Adding an SSL digial certificate ".cer" file using STRUST

Similar Messages

• How do I automate the import of a certificate (.cer) file within a silent install of FireFox 9.0.1?

  I have created an msi package for FireFox v9.0.1 and I need to include registration of a security certificate (.cer file) in the install. I am deploying the msi via an installation vbScript with SCCM. This will allow me to either include the certificate registration in the msi or as a post-install task in the vbScript. Any assistance would be greatly appreciated.

  See:
  *http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
  *http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README

• Problem in installation of free SSL certificate on Weblogic using keytool

  We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
  Steps followed:-
  1) To generate keystore and private key and digital cerficate:-
  keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
  2) To generate CSR
  keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
  3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
  4) Same certificate is put into same keystore using following command
  keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
  5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
  (intermediateCa.cer file is downloaded from verisign site)
  keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
  6) After this configuration we used weblogic admin module to configure Keystore and SSL.
  7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
  Private key alias: mykey2
  PassKeyphrase: webconkeystorepassword
  Location of keystore: location of webconkeystore.jks file on server
  8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
  Error on console:
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
  <Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
  <Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  If anyone knows the solution ,please help us out.Thanx in advance.
  I was really happy to get reply yesterday from "mv".I was not expecting such instant response.

  Thanx all guys for your interest and support.
  I have solved this issue.
  We have weblogic 9 on unix env.
  Following steps which I followed:
  #generate private key
  keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
  #generate csr
  keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
  Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
  We copied that text file in "ert4nov2009.crt" rt file used below.
  Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
  roo ca in "root4nov2009.cer" file.
  intermediate ca in "intermediateca4nov2009.cer"
  both these files used in
  #import root certificate
  keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
  #import intermediate ca certificate
  keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
  #install free ssl certifiate
  keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
  #after this admin configuration
  In weblogic admin console module, we did following settings:-
  1. under Configuration tab
  a. Under KeyStore tab
  For keystore , we selected "Custom identity and Custom Trust"
  Under Identity,
  Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
  Custom Identity Keystore Type: JKS
  Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
  Same we copied Under "Trust", as we have not created separate keystore for trust.
  Save setting.
  b. Under SSL tab
  Identity and Trust Locations: select "Keystores"
  Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
  Save setting.
  c. Under General tab
  Check checkbox "SSL Listen Port Enabled"
  and mention ssl port "SSL Listen Port"
  Save setting.
  After this activate changes.You might see error on admin module.
  Using command prompt, stop the server and again restart and then try to access using https and port ...
  you will definately get output...
  in our case issue might be due to key size..we used 1024 key size ..it solve problem.
  for your further reference plz find link below..it is also helpful.
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674

• My Military web site requires a certificate. My certificate that is loaded on mycard reader is a .cer file , foxfire wants a pkcs12 file so I can't load my certificate in foxfire.Why does foxfire not accept my .cer ?

  When I try to go to web sight https://sscc-fe-03.med.navy.mil/EXCHANGE I get the message "this page requires a client certificate. I have a Activcard card reader hooked up to USB port with my security inserted. I try to import my certificate into foxfire and it will only accept a pkcs12 file and my certificate is a .cer file. All the checks I do on my card reader show it is working properly and my security card works fine when on work computer but at home I have this problem. How can I get foxfire to accept my .cer certificate when I try to import it or read it off my card reader?
  Thanks

  I am running Firefox 12.0. It is not able to import the p12 files which wasn't a problem on the older versions or IE. The error message is either:
  PKCS#12 operation failed for unknown reasons
  or
  Failed to decode the file. Either it is not in PKCS#12 format, has been corrupted, or the password you entered was incorrect
  The p12 file I am using is from a certificate test suite from the department of defense. and the file works fine on IE.

• SSL for Weblogic 6.0: Server Certificate Chain File & Verisign

  http://www.bea.com/support/askbea/wls/S-07188.shtml
  This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
  At the end of the article it points me here:
  http://www.verisign.com/repository/root.html
  And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
  Thanks for tips!

  Unfortunately this is a missleading exception you are getting.
  Here is a suggested workaround (at-least to get SSL working )
  https://www.verisign.com/server/prg/browser/root.html
  I have been meet same question as you.
  The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
  Jason Pettiss <[email protected]> wrote:
  http://www.bea.com/support/askbea/wls/S-07188.shtml
  This issue attempts to explain what a "certificate chain file" is for.
  I still don't understand why this is so difficult. Where do I get
  this from?
  At the end of the article it points me here:
  http://www.verisign.com/repository/root.html
  And vaguely tells me to convert the unspecified format on that page using
  a utility from OpenSSL. The format on that page is NOT .pem, what is
  it? Which utility do I use, and HOW do I convert the root server
  CA on that page to .der format?
  Thanks for tips!

• Trying to create a certificate file using keytool -help!

  Hi, I've followed a series of instructions using Terminal to create a certificate. Terminal produced a file and when i open it using Text Edit its about 20 lines long worth of code. I was hoping it would provide a certificate I could use. Maybe it has, I just don't know what I'm looking for!
  Im working in Viewer Builder and I'm in the Provisioning tab trying to enter the "Application ID"
  I'm totally stuck here. Please help!

  I'm using DPS pro. My app is for Android but won't be going as far as Google Play or Amazon. It's for internal use so I want to create an APK file to distribute via email. These are the set of instructions I'm following. I'm struggling to get this to work. What should I see when this has worked? Also what do I need to enter for the Application ID?
  Thanks or your help
  (Mac OS) Create a certificate file using Keytool
  Open Terminal, which is located in the Applications > Utilities folder.
  Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
  1
  keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
  Specifying “10000” sets the expiration date after 22 October 2033.
  Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
  Follow the prompts to specify the certificate information.
  When prompted to confirm choices, enter yes, and then press Return to use the same password.
  A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well.

• Adding jar file in my gerareted jar file using netbean 4.0

  Hi,
  I write an application de process XML file using JDOM. I add the JDom package jar file to my project and everything work fine. But when I generate, my project jar file using netbean 4.0, my generated jar, is not working with the XML files anymore. Everything seems like it didn't include the JDOM jar file?
  Thanks for any help to fix the problem.

  I find that you can not use command-line such as java -classpath add classpath
  it can not work, I use netBeans4.0 i don't whether because of netbeans or java itself.
  you can add classpath in jar's Manifest.mf file
  Manifest-Version: 1.0
  Ant-Version: Apache Ant 1.6.2
  Created-By: 1.5.0_01-b08 (Sun Microsystems Inc.)
  Main-Class: chat.Main
  // add this line
  Class-Path: dir\*.jar //(jar file name)
  X-COMMENT: Main-Class will be added automatically by build

• How can you configure an Exchange Account in Mac OS X to use a SSL client certificate?

  I'm trying to connect the Mail App of Mac OS X to my company's Exchange server. For security reasons you have provide a SSL client certificate to the server. You can convince Safari to use a client certificate by putting it into your keychain and configuring a suitable "identity preference" for the URL of the related site. But the Mail App seems not to use the keychain for this part of the SSL negotiations.
  Since you can configure the client certificate usage for an Exchange Account for the iPhone with the Configuration Utility there should be a way for the desktop App, too. Has someone sorted this issue out already or does the Mail App actually lack of client certificate support?

  I had a nice chat with the Apple end user support which revealed that this feature falls in the responsibility of the business support group. Since I have no appropriate support contract I could ask for help for about 480€ per issue -- nice try
  After more research I found the Configuration Profile Reference, where you get information about Exchange accounts too. Starting with a working iOS-Profile I changed the Exchange account part according to this documentation for OS X. All you have to do is to replace PayloadType com.apple.eas.account by com.apple.ews.account.
  After importing this profile I found the expected Exchange account within the Contacts.app. But the SSL client certificate was still not used and therefore my account not usable.
  You could enable Mail, Calendar & Reminders and Notes within the System Preferences, but neither of these would work due to the missing client certificate support.
  I came to the conclusion that the relevant applications in OS X have no proper SSL Client support build in. Since the underlying libraries and frameworks have everything in place that is really a shame.
  Would be nice, if someone would enforce the developers to do their homework there.

• Encrypt a text file using certificates

  Hello,
  I am trying to encrypt a file using the certificate uploaded through STRUST. But while encrypting I am getting an error, "SSF_API_UNKNOWN_SECTK_ERROR".
  I am using the program SSF01.
  Request your assistance to resolve this issue.
  Also attaching the input screen and output screen screenshots.
  Thanks and Regards,
  Debanjan Das

  Have you properly setup SAP Cryptographic Library on the Application Server? How was the certificate created which you imported into STRUST? See SAP note 662340 for setting up SSF encryption. SAP note 800240 might help you troubleshoot the problems you are having.
  https://service.sap.com/sap/support/notes/662340
  https://service.sap.com/sap/support/notes/800240

• Adding row into existing CSV file using C#

  How to add row to existing CSV file using .NET Code.the file should not be overwrite,it need add another row with data.how to implement this scenario.

  Hi BizQ,
  If you only just write some data to CSV file. Please follow A.Zaied and Magnus  's reply. In general,we use CSV file to import or export some data. Like following thread and a good article in codeproject
  Convert a CSV file to Excel using C#
  Writing a DataTable to a CSV file
  Best regards,
  Kristin
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Error 403.7 - Forbidden: SSL client certificate is required

  Hi people!
  I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
  I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
  I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
  _THE CODE_
  package principal;
  import java.io.BufferedReader;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.FileReader;
  import java.io.IOException;
  import java.net.URL;
  import java.net.UnknownHostException;
  import java.security.KeyStore;
  import java.security.Security;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.KeyManagerFactory;
  import javax.net.ssl.SSLContext;
  import javax.net.ssl.SSLSocket;
  import javax.net.ssl.SSLSocketFactory;
  import javax.net.ssl.TrustManagerFactory;
  import org.apache.axis.client.Call;
  import org.apache.axis.client.Service;
  import entidade.Certificado;
  public class SSLClient {
  private static final int PORT_NUMBER = 443;
  private static final String HTTPS_ADDRESS = "10.200.140.117";
  private static String strCabecalhoMsg = "";
  private static String strDadosMsg = "";
  public static void main(String[] args) throws Exception {
  System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
  System.setProperty("javax.net.ssl.keyStorePassword", "senha");
  System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
  System.setProperty("javax.net.ssl.keyStoreType", "JKS");
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("javax.net.debug","ssl,handshake,record");
  KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
  Certificado.getArranjoCharSenhaCertificadoServidor());
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
  kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
  KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
  ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
  TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
  tmf.init(ksT);
  SSLContext sc = SSLContext.getInstance("SSLv3");
  sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
  SSLSocketFactory factory = sc.getSocketFactory();
  try{
  // method to load the values of the strings strCabecalhoMsg and strDadosMsg
  carregarXMLCabecalhoDados();
  SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
  socket.startHandshake();
  String [] arr = socket.getEnabledProtocols();
  URL url = new URL("https://10.200.140.117/dirNotes");
  HttpsURLConnection.setDefaultSSLSocketFactory(factory);
  HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
  urlc.setDoInput(true);
  urlc.setUseCaches(false);
  Object[] params = {strCabecalhoMsg, strDadosMsg};
  Service service = new Service();
  Call call = (Call) service.createCall();
  call.setTargetEndpointAddress(url);
  call.setOperationName("serviceName");
  String ret = (String) call.invoke(params);
  System.out.println("Result: " + ret);
  catch (UnknownHostException uhe) {
  uhe.printStackTrace();
  System.err.println(uhe);
  catch (Exception uhe) {
  uhe.printStackTrace();
  System.err.println(uhe);
  private static void carregarXMLCabecalhoDados()
  try
  BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
  String str;
  while((str=input.readLine()) != null)
  strCabecalhoMsg += str ;
  System.out.println("Cabe�a: " + strCabecalhoMsg);
  input = new BufferedReader( new FileReader("notas/nota.xml"));
  while((str=input.readLine()) != null)
  strDadosMsg += str ;
  System.out.println("Nota: " + strDadosMsg);
  catch (FileNotFoundException e)
  // TODO Auto-generated catch block
  e.printStackTrace();
  catch (IOException e)
  // TODO Auto-generated catch block
  e.printStackTrace();
  _THE TRACE_
  adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
  *others trusted certs*
  trigger seeding of SecureRandom
  done seeding SecureRandom
  export control - checking the cipher suites
  export control - no cached value available...
  export control - storing legal entry into cache...
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 3953
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
  Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V3
  *many chains and related data*
  Found trusted certificate:
  Version: V3
  Subject:
  *many trusted certificates and related data*
  *** ServerHelloDone
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
  0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
  0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
  0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
  Server Nonce:
  0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
  0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
  Master Secret:
  0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
  0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
  0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
  Client MAC write Secret:
  0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
  Server MAC write Secret:
  0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
  Client write key:
  0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
  Server write key:
  0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  *** Finished
  verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
  main, WRITE: TLSv1 Handshake, length = 32
  main, READ: TLSv1 Change Cipher Spec, length = 1
  main, READ: TLSv1 Handshake, length = 32
  *** Finished
  verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
  %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  setting up default SSLSocketFactory
  use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
  keyStore is : Certificados/certificadoSondaMonitor.jks
  keyStore type is : JKS
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: Certificados\cacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
  adding as trusted cert:
  * many certificates*
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
  export control - checking the cipher suites
  export control - found legal entry in cache...
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 3953
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
  Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  many chains again
  *** ServerHelloDone
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
  0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
  0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
  0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
  Server Nonce:
  0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
  0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
  Master Secret:
  0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
  0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
  0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
  Client MAC write Secret:
  0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
  Server MAC write Secret:
  0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
  Client write key:
  0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
  Server write key:
  0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  *** Finished
  verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
  main, WRITE: TLSv1 Handshake, length = 32
  main, READ: TLSv1 Change Cipher Spec, length = 1
  main, READ: TLSv1 Handshake, length = 32
  *** Finished
  verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
  %% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
  main, setSoTimeout(600000) called
  main, WRITE: TLSv1 Application Data, length = 282
  main, WRITE: TLSv1 Application Data, length = 8208
  main, WRITE: TLSv1 Application Data, length = 1102
  main, READ: TLSv1 Application Data, length = 1830
  main, received EOFException: ignored
  main, called closeInternal(false)
  main, SEND TLSv1 ALERT: warning, description = close_notify
  main, WRITE: TLSv1 Alert, length = 18
  main, called close()
  main, called closeInternal(true)
  AxisFault
  faultCode: {http://xml.apache.org/axis/}HTTP
  faultSubcode:
  faultString: (404)Not Found
  faultActor:
  faultNode:
  faultDetail:
       {}:return code: 404
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
  <HTML><HEAD><TITLE>The page cannot be found</TITLE>
  <META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
  <STYLE type="text/css">
  BODY { font: 8pt/12pt verdana }
  H1 { font: 13pt/15pt verdana }
  H2 { font: 8pt/12pt verdana }
  A:link { color: red }
  A:visited { color: maroon }
  </STYLE>
  </HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
  <h1>The page cannot be found</h1>
  The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
  <hr>
  <p>Please try the following:</p>
  <ul>
  <li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
  <li>If you reached this page by clicking a link, contact
  the Web site administrator to alert them that the link is incorrectly formatted.
  </li>
  <li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
  </ul>
  <h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
  <hr>
  <p>Technical Information (for support personnel)</p>
  <ul>
  <li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
  <li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
  and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
  </ul>
  </TD></TR></TABLE></BODY></HTML>
       {http://xml.apache.org/axis/}HttpErrorCode:404
  (404)Not Found
       at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
       at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
       at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
       at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
       at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
       at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
       at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
       at org.apache.axis.client.Call.invoke(Call.java:2767)
       at org.apache.axis.client.Call.invoke(Call.java:2443)
       at org.apache.axis.client.Call.invoke(Call.java:2366)
       at org.apache.axis.client.Call.invoke(Call.java:1812)
       at principal.SSLClient.main(SSLClient.java:86)
  (404)Not Found
  -----

  I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
  public class NFeClient {
       static{
            Security.addProvider(new BouncyCastleProvider());
       public static void main(final String[] args) throws Exception {
            final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
            final String keyStoreProvider = "BC";
            final String keyStoreType = "PKCS12";
            final String keyStore = "/home/mendes/certificados/cert.p12";
            final String keyStorePassword = "xxxx";
            System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
            System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
            System.setProperty("javax.net.ssl.keyStore",keyStore);
            System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
            System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
            final SSLContext context =  SSLContext.getInstance("TLS");
            final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            final KeyStore ks = KeyStore.getInstance(keyStoreType);
            ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
            kmf.init(ks, keyStorePassword.toCharArray());
            context.init(kmf.getKeyManagers(), null, null);
            final URL url = new URL(path);
            final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
            httpsConnection.setDoInput(true);
            httpsConnection.setRequestMethod("GET");
            httpsConnection.setRequestProperty("Host", "iis-server");
            httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
            httpsConnection.setSSLSocketFactory(context.getSocketFactory());
            try{
                 final InputStream is = httpsConnection.getInputStream();
                 final byte[] buff = new byte[1024];
                 int readed;
                 while((readed = is.read(buff)) > 0)
                      System.out.write(buff,0,readed);
            }catch(final IOException ioe){
                 ioe.printStackTrace();
  }and the response of the server is always the same:
  java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
       at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM

• Issue in free SSL cert installation on Weblogic using keytool and Keystore

  Link which we used to follow below mentioned steps:-
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/ssl.html#1167001
  http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674
  Steps:
  1) To generate keystore and private key and digital cerficate:-
  keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
  2) To generate CSR
  keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
  3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
  4) Same certificate is put into same keystore using following command
  keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
  5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
  (intermediateCa.cer file is downloaded from verisign site)
  keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
  6) After this configuration we used weblogic admin module to configure Keystore and SSL.
  7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
  Private key alias: mykey2
  PassKeyphrase: webconkeystorepassword
  Location of keystore: location of webconkeystore.jks file on server
  8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
  9) After this we have restarted the server, but it is giving following error on console as shown below:
  <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
  <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
  <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore file /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks.>
  <Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
  <Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
  <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer.>
  <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
  Please let me know if I am missing anything
  Please help me to checkout and resolve this issue.

  Thankx for ur interest and reply.
  It says meyKey2 is type "keyEntry" not privateKeyEntry..but i hv followed steps which were mentioned.
  To give you details , I have executed listing command and appended its output below:
  Please find output of following command
  keytool -list -v -keystore webconkeystore.jks -storepass webconkeystorepassword >> output.txt
  contents of output.txt is
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 5 entries
  Alias name: intermediateca
  Creation date: Nov 3, 2009
  Entry type: trustedCertEntry
  Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
  Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
  Certificate fingerprints:
       MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
       SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
  Alias name: rootca
  Creation date: Nov 3, 2009
  Entry type: trustedCertEntry
  Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 168164a428ca12dfab12f19fb1b93554
  Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
  Certificate fingerprints:
       MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
       SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
  Alias name: mykey2
  Creation date: Nov 3, 2009
  Entry type: keyEntry
  Certificate chain length: 3
  Certificate[1]:
  Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=TechProcess, L=Mumbai, ST=Maharashtra, C=IN
  Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 232d382baddef6a3734984950d3505dc
  Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
  Certificate fingerprints:
       MD5: F2:28:41:DB:58:F4:5B:F4:9E:14:A4:D1:C6:9A:54:FB
       SHA1: 39:87:00:98:45:D3:30:C9:58:0D:A5:30:73:9B:10:19:B9:77:D0:F7
  Certificate[2]:
  Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
  Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
  Certificate fingerprints:
       MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
       SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
  Certificate[3]:
  Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 168164a428ca12dfab12f19fb1b93554
  Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
  Certificate fingerprints:
       MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
       SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
  Alias name: mykey1
  Creation date: Nov 3, 2009
  Entry type: trustedCertEntry
  Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
  Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
  Serial number: 353710f6c067ba67988004f2080eb4ac
  Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
  Certificate fingerprints:
       MD5: 3C:C7:B1:DB:BB:A6:60:34:08:31:88:90:AE:EE:CB:7B
       SHA1: 69:63:20:CB:BC:93:89:88:19:1F:37:C0:A3:EE:E5:50:5A:29:39:DA
  Alias name: mykey
  Creation date: Nov 3, 2009
  Entry type: keyEntry
  Certificate chain length: 1
  Certificate[1]:
  Owner: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
  Issuer: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
  Serial number: 4aefbcd1
  Valid from: Tue Nov 03 10:47:05 IST 2009 until: Mon Feb 01 10:47:05 IST 2010
  Certificate fingerprints:
       MD5: 51:E7:52:7A:AA:1A:F6:E1:72:3C:BE:EF:D7:BF:92:85
       SHA1: F3:7C:D2:18:2C:75:9D:A5:70:28:1F:3C:90:93:B9:E4:1F:57:3B:DC
  Edited by: user1685139 on Nov 4, 2009 3:55 PM

• Install Certificate (.cer) to target machine's trustedpublisher Failed

  I am attempting to use the following command to install a certificate to a client machine. This is the certificate that I am signing a silverlight XAP file with (exported as .cer without the private key).
  certmgr.exe -add .\DigiCert.cer -s -r localMachine trustedpublisher
  When I run this command, I get:
  Error: Failed to open the distantion Store
  CertMgr Failed
  The cert is able to be opened and installed using the wizard just fine, however I'm trying to reduce the number of steps the end user has to take to use the silverlight application, and the 5 or so steps the wizard has just adds to their frustration.

  As I wasn't making any headway with this, I just decided to make my own cert installer. For those that need it, you can use the following code to install a certificate. I hard-coded the name of the cert file and which store to put it in, which could easily
  be converted to parameters.
  namespace MyCompany.Cert
  using System;
  using System.Diagnostics;
  using System.IO;
  using System.Security.Cryptography.X509Certificates;
  using System.Security.Principal;
  public class Program
  enum ExitCode
  Success = 0,
  UnauthorizedAccess = 1,
  FileNotFound = 2,
  UnknownError = 10,
  static int Main(string[] args)
  try
  var tr1 = new TextWriterTraceListener(File.CreateText(@"C:\Temp\CertificateInstallLog.txt"));
  Trace.Listeners.Add(tr1);
  Trace.WriteLine("Checking for admin rights");
  if (!IsUserAdministrator())
  Trace.WriteLine("Failed to install certificate: Requires Administrator rights");
  return (int)ExitCode.UnauthorizedAccess;
  Trace.WriteLine("Have Admin rights, installing certificate");
  Trace.WriteLine("Create Store Reference: localMachine trustedPublisher");
  var store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
  Trace.WriteLine("Opening Store: Read/Write");
  store.Open(OpenFlags.ReadWrite);
  Trace.WriteLine("Adding Certificate from file");
  var cert = GetCertificate();
  Trace.WriteLine("Got certificate from file");
  store.Add(cert);
  Trace.WriteLine("closing store");
  store.Close();
  Trace.WriteLine("Exiting");
  Trace.Flush();
  return (int)ExitCode.Success;
  catch (FileNotFoundException ex)
  Trace.WriteLine("Failed to install certificate. File not found");
  Trace.Flush();
  return (int)ExitCode.FileNotFound;
  catch (Exception ex)
  Trace.WriteLine("Failed to install certificate. " + ex.Message);
  Trace.Flush();
  return (int)ExitCode.UnknownError;
  public static X509Certificate2 GetCertificate()
  X509Certificate2 cert;
  try
  Trace.WriteLine("trying path 'DigiCert.cer'");
  cert = new X509Certificate2("DigiCert.cer");
  catch (System.Security.Cryptography.CryptographicException)
  Trace.WriteLine("Path 'DigiCert.cer' failed");
  var path = string.Empty;
  try
  path = @"C:\Program Files" +
  (Directory.Exists(@"C:\Program Files (x86)") ? @" (x86)" : string.Empty) +
  @"\<someprogramfolder>\DigiCert.cer";
  Trace.WriteLine("trying path " + path);
  cert = new X509Certificate2(path);
  catch (System.Security.Cryptography.CryptographicException ex)
  Trace.WriteLine("Path '{0}' failed", path);
  throw ex;
  return cert;
  /// <summary>Query if this object is user administrator.</summary>
  /// <returns>true if user administrator, false if not.</returns>
  public static bool IsUserAdministrator()
  var user = WindowsIdentity.GetCurrent();
  if (user == null)
  throw new NullReferenceException("Could not determine windows identity");
  var myPrincipal = new WindowsPrincipal(user);
  if (myPrincipal.IsInRole(WindowsBuiltInRole.Administrator)) { return true; }
  Trace.WriteLine("You need to run the application using the 'Run as Administrator' option");
  return false;
  Don't forget to include an app.manifest that tells the program to always request admin rights:
  <?xml version="1.0" encoding="utf-8"?>
  <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
  <security>
  <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
  <!-- UAC Manifest Options
  If you want to change the Windows User Account Control level replace the
  requestedExecutionLevel node with one of the following.
  <requestedExecutionLevel level="asInvoker" uiAccess="false" />
  <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  <requestedExecutionLevel level="highestAvailable" uiAccess="false" />
  Specifying requestedExecutionLevel node will disable file and registry virtualization.
  If you want to utilize File and Registry Virtualization for backward
  compatibility then delete the requestedExecutionLevel node.
  -->
  <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
  </requestedPrivileges>
  <applicationRequestMinimum>
  <defaultAssemblyRequest permissionSetReference="Custom" />
  <PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
  </applicationRequestMinimum>
  </security>
  </trustInfo>
  <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
  <application>
  </application>
  </compatibility>
  </asmv1:assembly>

• What to do with CER file?

  Hello all.
  This is my first time working with security in Java and I am completely lost.
  Here is my situation:
  1) I have a P12 file given to me by a vendor
  2) I imported the P12 file into InternetExplorer
  3) I exported the certificate from IE to a DER "cer" file
  4) I use KeyTool to import it.
  No matter what I do I do not seem to be able to get this to work....
  Where I am confused especially, is what to do with the CER file that I got from the vendor. I thought once I exported it I could import it in using the keytool but that doesn't see to work.
  I'm basically lost and need some direction. Any help or pointers would be appreciated.
  BTW: Please excuse the code i keep trying different things.
  import java.io.BufferedReader;
  import java.io.FileInputStream;
  import java.io.InputStreamReader;
  import java.io.PrintWriter;
  import java.net.URL;
  import java.security.KeyStore;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.KeyManagerFactory;
  import javax.net.ssl.SSLContext;
  import javax.net.ssl.SSLSocketFactory;
  import javax.net.ssl.TrustManagerFactory;
  import java.net.*;
  import javax.net.ssl.*;
  import java.io.*;
  public class TestLiveConnection extends junit.framework.TestCase
      private static String host     = "someUrl";
      private static int    port     = 3018;
      private static String cert     = "c:\\myStore.jks";
      private static String ctype    = "JKS";
      private static String cpass    = "xxx";
      private static String trust    = "c:\\myStore.jks";
      private static String ttype    = "JKS";
      private static String tpass    = "xxx";
      private static String protocol = "SSLv3";
       * Tests the ability to establish an SSL connection.
      public void test_SSLConnection()
          System.out.println("------ POST using URL ------------");
          String tu4i = "someRequest";
          //System.setProperty("javax.net.debug", "all");
          System.setProperty("javax.net.ssl.trustStore", trust);
          System.setProperty("javax.net.ssl.trustStorePassword", tpass);
          System.setProperty("javax.net.ssl.keyStore", cert);
          System.setProperty("javax.net.ssl.keyStorePassword", cpass);
          SSLContext ctx;
          SSLSocketFactory factory = null;
          KeyManagerFactory kmf;
          TrustManagerFactory tmf;
          KeyStore tks;
          KeyStore kks;
          try
              char[] tphrase = tpass.toCharArray();
              char[] cphrase = cpass.toCharArray();
              kmf = KeyManagerFactory.getInstance("SunX509");
              kks = KeyStore.getInstance(ctype);
              kks.load(new FileInputStream(cert), cphrase);
              kmf.init(kks, cphrase);
              tmf = TrustManagerFactory.getInstance("SunX509");
              tks = KeyStore.getInstance(ttype);
              tks.load(new FileInputStream(trust), tphrase);
              tmf.init(tks);
              ctx = SSLContext.getInstance(protocol);
              ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
              factory = ctx.getSocketFactory();
              SSLSocket socket = (SSLSocket)factory.createSocket("someUrl", 3018);
              socket.setEnabledProtocols(new String[] { "SSLv3" });
              this.transmit(socket, tu4i);
          catch (Exception e)
              System.out.println("Exception: " + e.getMessage());
          /*------------- Try using HTTPS Connection --------------------
          System.out.println("---------------------- Use HTTPS Connection");
          try
              HttpsURLConnection.setDefaultSSLSocketFactory(factory);
              URL theURL = new URL("https://someurl:3018");
              HttpsURLConnection tuCredit = (HttpsURLConnection)theURL.openConnection();
              tuCredit.setSSLSocketFactory(factory);
              tuCredit.setDoOutput(true);
              PrintWriter pwOut = new PrintWriter(tuCredit.getOutputStream());
              pwOut.println(tu4i);
              pwOut.close();
              if (pwOut.checkError()) System.out.println("SSLSocketClient: java.io.PrintWriter error");
              // read response
              String inputLine;
              InputStream is = tuCredit.getInputStream();
              BufferedReader in = new BufferedReader(new InputStreamReader(is));
              while ((inputLine = in.readLine()) != null)
                  System.out.println(inputLine);
              pwOut.close();
          catch (Exception e)
              System.out.println("IOException: " + e.getMessage());
              e.printStackTrace();
      private String transmit(Socket socket, String request) throws IOException
          String response = null;
          PrintWriter out = null;
          BufferedReader in = null;
          try
              //Open a new Output Stream at the socket
              out = new PrintWriter(socket.getOutputStream(), true);
              //Open a new Input Stream
              in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
              System.out.println("    " + request.length() + " -> " + request);
              out.write("GET /?ping HTTP/1.1\r\n");
              out.write("Host: someUrl:3018\r\n");
              out.write("Agent: Test\r\n");
              out.write("\r\n");
              out.flush();
              response = in.readLine();
              //save it in the log file
              System.out.println("    " + response.length() + " <- " + response);
          finally
              out.close();
              in.close();
              out = null;
              in = null;
          return (response);
  }

  A .dmg file is an image file. If you open it a new "drive" will appear on your desktop with the files the image file contains. Applications commonly come this way and you drag the application to your applications folder, or maybe you run an installer from the image drive. I am guessing that what is happening to you is the dmg file is appearing and then automatically (probably some setting on your browser) opening so you are also seeing the drive. The drive doesn't actually contain anything so you can drag it to the trash when you are done with it. It's the dmg file that contains the original files and once you have dragged those from the drive to your folder you will have made a copy by doing so and you can get rid of the dmg file too.

• Provider hosted App certificates (.cer & .pfx)

  I have a implemented a provider hosted App inside the SharePoint 2013 server (the certificates .cer & .pfx  taken from the IIS of same server) and able to get the result. However I am not clear about taking the certificates in the multi server
  environment (SharePoint Server & IIS server for remote web app).
  can anyone please suggest from which server (Sharepoint Server or IIS server)  do I need to take the .cer & .pfx files to configure multi server environment ?
  Thanks

  Hi,
  According to your post, my understanding is that you want to create a provider hosted app and use NLB in premise environment.
  You need to use a different certificate on this ‘Listener’ web application.
  Configuring SharePoint 2013 Apps and Multiple Web Applications on SSL with a
  Single IP Address
  For more information, you can refer to:
  Aspiring Architect: Sharepoint 2013 - Avoiding Azure on Dev Box
  More TroubleShooting Tips for High Trust Apps on SharePoint 2013
  You need to ensure that all connections to the SharePoint servers are secure and encrypted
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support