Accessing X509 certificate info

Similar Messages

• How can I retrieve/compute an X509 certificate's thumbprint in Python and then use it for accessing Service Management APIs from Python SDK?

  Hello,
  I am using Azure Python SDK to perform calls to ServiceManagement APIs.
  I have a .publishsettings file generated for my account which includes an encoded version of my X509 certificate and all of my subscription IDs.
  How can I retrieve/compute an X509 certificate's thumbprint in Python?
  Following is the code snippet that helps us do it in .Net.
  Is there a similar approach to do it in Python?
  var publishSettingsFile = @"C:\temp\CORP DPE Account-11-16-2011-credentials.publishsettings";
  XDocument xdoc = XDocument.Load(publishSettingsFile);
  var managementCertbase64string = xdoc.Descendants("PublishProfile").Single().Attribute("ManagementCertificate").Value;
  var importedCert = new X509Certificate2(Convert.FromBase64String(managementCertbase64string));
  thumbprint = importedCert.Thumbprint;
  Once I have the thumbprint, how can I use that thumbprint to access Service Management APIs from Python SDK?
  Thank you in Advance!
  Regards,
  Vaibhav Kale

  Hi,
  Please have check on the below article and check if it helps.
  http://azure.microsoft.com/en-in/documentation/articles/cloud-services-python-how-to-use-service-management/
  Regards,
  Mekh.

• Mapping X509 certificate to User

  Hello Everybody,
  I am accessing SAP R/3 Function module from the outside(JAVA Application) using JCO connections.
  I got sucess doing this using Basic authentication.
  I have passed fix username and password to connect to the SAP R/3 from my JAVA program.
  But, now i want to pass X509 certificate from my Java application to SAP R/3 for authentication. I have completed my work from JAVA side. But at SAP R/3 side i don't know where to add this X509 certificate and how to map this certificate to perticular user in SAP R/3.
  If anyone knows then please help.
  Its urgent, so if anybody has some idea then please help.
  Thanks in advance,
  Bhavik
  Message was edited by: Bhavik Devisha

  Through the T-Code : PFCG you have to create the Authorization group .
  the authorization group should contain the object:
  Z:PO_APPROVER_00 ( Authorization group name).
  Add manually the object.
  First select the object  MM_E (Materials Management: Purchasing)
  Under that select M_EINK_FRG
  Assign values properly to the
  Release code: FRGCO
  Release group :FRGGR
  After that use the T-Code : SU01 to provide the rights to the user XYZ.
  By
  Subrahmanian

• Assign/Map X509 certificate to the SAP User

  Hello Everybody,
  I am accessing SAP R/3 Function module from the outside(JAVA Application) using JCO connections.
  I got sucess doing this using Basic authentication.
  I have passed fix username and password to connect to the SAP R/3 from my JAVA program.
  But, now i want to pass X509 certificate from my Java application to SAP R/3 for authentication. I have completed my work from JAVA side. But at SAP R/3 side i don't know where to add this X509 certificate and how to map this certificate to perticular user in SAP R/3.
  If anyone knows then please help.
  Thanks in advance,
  Bhavik

  Hi Sanjeev,
  Thanks for your reply.
  I will do that. and let you know shortly.
  Regards,
  Bhavik

• Encrypt XML with X509 certificate

  I encrypt XML document with X509 certificate, I use this example http://msdn.microsoft.com/en-us/library/ms229744.aspx
  <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
  <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
  <X509Data>
  <X509Certificate>
  MIIDrTCCApWgAwIBAgIKYezy3wACAAAAKDANBgkqhkiG9w0BAQUFADAPMQ0wCwYDVQQDEwRKYW5vMB4XDTA5MDkyNjExMjkzMloXDTEwMDkyNjExMzkzMlowFjEUMBIGA1UEAxMLSnVyYWogRHVkYWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKwgdaszEg+7OusxZ3zzZRE5rCbgCsKSDXXoJyaN59mkVlO85q8E2G4AScIJodZSwWsmJfGMfXD7uG7bV6GFBywbh5gwkULx4q0+BrZv5B7rNeFIk53kUnHc6yq2noV/lC4vuglNo7JTHnkChl3A76cgjJjeNWMEEWGvLiXtL3jLAgMBAAGjggGGMIIBgjAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggqhkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMHMB0GA1UdDgQWBBQeo685XNPPCk6vDCY+L2Ax1fKcfTATBgNVHSUEDDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSXDAdY3AYa2WptwUfBKCVxaP3E+DBZBgNVHR8EUjBQME6gTKBKhiJodHRwOi8vamFuby9DZXJ0RW5yb2xsL0phbm8oMikuY3JshiRmaWxlOi8vXFxqYW5vXENlcnRFbnJvbGxcSmFubygyKS5jcmwwegYIKwYBBQUHAQEEbjBsMDMGCCsGAQUFBzAChidodHRwOi8vamFuby9DZXJ0RW5yb2xsL2phbm9fSmFubygyKS5jcnQwNQYIKwYBBQUHMAKGKWZpbGU6Ly9cXGphbm9cQ2VydEVucm9sbFxqYW5vX0phbm8oMikuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQCZreG1z+1EqNMgvOzJT+Dqa0VbnXYybOL98nwMi6kB+xGXTpdUvguJsUwsU2XAPAvGdny6fVEriI9LHMpWBC90/ptVWAnGO1/Lqu+S1/bllfDxh+1yJVkLtIsO1H+IbqT7pcimtiJpnTba9044qDGsBqI4Up2E18aaeMQxgurD8Jwgxm9ysaLzF4c9BfBSEGlMrOED32x2ZoqJgAhUZYL3ra1RxRfGGZjUT7oTrj443xjyIaMpwvFfqZyyO+KM1LWWtxK/H6trSQ6kXZYzCVtKQREakH5jO2p9Hirkt2/K3SmsUkCqJUqncFycynwe966LEwoV8RWG3bGJzMmt9evS
  </X509Certificate>
  </X509Data>
  </KeyInfo>
  <CipherData>
  <CipherValue>
  </CipherValue>
  </CipherData>
  </EncryptedKey>
  </KeyInfo>
  <CipherData>
  <CipherValue>
  </CipherValue>
  </CipherData>
  </EncryptedData>
  The encrypt XML consit element <X509Certificate>, I don't know what kind of cert info is in this element. In <X509Certificate> are public key, private key or what certificate info?
  Because if I want decrypt I use :
  // Create a new EncryptedXml object.
  EncryptedXml exml = new EncryptedXml(Doc);
  // Decrypt the XML document.
  exml.DecryptDocument();
  I don't must specify X509 certificate to decrypt XML file. How can work method  DecryptDocument()?

  I wonder if the problem here is that <X509Data><X509Certificate> ... </X509Certificate><X509Data> includes a binary copy of the certificate WITHOUT the private key. (It wouldn't make any sense to include the private key...anyone could
  decode it.) The Decrypt method is looking at the enclosed certificate and not finding a private key.
  I think somehow Encrypt has to create an X509ThumbprintKeyIdentifierClause instead, but I haven't figured out how yet.

• WebID (x509 certificate) on Windows Server 2012

  How can a (end) user log in to Windows Server 2012 using his WebID (x509 certificate)?

  Hi,
  I assume that you are talking about smart card logon, which makes it possible for user to logon using a smart card and a PIN (Personal Identification Number).
  More information for you:
  Set up a smart card for user logon
  http://technet.microsoft.com/en-us/library/cc775842(v=WS.10).aspx
  How to implement x.509 certificate-based windows logon and authentication
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0291dee1-1b10-4139-b36d-f1b953f8a09a/how-to-implement-x509-certificatebased-windows-logon-and-authentication?forum=winserversecurity
  I hope this helps.
  Amy Wang

• I'm trying to set up Family Sharing. My settings show that the people I chose are there but I don't see any shared information. How do I access the shared info?

  I'm trying to set up Family Sharing. My settings show that the people I chose are there but I don't see any shared information. How do I access the shared info? All computers are using Yosemite 10.10.1 and are new 13" MacBook Pros.

  Hi wmcknigh,
  Welcome to Apple Support Communities.
  The article below should help you resolve the issue with shared content not appearing after setting up Family sharing on the MacBook Pros.
  If you don't see your family's shared content - Apple Support
  Cheers,
  -Jason

• How can I access the "vision info" in an image

  Hi,
  Development Environment:
  LabVIEW 2012 32-bit (12.0f3)
  Vision 2012
  Description:
  I would like to get more information regarding the "vision info" in an image.
  There is a VI called IMAQ Is Vision Info Present 2 - which tells me whether any vision info is present in the image.
  But then what can I use to read or access this vision info, aside from using IMAQ Read Custom Data - or is this all there is?
  ie.  I have created a template in Vision Assistant using the Template editor and highlighted some mask areas - how can I open this up in LabVIEW and get this information?
  The Vision help files don't seem to define this to a low level of detail.
  Thanks!
  Christopher Farmer
  Certified LabVIEW Architect
  Certified TestStand Developer
  http://wiredinsoftware.com.au
  Solved!
  Go to Solution.

  Hi Christopher,
  Have you tried our IMAQ Get Geometric Template features VI? Information on this VI can be found here: http://zone.ni.com/reference/en-XX/help/370281P-01/imaqvision/imaq_get_geometric_template_features/
  This VI will allow you to reference your created template image and returns the features of that image giving the ‘Feature Type’ and the associated data with that feature. This should allow you to access the data you need.
  Blake C.
  Applications Engineer
  National Instruments
  www.ni.com/support

• I can no longer edit the info for my songs, movies and tv shows.  This occurred since I loaded Windows 7 Pro on my C drive, and then fownloaded ITunes 10.  Why will the program not allow me to access the track info to edit it?

  I can no longer edit the info for my songs, movies and tv shows.  This occurred since I loaded Windows 7 Pro on my C drive, and then fownloaded ITunes 10.  Why will the program not allow me to access the track info to edit it?

  Ah yes school boy error there out of frustration and discontent..
  My issue is with music/apps/films etc not downloading from iTunes / App Store.
  They initially fail and message is displayed stating unable to download / purchase at this time, yet if I retry it says I've already purchased (?) or alternatively I go to the purchased section and there they are waiting with the cloud symbol..
  However some items get frozen in the download window and cannot be retried or deleted. Message appears stating to tap to retry, but even if you stole every bath and sink in the uk you'd still not have enough taps.
  I post here as the iTunes guys are useless in there 'help' and have only advised posting here or phoning apple, at my expense, to explain a problem that could be rectified by forwarding my original email to a techie. However the tech team apparently don't have an email address as they're from ye olde Middle Ages..!
  Anyways I digress.
  So I tried sync to pc, but instead of showing the file as ready to listen/use/view, the iCloud symbol shows and I'm back to square one as the item is unable to download..
  At frustration station waiting for a train from pain...
  All my software is up to date, and had all worked fine prior to the last big iOS update that resulted in all the changes in display and dismay.
  Answers in a postcard :-)
  Much love

• How to install & use x509 certificate in XI 3.0

  Hi gurus,
  Somebody knows as install a x509 certificate in XI 3.0? Is it in Visual Admin?
  Is There some guide?
  When this installed, how we test it? What configuration we must do in Communication Channels and the Receiver Agreement/Sender Agreement? What tool we can use to test the scenario?
  Kind regards

  Hi,
  This is used when you are using FTPS in your communicaiton channel. The Certificates are installed in the visual administration. I have not seen any guide on how to install this. But you have a detailed step  by step procedure of how to install in this link:
  http://help.sap.com/saphelp_nw04/helpdata/en/53/b221e3b466b346860715a550ca987d/content.htm
  Apart from this you may also need to install SAP Java Cryptographic Toolkit. You get some help on this at this link:
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
  Once when you do this your certificates can be seen from the communicaiton channel. In your communication channel in the FTP Conneciton parameters you have to select Conneciton security as FTPS and check the check box X.509 certificates. In keystore if you press F4 you will see the keystore which were installed earlier. Select the keystore and the X.509 Certificate.
  Once you are done with this run your scenario. If you have any errors you will see in communicaiton channel monitoring.
  ---Satish

• Using X509 certificates to create a client in a JCo destination / pool

  Hi,
  Our administrators have set up JCo destinations for us developers to use in connecting to the SAP R/3 back-end.  We need to use X509 certificates instead of username/password to create a connection.  How is this done?  The JCo API doesn't seem to list any class/method combination that is suitable. 
  JCO.createClient allows me to pass an X509 certificate, but it doesn't allow me to specify what JCO.Pool (i.e., JCo destination) to use. 
  JCO.addClientPool seems to allow both, but I don't think I want to really "add" a pool-- don't I just want to "use" a  pre-existing pool, i.e., one of the JCo destinations our administrator has set up? 
  Do I need to create a Client using the X509 certificate and somehow add this Client to the JCO.Pool?  I thought JCo destinations were meant to be pre-established Client pools waiting for a Client to be plucked out of it and used.  Is that wrong?  What am I missing? 
  Thanks in advance for your responses.

  Hi,
  I'm note sure whether you can use prepared JCo destinations in this case. However, if it's possible to use single JCo clients you instantiate when you need them, you have different options depending on whether you have an Enterprise Portal installed on top of your J2EE Engine or not.
  --> Without Portal
  Retrieve the user's current certificate from UME using:
  [code]com.sap.security.api.IUser currentUser = ...;
  java.security.cert.X509Certificate[] certificates = currentUser.getUserAccounts()[0].getCertificates();
  byte[] certBytes = certs[0].getEncoded();
  String encodedCert = someBase64Method(certBytes);
  Properties jcoProperties = new Properties();
  // Add your backend properties like hostname and so on...
  jcoProperties.setProperty("jco.client.user", "$X509CERT$");
  jcoProperties.setProperty("jco.client.passwd", x509Cert);
  JCO.Client jcoClient = JCO.createClient(jcoProperties);[/code]
  --> With Portal installed
  In general: Define your backend system in the Portal's system landscape instead of as JCo destination. Configure it's logonmethod for X.509 certificates. Either use UME's user mapping feature directly via com.sap.security.api.UMFactory.getUserMapping()... to add the certificate properties to the JCO properties, or use some intermediate API, some of which are available in the portal, some of which reside in the J2EE Engine (details if you request them).
  Best regards
  Heiko

• Invoking secure services inside bpel with x509 certificate and weblogic

  Hi, everyone. Here we have a problem with invoking secure webservices (*client authentication*) from a bpel deployed in weblogic that is consuming so much time (more than a week) and don't know what else to try.
  The scenario: we have a bpel process which invokes a series of web services without any security mechanisms. Now, we have to change it to invoke a series of webservices that do exactly the same, but using ssl and client authentication with x509 certificates. The first part of it, the ssl one, is done without any problems. But the second part is not working at all, and we (I) are running out of ideas how to configure it in weblogic.
  The situation: I want to invoke a webservice, say, Service1. It requires client authentication, so I should pass a certificate (*which I already have*). I put that certificate inside a keystore (with keytool -importkeystore, from p12 to jks). With SoapUI I have no problem now to invoke the service now. But, I'm not sure what should I do to make it work in weblogic; after all, the provider keeps answering with a HTTP 403 Forbidden error.
  The actions: inside the weblogic's enterprise manager, in SOA deployments (SOA / soa-infra / default ) I selected my composite, and in the Dashboard (down at Services and references), clicked the particular service (Service1). Then, it took me to another page where I can see statistics about that service, and a tab named Policies. There (in Policies) I have the chance to attach a policy, but I don't know which one is the approppriate; I guest it should be WSS11_x509_token_with_message_protection_service_policy, which in turn asks me to provide a value for keystore.recipient.alias, keystore.sig.csf.key and keystore.enc.csf.key. For this keys, I provide values that I configured in Credentials (Weblogic Domain / Security / Credentials, subtree oracle.wsm.security). My own logic tells me that what I have done is what I should have done, but still no luck :(
  I am sure the keystore is ok (if I rename the keystore file it tells me that the keystore file cannot be found, and if I specify an alias which is not inside the keystore it tells me that the alias is not found and list me valid aliases). I guess I am missing something, somewhere, but after many hours (days, almost 2 weeks) googling, still cannot make it work.
  Any ideas would be apreciated. If anyone knows about a post or article about this, it would be apreciated too, but I can tell is not that I just googled for 25 minutes, but I have spent more than a week googling, trying, analyzing and reading formal documentation, with no results.
  Thanks in advance!

  Try to enable SSL and WS debugging on your WLS. Add the following to your startup script:
  -Dweblogic.webservice.verbose=true
  -Dssl.debug=true
  ..then you might be able to spot if the rejection is based on some handshake problem.

• X509 certificate in SAML2 assertions

  I'm wondering if anyone knows whether Oracle 10g identity management systems can be configured to include an X509 certificate in SAML2 assertions. I'm being told that it can't be done in 10g. Oracle11g appears to have support, and Oracle 10g seems to do it for SAML1.x profiles, but not for SAML2. Is there anyway to configure Oracle 10g systems (either by metadata or by some other config?) to support X509 certificate inclusions?
  If you happen to know why there's such a limitation, would much appreciate it. More background/context below.
  Thanks!
  Roger
  Background:
  Oracle 11g has this option for configuring SAML2 assertions to include the X509 certificate:
  http://docs.oracle.com/cd/E23549_01/oim.1111/e13400/configoif.htm
  Include Signing Certificate in XML Signatures
  If checked, Oracle Identity Federation will add its signing certificate to the XML Digital Signature element of outgoing messages. This can be useful when the remote provider needs the signing certificate included in the message to be able to verify the signature created by Oracle Identity Federation.
  Oracle 10g has this option for SAML 1.x (under Assertion Signing -- "include the certificate in signing"):
  http://docs.oracle.com/cd/E23549_01/oim.1111/e13400/configoif.htm
  ...so can X509 certificates be included for SAML2 in Oracle 10g? If so, how?
  Edited by: 947616 on Jul 19, 2012 12:54 PM

  I'm wondering if anyone knows whether Oracle 10g identity management systems can be configured to include an X509 certificate in SAML2 assertions. I'm being told that it can't be done in 10g. Oracle11g appears to have support, and Oracle 10g seems to do it for SAML1.x profiles, but not for SAML2. Is there anyway to configure Oracle 10g systems (either by metadata or by some other config?) to support X509 certificate inclusions?
  If you happen to know why there's such a limitation, would much appreciate it. More background/context below.
  Thanks!
  Roger
  Background:
  Oracle 11g has this option for configuring SAML2 assertions to include the X509 certificate:
  http://docs.oracle.com/cd/E23549_01/oim.1111/e13400/configoif.htm
  Include Signing Certificate in XML Signatures
  If checked, Oracle Identity Federation will add its signing certificate to the XML Digital Signature element of outgoing messages. This can be useful when the remote provider needs the signing certificate included in the message to be able to verify the signature created by Oracle Identity Federation.
  Oracle 10g has this option for SAML 1.x (under Assertion Signing -- "include the certificate in signing"):
  http://docs.oracle.com/cd/E23549_01/oim.1111/e13400/configoif.htm
  ...so can X509 certificates be included for SAML2 in Oracle 10g? If so, how?
  Edited by: 947616 on Jul 19, 2012 12:54 PM

• X509 Certificate Generation from a URL

  Hi All,
  I can easily create a X509 Certificate from a text file using the CertificateFactory class and display all the fields in the generated certificate.
  Now, I wish to do same thing but using an url instead of a text file. I would like to know the followings:
  1. whether a X509 Certificate (or any other type) is associated with a server represented by the given URL. For instance, say url is http://www.xyz.com, so I wish to know whether this site has a X509 Certificate associated with it.
  2. if yes, I would like to download the certificate and read the certificate contents.
  How to do these two things?
  Can someone throw some light in this connection? Your help will be highly appreciated.
  Regards,
  ~Mohan

  I saw your posting.. I don't have an answer for you, but I need to create some X509 certificates, and I'd really apprectiate it if you could share how you created them from a file..
  thanks,
  Jim

• Signing a x509 certificate

  Does anyone know if it is possible in java to sign a x509 certificate (say in response to a Certificate Signing Request that has been generated by the keytool).
  This is in effect what the CAs do (using their super secret private key!).
  Thanks in advance.

  Check EJBCA a fully functional Certificate Authority - http://ejbca.sourceforge.net/
  There is also some examples on JCSI web site - http://www.wedgetail.com/jcsi/2.2/examples/examples.html