SSL Cert used to sign Jars for distribution via WebStart

Hi,
I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
Certificate chain not found for: myalias  myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
xxx.cabundle (this can be imported into keytool easily)
cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
private/xxx.key
My questions I suppose are:
1. Can I use a cert issued for SSL to sign jars for webstart distribution?
2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
Any help would be appreciated!
Rich

Hi,
yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
Sent from Cisco Technical Support Android App

Similar Messages

  • My Apple ID was used to sign in to iCloud via unknown a web browser. Where can I get log files ?

    My Apple ID was used to sign in to iCloud via unknown a web browser. Where can I get log files ? IP address ?

    As léonie pointed out, you need to check whether or not this is really from Apple.

  • Error when i try to sign .jar for webutil

    i have try to use signwebutil.bat in webutil 1.0.6 but i have the follow error_
    Generating a self signing certificate for key=webutil2...*
    Errore keytool: java.lang.Exception: Non è stata generata la coppia di chiavi, l'alias <webutil2> è già esistente*
    +.+
    There were warnings or errors while generating a self signing certificate. Please review them.*
    +.+
    Backing up d:\w\jacob.jar as d:\w\jacob.jar.old...*
    +1 file copiati.+
    Signing d:\w\jacob.jar using key=webutil2...*
    +.+
    There were warnings or errors while signing the jar. Please review them.*
    Generating a self signing certificate for key=webutil2...*
    Errore keytool: java.lang.Exception: Non è stata generata la coppia di chiavi, l'alias <webutil2> è già esistente*
    +.+
    There were warnings or errors while generating a self signing certificate. Please review them.*
    +.+
    Backing up d:\w\frmwebutil.jar as d:\w\frmwebutil.jar.old...*
    +1 file copiati.+
    Signing d:\w\frmwebutil.jar using key=webutil2...*
    +.+
    There were warnings or errors while signing the jar. Please review them.*

    Maybe you could try to change the values in your sign_webutil.bat file:
    REM Give your alias key here.
    REM
    SET JAR_KEY=webutil3
    REM
    REM Key Password for the given key to be used for signing.
    REM
    SET JAR_KEY_PASSWORD=webutil3
    REM
    REM Number of days before this certificate expires
    REM
    SET VALIDDAYS=360
    Francois

  • Old Apple ID used to sign in for App Store

    My iPhone 5s will not let me update any of my Apps because it's asking for an old Apple ID.  I can't remember that password.  I have a new Apple ID that I have set up under General for everything, including the App store.
    I deleted that app that was purchased using the old Apple ID, but I still can't update the Apps.  When you open the App Store, and scroll down to Favorites , the NEW ID is listed  but it still wants the OLD ID to update Apps.
    I logged into ALL of my Apple IDs (my phone, husband's phone, kids' iPod, and the iPad) and made sure the Old ID was not listed anywhere.  It's not.
    How can I get rid of the OLD Apple ID and sign in using the NEW ID for updates?
    Thanks!

    Pee_Truck wrote:
    My iPhone 5s will not let me update any of my Apps because it's asking for an old Apple ID.  I can't remember that password.  I have a new Apple ID that I have set up under General for everything, including the App store.
    I deleted that app that was purchased using the old Apple ID, but I still can't update the Apps.  When you open the App Store, and scroll down to Favorites , the NEW ID is listed  but it still wants the OLD ID to update Apps.
    I logged into ALL of my Apple IDs (my phone, husband's phone, kids' iPod, and the iPad) and made sure the Old ID was not listed anywhere.  It's not.
    How can I get rid of the OLD Apple ID and sign in using the NEW ID for updates?
    Thanks!
    The mistake was creating a new Apple ID, rather than changing the email address on the old one, or recovering the password for the old one. If you had done either of these there would be no problem with the apps acquired using the old ID, as the apps are associated with the account, not the email address that you used at the time you got them.

  • Integrating AS 10.1.2 and AS 10.1.3 to use Single Sign-on for BI Publisher

    Hi Everyone
    I was trying to make the following demonstration scenario on the AS and the facilities that can afforded by Oracle to our company:
    Note: I have just one machine for demonstration with Win2003 Enterprise
    First of all, I need to build a portal for my company, this portal will be published to the web through port 80 opened by Microsoft ISA Firewall (ISA installed on different machine):
    1- Portal should be integrated with oracle forms and reports with single sign-on
    2- AS, should have single sign-on authentication to work on port 80 only.
    3- Portal should be integrated with BI Publisher 10.3
    For the objectives mentioned above i have done the following:
    1- install AS 10.1.2 (infra and mid-tier) on the same machine with default installation options (http port 7777 for infra and port 80 for MT). (objective 1 = done)
    2- to make sso works on port 80, i have used webcache as reverse proxy for sso, and it's done but i have error (WWC-41400), but it doesn't affect login on portal, and that is my first problem.
    3- To have BI Publisher to work and authenticate users using single sign-on on port 80 (from outside), I had to install AS 10.1.3 (http on port 7779) on the same machine mentioned above, and then deploy BI Publisher on it, and that was ok, but problem is how to make use of single sign-on to authenticate people listed in oracle internet directory of INFRA installation mentioned above to use BI Publisher on port 80 only.
    So, could anyone please guide me in problem 2 and 3.
    Thanks in advance.
    Anas

    a couple of parameters not configured inside the Tomcat files. Now the SSO is working.
    SNC is not required for sso in bi 4.0
    http://wiki.sdn.sap.com/wiki/display/BOBJ/BI4IntegrationintotheSAPEntreprisePortal+7.0.x
    http://wiki.sdn.sap.com/wiki/display/BOBJ/SetupofSAPSSOServiceinSAPBOBI4.0+CMC
    Best Regards

  • Started creating a web site using iWeb, signed up for MobileMe trial, now iWeb won't work?

    So I started playing around with iWeb and created a web site for my portfolio. I then signed up for a trial of the MobileMe. After I went through the whole setup process for MobileMe...setting up on my iPod Touch, then on my iMac, then syncing all the apps...I back to iWeb to publish my web site to my newly created MobileMe account. Only iWeb was unresponsive. I tried to restart the application. I get as far as the welcome screen with the "Getting Started Video", but there is no iWeb window open behind that. I tried to restart my machine...nothing!
    Now I have this MobileMe trial that is ticking away and I can't even use it. Please help, thanks.
    grafxboy.mac

    Update. After a conversation with Marlon at Apple Support, we have it resolved. As soon as I mentioned that iWeb would launch properly on other profiles, we figured out that it has to be a preference problem. I should have known better, its one of the first things to check. But, I've been away from macs for a little bit, so I'm a little rusty in the troubleshooting dept.
    To trash iWeb preferences:
    1) Quit iWeb
    2) Navigate to:
    User Directory --> Library --> Preferences  --> com.apple.iWeb.plist
    3) Take this file and drag it to your desktop
    4) Relaunch iWeb
    5) If everything works as it should, you can take the preference file you dragged to your desktop and move it to      the recycle bin.
    Somewhere in the MobileMe registration and setup process the preferences for iWeb froze up. Trashing the iWeb preferences fixed the problem.
    If I come across any issues posting site to MM or posting site updates to MM I will update this thread.

  • How to use single sign-on  for BCC and Experience Manager

    Does anyone have experience in implementing single-sign-on for BCC and Endeca Experience manager for business users.

    With the older versions of Endeca commerce stack there is no OOTB support for this. However with Oracle Commerce 11, SSO with BCC and Experience Manager are out of the box. Oracle Commerce 11 is released today.

  • Signing Jars For JWS

    My company just got me a Java coding signing cert from Verisign for signing the jar files used by our JWS application. At first I could not get cert to inport using keytool. So based on a suggestion from someone, I imported the cert into IE to verify it was a valid cert. This worked fine, so I exported the cert from IE in 509 format. I was then able to import the cert into a keystore. The problem is when I attempt to sign my jar files I get the error: jarsigner: Certificate chain not found for: signfiles. signfiles must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
    What does this mean, and how do I fix it?
    Thanks,
    Jim Urban

    I got the same error.
    But then I found out that a pkcs12 file could be used directly as a keystore by jarsigner. So you can skip the keytools step.
    I exported my certificate from Netscape Communicator using the Security tool as a .p12 file. Then I pointed jarsigner at my pkcs12 file.
    jarsigner -storetype pkcs12 -keystore cert.p12 MyClasses.jar keyname
    You can find your keyname alias by entering:
    keytool -list -storetype pkcs12 -keystore cert.p12

  • Permissions Error Dispite using a Signed Jar

    I have developed a PC program that has a built in web server for talking with and relaying command to a device attached to the COM port. Now Right now I'm using JavaScript to talk with the programs web interface. Now this brought browser compatibility issues though, because commands could be relayed to the programs web interface from a cross domain. Dispite adding in the needed header output records to allow it. Only one browser had the ability to do this. So I created a extremely basic java applet that just opens the web pages on the programs web server and returns the output from the web server to a Javascript function on the parent document to be handled as needed.
    Now while this worked great going from localhost to localhost. I then moaved the applet to another computer on the network and tired localhost again and got:
    java.security.AccessControlException: access denied (java.net.SocketPermission localhost:988 connect,resolve).Well at first I thought "Oh I forgot to sign the jar." So i signed the jar file and it still kicked back the same error.
    Now the only way i could get rid of the error was adding a policy entry, but that is not acceptable because of a number of reasons. So it could very well be something in my code. Though I'm not sure. As you can see below it is very simplistic.
    public void CallTimeServ(String Target)
             URL                url;
             URLConnection      urlConn;
             DataInputStream    dis;
               try {
                   url = new URL(Target);
                   urlConn = url.openConnection();
                  urlConn.setDoInput(true);
                  urlConn.setUseCaches(false);
                  dis = new DataInputStream(urlConn.getInputStream());
                  String JSon;
                  while ((JSon = dis.readLine()) != null)
                       ContentsRetrived(JSon);
                  dis.close();
              } catch (MalformedURLException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
              } catch (IOException e) {
                   // TODO Auto-generated catch block
                   e.printStackTrace();
         public void ContentsRetrived(String msg)
              try
                   msg = msg.replace("'", "\'");
                   getAppletContext().showDocument(new URL("javascript:ContentsRetrived('" + msg +"')"));
              catch (MalformedURLException me) { }
         public void init()
        }So any one have any ideal on how to to do this. With out requiring a policy file entry?

    Phil - did you check out http://otn.oracle.com/products/forms/pdf/SigningJint13.pdf
    regards
    Grant Ronald
    Forms Product Management

  • A few questions about signing JARs for Web start

    I'm still a bit new to all this, so just want to clear a few things up.
    I'm currently trying to publish an application using Web start, so i know I have to sign all the JARs, as it needs to do some writing to the hard drive.
    1. I have my main JAR file, and then two "third party" JAR files in the /lib subfolder, I take it I need to sign those two as well, does it matter that I don't have the .class file for those two, as I didn't write them?
    2. I'm running the JARSIGNER program with exactly the same command line apart from the filename of the .jar file, is that correct? or do I need a different certificate for each .jar file?
    Just can't seem to get all three signed, Web start says one different one isn't signed each time I try it out.
    3. When signing, does it add something to the end of the JAR file itself? as I can't see any extra files created.

    Signing adds entries in the mainifest, not in the main file list in the jar file.
    You can sign third party jar files, but it is not advisable. An alternative is to put third party jars in a seperate extension jnlp file, if they need all-permissions, you can get the third party jars already signed by whoever supplied them. If not, you do not need to request all-permissions in the extension jnlp file, and that part of the code will be run in the secure sandbox.
    /Andy

  • Use single sign on for multiple portal domains

    Is it possible for a user to sign on once to a domain, and then be able to access other domains. What I'm trying to do is have one user registration page/login page, but use different portal server domains to present different sites, while at the same time having a type of single sign on, once a user has entered his credentials. Thus my registration process will create a new ldap user in an external directory, and i can then just point all the different domains to that External Ldap directory.

    I wouldn't recommend this because it would affect performance plus there are potential other issues like conflict that you would run into ..
    Everytime a user logs into a new session is created for him and this means a user might have multiple sessions on the server. The cookie that is also set is dependent on per portal domain so it might not work ..
    An alternative approach might be to have multiple roles and then customize the role for different views. You can modify the membership code in such a way that based on certain criteria you can assign him to a particular role, equivalent to your domain. However the problem could be if you want to provide delegated admin, currently the delegated admin is only at a domain level.

  • [SOLVED] enable apache ssl to use httpS at will for any vhost

    Hi,
    I have enabled ssl on my apache install without a problem by including the file httpd-ssl.conf in my http.conf.
    I have tested access by trying to access my phpmyadmin install by going to my site: https://example.com/phpmyadmin
    However, when trying to use a vhost with https, it doesn't work, I get redirected to a default page (first configured vhost) as https.
    If I modify the vhost like this, adding 443:
    <VirtualHost *:80 *:443>
    </VirtualHost>
    I get an error "(Error code: ssl_error_rx_record_too_long)".
    If I just add to the vhost config file instead like this:
    NameVirtualHost *:80
    NameVirtualHost *:443
    SSLStrictSNIVHostCheck off
    then I still only get the default site, but not my vhost site under ssl.
    Any pointers on getting this to work? I want to be able to universally add an "s" to "http" for any vhost whenever I feel like it to encrypt traffic...
    Thanks!
    EDIT: Here's the solution I found. I disabled ssl on apache by commentingout the httpd-ssl.conf-Include directive in httpd.conf.
    Then I installed stunnel and pointed it to my server key and certificate and enabling https connections to forward to port 80 on localhost.
    One gotcha to look out for was to put "https: ALL" into the /etc/hosts.allow file as stunnel apparently uses this to decide whether a client can connect.
    Last edited by awayand (2011-04-24 12:10:46)

    Apache is already listening on 443, otherwise it wouldn't work at all when I access https://example.com/phpmyadmin. My problem is that instead of responding by serving the requested vhost, apache serves only the default vhost page. For example, https://x.example.com, https://y.example.com, https://z.example.com all serve my default page at https://example.com instead of the corresponding vhost. Any idea as to what to configure so that apache serves the requested vhost under https?
    EDIT: clarification
    Last edited by awayand (2011-04-23 04:39:02)

  • Using self-signed certificates for HTTPS

    I want to enable HTTPS protocol with WebLogic Server 5.1
    I want to use a self signed certificate generated with the JDK keytool.
    I've successfuly generated it and exported a dummy.cer file.
    I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
    and I've got this exception
    java.lang.NullPointerException:
    at weblogic.security.RSAKey.toString(RSAKey.java:203)
    at java.lang.String.valueOf(String.java, Compiled Code)
    at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
    at weblogic.security.X509.toString(X509.java:261)
    at java.lang.String.valueOf(String.java, Compiled Code)
    at java.lang.StringBuffer.append(StringBuffer.java, Compiled Code)
    at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java, Compiled
    Code)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
    Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
    What's the right way to do this ?
    [dummy.cer]

    H Jerome,
    The certificate may have been generated incorrectly but I would suggest logging
    a support case.
    Kind Regards,
    Richard Wallace
    Senior Developer Relations Engineer
    BEA Support.
    "Jerome Cahuzac" <[email protected]> wrote:
    >
    >
    >
    I want to enable HTTPS protocol with WebLogic Server 5.1
    I want to use a self signed certificate generated with the JDK keytool.
    I've successfuly generated it and exported a dummy.cer file.
    I've updated the weblogic.properties file with weblogic.security.certificate.server=dummy.cer
    and I've got this exception
    java.lang.NullPointerException:
    at weblogic.security.RSAKey.toString(RSAKey.java:203)
    at java.lang.String.valueOf(String.java, Compiled Code)
    at java.lang.StringBuffer.append(StringBuffer.java, Compiled
    Code)
    at weblogic.security.X509.toString(X509.java:261)
    at java.lang.String.valueOf(String.java, Compiled Code)
    at java.lang.StringBuffer.append(StringBuffer.java, Compiled
    Code)
    at weblogic.t3.srvr.SSLListenThread.insertIntoCAChain(SSLListenThread.java:206)
    at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java,
    Compiled
    Code)
    at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java, Compiled Code)
    at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
    at java.lang.reflect.Method.invoke(Native Method)
    at weblogic.Server.startServerDynamically(Server.java:99)
    at weblogic.Server.main(Server.java:65)
    at weblogic.Server.main(Server.java:55)
    at weblogic.NTServiceHelper.run(NTServiceHelper.java:19)
    at java.lang.Thread.run(Thread.java:479)
    mar. dÚc. 18 12:20:03 GMT+01:00 2001:<E> <SSLListenThread> Security Configuration
    Problem with SSL server certificate file (d:\weblogic\myserver\dummy.cer)
    What's the right way to do this ?

  • Viewer Builder signing failure for distribution viewer

    I'm having the following problem:
    I"m able to download the developer ipa from Viewer Builder with no problems, but when I try to download the distribution build, I get a VB error, "signing failure."
    this indicates to me that there is a problem perhaps with my p12 and mobile provisioning profile, but I've done all that correctly, as far as I know, and tried multiple times to reproduce from Apple's provisioning portal, but nothing works.
    is anyone else having this problem?

    Yes, I've been having this issue since last Friday. But, my ipa isn't working either....

  • Using a passed parameter for distribution purposes

    Good day all!
    I am passing a parameter from forms to the DESNAME parameter in reports. The problem I am having is that when I go to distribute the report, it fails due to not having a distribution list. Do I have to hardcode the email address in the DESNAME parameter in the report in order to distribute it? If not, how do I set he DESNAME parameter in the distribution list to accept a value that has been passed in. I have tried doing :DESNAME := :PASSED_VALUE, but I'm not sure where to go from there. Any ideas would be great.
    Thanks,
    Adam

    Hello,
    Oracle® Application Server Reports Services Publishing Reports to the Web
    10g Release 2 (10.1.2)
    B14048-02
    15 Creating Advanced Distributions
    15.2.2 Using Variables Within Attributes
    http://download-uk.oracle.com/docs/cd/B14099_17/bi.1012/b14048/pbr_dist.htm#i1007338
    Regards

Maybe you are looking for

  • How do I move iWeb files from my Mac Mini to my Macbook Air?

    Just bought a new Macbook Air and trying to work on websites I created on Mac Mini - cant seem to figure out how to import them into my Macbook Air

  • Function upload text file or from clipboard in Bex with BI 70

    Will it be possbile to use the function to upload data in from a text file or from clipboard with BI 70? With older BW versions it was possible to fill a variable with lists. Can someone help where I can find information about this issue? Best Regard

  • File CC not picking file after module is added

    Hi Experts, I am trying to develop an sample adapter module just to pick the name of the file and put it in the payload. I managed to deploy the module through SDM and it is showing as active in the visual admin. But when I run the interace it doesn'

  • Help with a function

    I have the following records in a table SARAPPD_PIDM     SARAPPD_TERM_CODE_ENTRY     SARAPPD_SEQ_NO     SARAPPD_APDC_CODE                   SARAPPD_APDC_DATE 2232040            200990                                                   1               

  • TimesTen SQL with group by returning multiple rows

    I have a Active-Standby TimesTen nodes. Using group by with or without having clause: Whenever I do a group by query on table1 table with or without having clause, SQL returns multiple rows. This looks very strange to me. Each time it gives different