, and in fact I can send digitally signed emails, but I was not able to find how to tell Mail to use my x509 certificate to authenticate myself to the SMTP server.
  Does anybody know how to solve this problem?
  Thanks and bye,
  Lapoz.

  Browsers such as iCabMobile and Atomic allow you to choose how the device identifies itself to a website. IE is one of the options. However, if the reason you need IE is for something like ActiveX, it's not going to work.

• Server essentials 2012 uses wrong certificate for Exchange OWA

  I have two servers  (Essentials 2012 and Exchange 2013) behind a firewall. port 443 is routed to essentials.
  I have set up arrconfig following TechNet  jj200172  (in fact I followed this link closely for the entire setup).
  Our client has a single external static ip & two certificates (godaddy) . I’ll call them arr.help.ca   and mail.help.ca
  On the lan, I has split dns so that Outlook trying to reach  "http  mail.help.ca" gets the local ip.  In fact all is working fine on the Lan.
  From the WAN  "https  arr.help.ca"   present the essentials web page, with desktop and shared folders working fine, but...
  From the Wan   "https  mail.help.ca/owa"   presents the owa logon page, but also the browser warning that the cert is incorrect.
    The problem is the cert presented is arr.help.ca, not mail.help.ca
         The cert chain is fine (i.e. the godadddy intermediate cert is trusted),
         both certs are not expired,
         the cert subjects are correct.
  Any idea's on how to troubleshoot this?

  Hi Rick,
  Did you use the
  Microsoft Remote Connectivity Analyzer Tool to check if there has any connectivity issue firstly? Meanwhile, please refer to following Robert’s article and check if can help you.
  On
  Premises Exchange Integration Windows Server 2012 Essentials
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Mail uses wrong certificate for encrypting S/MIME messages

  Encrypted email I send using Mail Version 4.2 (1077) under OS X 10.6.2 to my work account cannot be decrypted. It appears that Mail is using the signing certificate, rather than the encryption certificate, to encrypt the email.
  The internal Certificate Authority at my employer has issued two certificates to me: A signing and an encryption certificate. Both certificates are properly stored in my keychain.
  The encryption certificate carries a 0x20 in the key usage field to designate the certificate to be used for encipherment purposes. The signing certificate carries a 0x80 in the key usage field to designate the certificate to be used for digital signatures.
  I understand that the S/MIME standard stipulates that for encrypting messages, the certificate with 0x20 in the key usage field should be used by the mail application.
  However, messages I sent are encrypted using the signing certificate (0x80 in the key usage field) and therefore cannot be decrypted on the receiving end. I examined the encrypted email using an [application|http://www.eriugena.org/blog/?p=57] to extract the serial number of the certificate used for encryption.
  We are using Outlook 2003 as our mail application at work.
  Has anybody ever come across this problem? Am I missing something - is there a way to tell Mail what certificate to use for encryption?
  Thanks,
  -Michael.

  I'm have a problem that sounds related.
  Both my wife and I created self signed mail certificates, and sent email to each other and trusted each others certificates. We were then able to send encrypted emails back and forth and our emails showed up as having trusted digital signatures.
  Then, we both purchased Verisign email certificates, and installed them in our keychains, deleting the old self-signed certificates, and repeated the process of establishing a chain of trust.
  This worked fine for me running Snow Leopard but did not work for her on Leopard. Her emails to me appear to be signed by both the old self-signed certificate and to include the new verisign certificate. Looking at the message source there is only one application/pkcs7-signature block, but in the UI it is showing both certificates.
  I don't understand how the self-signed certificate is showing up at all, since it has been deleted from her keychain.