Designating the specific client certificate to use from within an applet

With JRE 1.4.x, my applet will use a specific client certificate for connection to an https url which requires a client certificate - I did that by defining runtime parameters for the jre (-Djavax.net.ssl.keyStore=...) but with JRE 1.5.x, the same runtime options doesn't seem to have any effect (even if I configure the plugin not to use the browser's store of certificates).
I like the new "use browser certifcate store" feature of the JRE 1.5.x, but can I have a way to designate, programmatically in the code of my applet, which specific certificate to use?

With JRE 1.4.x, my applet will use a specific client certificate for connection to an https url which requires a client certificate - I did that by defining runtime parameters for the jre (-Djavax.net.ssl.keyStore=...) but with JRE 1.5.x, the same runtime options doesn't seem to have any effect (even if I configure the plugin not to use the browser's store of certificates).
I like the new "use browser certifcate store" feature of the JRE 1.5.x, but can I have a way to designate, programmatically in the code of my applet, which specific certificate to use?

Similar Messages

  • How to get the correct client certificate used in the two way ssl

    how to export the certificate in browser to the correct client certificate format needed by the WLSSSLAdaptor?
    I can export the certificate in browser to p12 or pfx format, but how to retrieve the private key from it and convert to PKCS#8?
    anyone did this before?
    Thanks

    Hi,
    Use the event after_user_command.When the user clicks any other buttons in the toolbar,this event will be triggered after the processing and you can handle the sub-total for % columns here.
    Regards,
    Archna Raja

  • RQL Query to get the specific range of product items from product catalog.

    Hi All,
    I need to do the batch wise query to product catalog.
    For that i have use Query builder but that is giving me repeated items, now i wanted to use RQL using rqlStatement.
    Please help me in solving the issue.
    Query which i have used using QueryBuilder.
                    RepositoryView productView = productRepo.getView("product");          
                    QueryBuilder productBuilder = productView.getQueryBuilder();
                    Query productQuery = productBuilder.createUnconstrainedQuery();           
                    RepositoryItems[] productItems = productView.executeQuery(productQuery,startIndex,endIndex);
    Can anybody help me in writing RQL Query to get the specific range of product items from product catalog.

    Hi Shakuntala,
    There is no executeQuery method defined in RqlStatement Interface, which will accept index for output result.
    So As far as I know, what u are trying to achieve is not possible with RQL statements OOTB way.U can consider range of results based on some condition from Repository items.
    Please let me know if u find any way to implement it.
    Above Query builder should always return different ids if range is not overlapping with previous range.
    Please verify that repeated items ids are same or different,
    Quoting from API docs:
    RepositoryItem[] executeQuery(Query pQuery,
                                  int pStartingIndex,
                                  int pEndingIndex)
                                  throws RepositoryException
        Executes the given query and returns an array of matching RepositoryItems, which are contained within a total potential result set. For example used if one wanted to retrieve elements 50-60 from a query which could return 100 elements.
    Regards,
    Nitin.

  • [svn:bz-trunk] 21394: bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX .

    Revision: 21394
    Revision: 21394
    Author:   [email protected]
    Date:     2011-06-16 12:34:13 -0700 (Thu, 16 Jun 2011)
    Log Message:
    bug fix for watson 2887837 Not getting duplicate session detected error when same flex client id is used from two different HTTP sessions in CRX.
    get the sessions id before we invalidate the duplicate session.
    Checkintests pass
    Modified Paths:
        blazeds/trunk/modules/core/src/flex/messaging/endpoints/BaseHTTPEndpoint.java

    For our profect I think this issue was caused as follows:
    Believing that remoting was full asynchronous we fired a 2 or 3 remote calls to the server at the same time ( within the same function ) - usually when the users goes to a new section of the app.
    This seemed to trigger the duplicate http session error since according to http://blogs.adobe.com/lin/2011/05/duplication-session-error.html  two remote calls arriving before a session is created will cause 2 sessions to be created.
    Our current solution ( too early to say it works ) is to daisy chain the multiple calls together .
    Also there seemed to be an issue where mobile apps that never quit ( thanks Apple! )  caused the error when activated after a few hours.
    I guess the session expires on the server and the error above occurs on activation.
    So the mobile apps now ping the server with a remote call when activated after sleeping for more than one hour.
    All duplicate http errors are silently caught and reported.
    Fingers crossed we won't get any more!

  • MM-Report to see the materials which is not used from last 3 months

    Dear All,
    I want to find out the materials which are not used from last 3 months.Is there any report?
    Thanks
    Vishal

    Hi
    check MB5B
    give material and plant there
    select valuates stock radio button and NON-Hierarchical representation layout  on selection screen
    give last three month duration period on selection screen and execute report
    and see total  Goods receipt and total goods issue for material
    Regards
    kailas ugale

  • He writes that my phone ID, can not be used to activate the phone. my ID, was used from the start. help

    He writes that my phone ID, can not be used to activate the phone. my ID, was used from the start. help

    Welcome to the Apple community.
    Unfortunately, you cannot do very much with your phone unless you get assistance from the previous owner, they should either provide you with the password to unlock it or remove their account from the phone entirely remotely through iCloud.com > Find My Phone.

  • Help!How can I find the name of a calling procedure from within a procedure/function?

    Is there anyway to find out the name of calling procedure(database) from within a database stored procedure/function? This is required for creating an auditing module.
    Thanks,
    Abraham
    ===========
    email:[email protected]

    You can use this query to get the procedure names that are calling your procedure.
    SELECT name FROM all_Dependencies
    WHERE upper(referenced_name) = 'YOUR_PROC_NAME'
    In your procedure, you can get these values into a cursor and then use them one by one.
    Hope this would help.
    Faheem

  • Updated to firefox 4.0. since then my computer is very slow accessing the internet, websites and getting information from within a website.

    Over a week ago I updated my computer to Firefox 4.0. Since then my computer is very slow accessing the internet, websites and getting information from within a website. Also, a tool bar has shown up for YAHOO which I did not request. The old detailed tool bar for Firefox has disappeared. All that now shows for Firefox is the area to enter website urls and an area to enter topic for a Google Search.
    Many times I have to exit Firefox and re-enter it later to access the internet.
    Please advice what I need to do to get back to the speed I had with the older version of Firefox.
    Thank You,
    Dennis

    Over a week ago I updated my computer to Firefox 4.0. Since then my computer is very slow accessing the internet, websites and getting information from within a website. Also, a tool bar has shown up for YAHOO which I did not request. The old detailed tool bar for Firefox has disappeared. All that now shows for Firefox is the area to enter website urls and an area to enter topic for a Google Search.
    Many times I have to exit Firefox and re-enter it later to access the internet.
    Please advice what I need to do to get back to the speed I had with the older version of Firefox.
    Thank You,
    Dennis

  • What is the option client certificate for user authentication used for?

    Hi All,
    I have to work on a FTPS - XI -SAP scenario.
    I can see an option for client certificate for user authentication when security is enabled for the FTP adapter. what exactly is this option used for?
    P.S: I went through sap help but couldnt quite understand.

    Thanks a lot Mark.
    So for a FTPS -> XI -> SAP scenario the following settings are required.
    1. I have to create a certificate in Visual Admin for the XI server , send a csr to a CA and get it signed by them, and i have to add this to the ssl_service view.
    2. I have to hand over the public key to the FTPS server & this key will be used for encryption of the file
    the above 2 steps are mandatory.
    If i choose to use the client certificate option , i have to get the client certificate from the FTPS server and add it into the TrustedCAs list. This certificate is just to imply that the client is what it claims to be.
    Will this certificate be used for encryption?
    To make it clear let me put it this way. The certificate created in the XI Server is used for encryption and also for ascertaining that the its what it claims to be.
    The clients certificate option is used only to make sure that the client is what its claiming to be & this is not used for encryption?

  • Asking specific client certificate (not certificates trusted by authority)

    As I understand from what I read so far, during the handshake negotiation for two way ssl, the server sends the client a list of trusted certificate authorities and say to the client: "hey, those are the authorities I trust. send me a certificate that can be verified by one of them".
    I also read how you can customize SSLSocketFactory to, on the client side, look for a specific certificate alias (http://www.ibm.com/developerworks/java/library/j-customssl/). I would like to move this idea further and ask for specific certificates depending on what resources the user is trying to access.
    For example:
    Let's suppose I have two resources on my server called "bobPrivateStuff" and "alicePrivateStuff". I also have a certificate authority who can validate both Bob and Alice certificates on a custom trust keystore. In a regular scenario, the server will ask for a client certificate and will accept either Alice or Bob certificate, as both can be verified by the custom trust.
    But what if Alice can't access "bobPrivateStuff"? What if when trying to open a connection, to say http://myserver.com/services/bobPrivateStuff, the server asks specifically for Bob's certificate? Can I setup the handshake in a way it will actually ask for Bob's certificate instead of only just "any certificated trusted by this CA"?
    And what piece of information could be used to distinguish one certificate from another? Is the serial number unique between multiple certificates? Is this pushing the envelop too much and trying to use SSL for more than what it is intended for?

    I agree 100%. It's just that we want to use certificates to validate the client's identity (instead of relying on username/password).Fine, that's exactly what SSL & PKI will do for you.
    It might not be elegantBut it is!
    See my point?Of course I see your point. SSL already does that. I said that. You agreed. I agree. What it doesn't do is the authorization part. Because it can't. It isn't meant to. You are supposed to do that.
    Instead of the server asking for a specific certificate, it justs checks if the certificate sent by the client has access to the resource.Not quite. It should check if the identity represented by the client certificate (Certificate.getSubjectX500Principal(), or SSLSocket.getSession().getPeerPrincipal()) has access to the resource.
    This way, we can leave the server untouchedNo you can't. The server has to get hold of the client principal after the handshake and authorize it against the resource.
    if Bob wants to access some resources, Bob has to prove he is who he says he is.You're still confused. That's authentication, and SSL already does that for you. SSLSocket.getSession().getPeerPrincipal() returns you the authenticated identity of the peer. The server then has to check that that identity can access that resource. This is 'authorization'. You can't automate it via keystores and truststores. That's not what they do and it's not what they're for.
    So I think it is perfectly plausible to do this kind of verification on the server side (i.e. "hijack" a certificate sent to validate the ssl handshake to also verify if the user has the correct privileges).There's no 'hijacking' about it, but you're concentrating on the certificate instead of the identity it represents. A client could have a large number of certificates that all authenticate the same identity. You need to think in terms of authorizing Principals to access resources.

  • Manually sign the netware client certificate

    We have Netware 6.5 SP8 and we want to upgrade our Windows 7 clients to "Netware client 2 SP3 for Windows 7 IR4". I have 2 questions:
    1) what is command line to digitally sign the client certificate? Or another way to ask it, what is the DOS command line to digitally sign the client certificate so that I do not have the popup box confirming the installation of the certificate?
    2) I can export the certificate from a computer, but what type of certificate is it? When I go into the certmgr.msc utility to export the certificate, there is a list of types to choose from and I don't which type to select?
    Thanks....

    On 01/11/2013 14:46, ncharleyhog wrote:
    > We have Netware 6.5 SP8 and we want to upgrade our Windows 7 clients to
    > "Netware client 2 SP3 for Windows 7 IR4". I have 2 questions:
    >
    > 1) what is command line to digitally sign the client certificate? Or
    > another way to ask it, what is the DOS command line to digitally sign
    > the client certificate so that I do not have the popup box confirming
    > the installation of the certificate?
    >
    > 2) I can export the certificate from a computer, but what type of
    > certificate is it? When I go into the certmgr.msc utility to export the
    > certificate, there is a list of types to choose from and I don't which
    > type to select?
    Section 2.6.1 of the Novell Client 2 SP3 for Windows Administration
    Guide[1] includes the following (note the two Microsoft links in the
    last paragraph):
    --begin--
    For the Novell Client, the certificate used for Authenticode signing is
    the Verisign public certificate for Novell, Inc. The best way to obtain
    the correct certificate for use in the Trusted Publishers list is to
    install the Novell Client on a Windows machine, then select the Always
    trust software from Novell, Inc. option when prompted. Then use the
    Microsoft Certificate Management Console (certmgr.msc) to export the
    Novell, Inc. certificate visible in this Windows machine's Trusted
    Publishers certificate list.
    The exported certificate can be used to pre-distribute Novell, Inc. as a
    Trusted Publishers certificate on Windows machines using any of the
    methods Microsoft makes available for pre-loading certificates used by
    Authenticode-signed software. This includes Microsoft support for
    distributing certificates during unattended installations of Windows, or
    through the use of Group Policies.
    For more information on the options provided by Microsoft Windows for
    distributing software publisher certificates, see the "Deploying
    Authenticode Digital Certificates in an Enterprise" section of Using
    Authenticode to Digitally Sign Driver Packages for Windows Server 2003
    (Authenticode.doc,
    http://www.microsoft.com/whdc/driver...henticode.mspx), and the
    Microsoft Windows Group Policy documentation
    (http://www.microsoft.com/grouppolicy/).
    ---end---
    HTH.
    [1]
    http://www.novell.com/documentation/...a/bqgnrgi.html
    Simon
    Novell Knowledge Partner
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.

  • How to get the client's IP address from within Java Studio Creator JSP/Java

    Hi there.
    I just started using the Java Studio Creator 2 and now I need to get hold of the client IP address - this should be part of the request, but I cannot fint the right way to get hold of that information. I want to be able to access this information from within the Java-code in a JSP/JSPF-page.
    Is there a new way of doing:
    request.getRemoteAddr();
    This is the way I remember it from the JSP/Servlet-days...
    Sincerely,
    - Oystein Saebo -

    javax.servlet.http.HttpServletRequest req = (javax.servlet.http.HttpServletRequest) getExternalContext().getRequest();
    req.getRemoteAddr();

  • How to handle Client Certificate authentication using URLRequest/URLLoader

    Hi All,
    I developed an AIR Application which communicates with a server. Protocol used for communication is HTTPS, and server has a valid certificate.
    So whenever AIR App, communicates with the server, a dialogue box prompts to select the client certificate just as show below.
    So here what I am looking at is, Any method is available to prevent this prompt.
    I have already tried the method of Enabling "Dont Prompt for client certificate selection when only one certificate exists", Of course this method will work only if multiple certificate exists, so what if multiple certificate exists.
    How an air application can handle that?
    So any one find any way to handle this. I am using URLRequest for commnicating with server.
    Here is the code snippet I have used.
    var request:URLRequest = new URLRequest(url);
    request.method = URLRequestMethod.GET;
    var urlLoader:URLLoader = new URLLoader();
    urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
    urlLoader.addEventListener(Event.COMPLETE, loaderCompleteHandler)
    urlLoader.addEventListener(Event.OPEN, openHandler);
    urlLoader.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler);
    urlLoader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
    urlLoader.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);//, false, 0, true);
    Please help me...
    Thanks
    Sanal

    Yes it is possible. Refer
    Using Certificates for Authentication [http://docs.sun.com/app/docs/doc/820-7985/ginbp?l=en&a=view]
    SSL Authentication section in [http://docs.sun.com/app/docs/doc/820-7985/gdesn?l=en&a=view]
    client-auth element in server.xml [http://docs.sun.com/app/docs/doc/820-7986/gaifo?l=en&a=view]
    certmap.conf [http://docs.sun.com/app/docs/doc/820-7986/abump?l=en&a=view]
    certmap.conf should have verifycert "on", and lets say this certmap is called "cmverify" :
    certmap cmverify    default
    cmverify:DNComps
    cmverify:FilterComps    uid
    cmverify:verifycert onIn serve.xml we should have <client-auth> "required" and lets say we have an auth-db named "ldapregular":
    <http-listener>...
      <ssl>...
        <client-auth>required</client-auth>
      </ssl>
    </http-listener>
    <auth-db>
      <name>ldapregular</name><url>ldap://myldap:369/o%3DTestCentral</url>
      <property><name>binddn</name><value>cn=Directory Manager</value></property>
      <property><name>bindpw</name><value...</value><encoded/></property>
    </auth-db>In ACL file we should have method = "ssl", database = "ldapregular" and certmap = "cmverify" :# clientauth against LDAP database with special certmap which has verifyCert on
    acl "uri=/";
    authenticate (user,group) {
        prompt = "Enterprise Server";
        method = "ssl";
        database = "ldapregular";
        certmap = "cmverify";
    deny (all) user = "anyone";
    allow (all) user = "alpha,beta,gamma";

  • How to install and use a client certificate for use with https sites on Android?

    I need to be able to install a .p12 client side certificate to be sent to the admin section of my company's site to authenticate me as an employee. In FireFox for PC there is the ability to install this client certificate. In the mobile I cannot figure out how to get this to work.
    I just bought an Asus Transformer Android Tablet running Honeycomb. I have tried the following method below:
    http://support.mozilla.com/en-US/questions/786035
    I get to the screen where I am able to present and choose a certificate but I still get the (Error code: ssl_error_handshake_failure_alert).
    Now that Android is really picking up steam, there needs to be a way to install client side certificates to present to sites requesting them.
    Is there another way to hack the system to allow or install a client side certificate in .p12 format?

    Sorry, there's not a good way to install client certificates in Firefox 4 for Android. A bug has been filed, and any work that we do on adding this feature will be tracked here:
    https://bugzilla.mozilla.org/show_bug.cgi?id=478938

  • Designing the structure of jsp pages using xml

    how can i design the structure of the jsp using xml file?

    The structure of the JSP? I don't know what that means. Perhaps you can explain why you thought using XML for that would be a good idea, that might help us comprehend the question.

Maybe you are looking for


HashFlare