Adding an SSL digial certificate ".cer" file using STRUST
Dears,
Could someome please guide to the steps of adding an SSL digital certificate (a file with extension ".cer") using transaction STRUST
Thanks
Reda
Dear Agasthuri,
Thank you for your reply.
The point is : whenever the https is installed on a SAP system, after issuing transaction STRUST, we find in the left pane three main nodes / folders : System PSE, SSL server Standard, SSL client SSL Client (Standar.
We also find a cuboid shaped icon named : File.
Whenever we right click on any of the three mentioned nodes / folders we get a pull down menu containing either two or three options : Replace, Delete or Change, Replace , Delete.
Whenever we right click on the cuboid shaped icon named : File, we get a pull down menu containing only one option : Create.
None of the above - mentioned options lead to creating a new main node / folder in the left pane.
Kindly advise.
Thanks.
Reda
Similar Messages
-
I have created an msi package for FireFox v9.0.1 and I need to include registration of a security certificate (.cer file) in the install. I am deploying the msi via an installation vbScript with SCCM. This will allow me to either include the certificate registration in the msi or as a post-install task in the vbScript. Any assistance would be greatly appreciated.
See:
*http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
*http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README -
Problem in installation of free SSL certificate on Weblogic using keytool
We tried to install SSL certificate on weblogic certificate using Keystore ..but it is giving error in console at startup and server shutdowns automatically...
Steps followed:-
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option Custom Identity And Custom Trust provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option KeyStores for Identity and Trust locations.
Error on console:
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore.jks under alias mykey2 on server AdminServer.>
<Nov 3, 2009 3:00:17 PM IST> <Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
<Nov 3, 2009 3:00:17 PM IST> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason: Server failed to bind to any usable port. See preceeding log message for details.>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Nov 3, 2009 3:00:17 PM IST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Nov 3, 2009 3:00:17 PM IST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
If anyone knows the solution ,please help us out.Thanx in advance.
I was really happy to get reply yesterday from "mv".I was not expecting such instant response.Thanx all guys for your interest and support.
I have solved this issue.
We have weblogic 9 on unix env.
Following steps which I followed:
#generate private key
keytool -genkey -v -alias uinbrdcsap01_apac_nsroot_net -keyalg RSA -keysize 1024 -dname "CN=linuxbox042, OU=ASIA, O=Citigroup, L=CALC, S=MH, C=IN" -validity 1068 -keypass "webconkeystorepassword" -keystore "cwebconkeystore"
#generate csr
keytool -certreq -v -alias uinbrdcsap01_apac_nsroot_net -file linuxbox042.csr -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass webconkeystorepassword
Then we uploaded this csr on verisigns free ssl certificate to generate and receive certificate text.
We copied that text file in "ert4nov2009.crt" rt file used below.
Apart from that , mail which we received from verisign also contains links to download root ca certificate and intermediate ca certificate.We downloaded them.
roo ca in "root4nov2009.cer" file.
intermediate ca in "intermediateca4nov2009.cer"
both these files used in
#import root certificate
keytool -import -alias rootca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "root4nov2009.cer"
#import intermediate ca certificate
keytool -import -alias intermediateca -keystore "cwebconkeystore" -storepass "webconkeystorepassword" -trustcacerts -file "intermediateca4nov2009.cer"
#install free ssl certifiate
keytool -import -alias uinbrdcsap01_apac_nsroot_net -file "cert4nov2009.crt" -trustcacerts -keypass "webconkeystorepassword" -keystore "cwebconkeystore" -storepass "webconkeystorepassword"
#after this admin configuration
In weblogic admin console module, we did following settings:-
1. under Configuration tab
a. Under KeyStore tab
For keystore , we selected "Custom identity and Custom Trust"
Under Identity,
Custom Identity Keystore:location of keystore "webconkeystore" on weblogic server
Custom Identity Keystore Type: JKS
Custom Identity Keystore Passphrase:password for keystore mentioend above.In our case, webconkeystorepassword
Same we copied Under "Trust", as we have not created separate keystore for trust.
Save setting.
b. Under SSL tab
Identity and Trust Locations: select "Keystores"
Private Key Alias: alias used while creating private keyi.e. in our case "uinbrdcsap01_apac_nsroot_net"
Save setting.
c. Under General tab
Check checkbox "SSL Listen Port Enabled"
and mention ssl port "SSL Listen Port"
Save setting.
After this activate changes.You might see error on admin module.
Using command prompt, stop the server and again restart and then try to access using https and port ...
you will definately get output...
in our case issue might be due to key size..we used 1024 key size ..it solve problem.
for your further reference plz find link below..it is also helpful.
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674 -
When I try to go to web sight https://sscc-fe-03.med.navy.mil/EXCHANGE I get the message "this page requires a client certificate. I have a Activcard card reader hooked up to USB port with my security inserted. I try to import my certificate into foxfire and it will only accept a pkcs12 file and my certificate is a .cer file. All the checks I do on my card reader show it is working properly and my security card works fine when on work computer but at home I have this problem. How can I get foxfire to accept my .cer certificate when I try to import it or read it off my card reader?
ThanksI am running Firefox 12.0. It is not able to import the p12 files which wasn't a problem on the older versions or IE. The error message is either:
PKCS#12 operation failed for unknown reasons
or
Failed to decode the file. Either it is not in PKCS#12 format, has been corrupted, or the password you entered was incorrect
The p12 file I am using is from a certificate test suite from the department of defense. and the file works fine on IE. -
SSL for Weblogic 6.0: Server Certificate Chain File & Verisign
http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
Thanks for tips!Unfortunately this is a missleading exception you are getting.
Here is a suggested workaround (at-least to get SSL working )
https://www.verisign.com/server/prg/browser/root.html
I have been meet same question as you.
The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
Jason Pettiss <[email protected]> wrote:
http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for.
I still don't understand why this is so difficult. Where do I get
this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using
a utility from OpenSSL. The format on that page is NOT .pem, what is
it? Which utility do I use, and HOW do I convert the root server
CA on that page to .der format?
Thanks for tips! -
Trying to create a certificate file using keytool -help!
Hi, I've followed a series of instructions using Terminal to create a certificate. Terminal produced a file and when i open it using Text Edit its about 20 lines long worth of code. I was hoping it would provide a certificate I could use. Maybe it has, I just don't know what I'm looking for!
Im working in Viewer Builder and I'm in the Provisioning tab trying to enter the "Application ID"
I'm totally stuck here. Please help!I'm using DPS pro. My app is for Android but won't be going as far as Google Play or Amazon. It's for internal use so I want to create an APK file to distribute via email. These are the set of instructions I'm following. I'm struggling to get this to work. What should I see when this has worked? Also what do I need to enter for the Application ID?
Thanks or your help
(Mac OS) Create a certificate file using Keytool
Open Terminal, which is located in the Applications > Utilities folder.
Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
1
keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
Specifying “10000” sets the expiration date after 22 October 2033.
Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
Follow the prompts to specify the certificate information.
When prompted to confirm choices, enter yes, and then press Return to use the same password.
A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well. -
Adding jar file in my gerareted jar file using netbean 4.0
Hi,
I write an application de process XML file using JDOM. I add the JDom package jar file to my project and everything work fine. But when I generate, my project jar file using netbean 4.0, my generated jar, is not working with the XML files anymore. Everything seems like it didn't include the JDOM jar file?
Thanks for any help to fix the problem.I find that you can not use command-line such as java -classpath add classpath
it can not work, I use netBeans4.0 i don't whether because of netbeans or java itself.
you can add classpath in jar's Manifest.mf file
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.6.2
Created-By: 1.5.0_01-b08 (Sun Microsystems Inc.)
Main-Class: chat.Main
// add this line
Class-Path: dir\*.jar //(jar file name)
X-COMMENT: Main-Class will be added automatically by build -
How can you configure an Exchange Account in Mac OS X to use a SSL client certificate?
I'm trying to connect the Mail App of Mac OS X to my company's Exchange server. For security reasons you have provide a SSL client certificate to the server. You can convince Safari to use a client certificate by putting it into your keychain and configuring a suitable "identity preference" for the URL of the related site. But the Mail App seems not to use the keychain for this part of the SSL negotiations.
Since you can configure the client certificate usage for an Exchange Account for the iPhone with the Configuration Utility there should be a way for the desktop App, too. Has someone sorted this issue out already or does the Mail App actually lack of client certificate support?I had a nice chat with the Apple end user support which revealed that this feature falls in the responsibility of the business support group. Since I have no appropriate support contract I could ask for help for about 480€ per issue -- nice try
After more research I found the Configuration Profile Reference, where you get information about Exchange accounts too. Starting with a working iOS-Profile I changed the Exchange account part according to this documentation for OS X. All you have to do is to replace PayloadType com.apple.eas.account by com.apple.ews.account.
After importing this profile I found the expected Exchange account within the Contacts.app. But the SSL client certificate was still not used and therefore my account not usable.
You could enable Mail, Calendar & Reminders and Notes within the System Preferences, but neither of these would work due to the missing client certificate support.
I came to the conclusion that the relevant applications in OS X have no proper SSL Client support build in. Since the underlying libraries and frameworks have everything in place that is really a shame.
Would be nice, if someone would enforce the developers to do their homework there. -
Encrypt a text file using certificates
Hello,
I am trying to encrypt a file using the certificate uploaded through STRUST. But while encrypting I am getting an error, "SSF_API_UNKNOWN_SECTK_ERROR".
I am using the program SSF01.
Request your assistance to resolve this issue.
Also attaching the input screen and output screen screenshots.
Thanks and Regards,
Debanjan DasHave you properly setup SAP Cryptographic Library on the Application Server? How was the certificate created which you imported into STRUST? See SAP note 662340 for setting up SSF encryption. SAP note 800240 might help you troubleshoot the problems you are having.
https://service.sap.com/sap/support/notes/662340
https://service.sap.com/sap/support/notes/800240 -
Adding row into existing CSV file using C#
How to add row to existing CSV file using .NET Code.the file should not be overwrite,it need add another row with data.how to implement this scenario.
Hi BizQ,
If you only just write some data to CSV file. Please follow A.Zaied and Magnus 's reply. In general,we use CSV file to import or export some data. Like following thread and a good article in codeproject
Convert a CSV file to Excel using C#
Writing a DataTable to a CSV file
Best regards,
Kristin
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Error 403.7 - Forbidden: SSL client certificate is required
Hi people!
I�m developing a java client to a WebService (developed in .NET). The communication protocol is HTTPS to the URL where the Web Service is located (something like https://10.200.140.117/dirNotes/serviceName.asmx.). I�ve been reading many posts but I could'nt find the solution to the problem wich has the following message: Error 403.7 - Forbidden: SSL client certificate is required".
I�m using JDK 1.5 and developing and testing on Windows Plataform. I'm able to access the URL specified above directly from the browser, I installed the client certificate (the same that �ve put into the ,jks keystore. I�ve also imported the whole certificate chain of the server to the cacerts.
I�ll paste the code and the console trace below. I�d be very grateful if you can help me. Thanks a lot.
_THE CODE_
package principal;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Security;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import entidade.Certificado;
public class SSLClient {
private static final int PORT_NUMBER = 443;
private static final String HTTPS_ADDRESS = "10.200.140.117";
private static String strCabecalhoMsg = "";
private static String strDadosMsg = "";
public static void main(String[] args) throws Exception {
System.setProperty("javax.net.ssl.keyStore", Certificado.getStrNomeArquivoJKSServidor());
System.setProperty("javax.net.ssl.keyStorePassword", "senha");
System.setProperty("javax.net.ssl.trustStore", "Certificados/cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.debug","ssl,handshake,record");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(Certificado.getStrNomeArquivoJKSServidor()),
Certificado.getArranjoCharSenhaCertificadoServidor());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, Certificado.getArranjoCharSenhaCertificadoServidor());
KeyStore ksT = KeyStore.getInstance(KeyStore.getDefaultType());
ksT.load(new FileInputStream("C:/Arquivos de programas/Java/jre1.5.0_05/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ksT);
SSLContext sc = SSLContext.getInstance("SSLv3");
sc.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new java.security.SecureRandom());
SSLSocketFactory factory = sc.getSocketFactory();
try{
// method to load the values of the strings strCabecalhoMsg and strDadosMsg
carregarXMLCabecalhoDados();
SSLSocket socket =(SSLSocket)factory.createSocket(HTTPS_ADDRESS, PORT_NUMBER);
socket.startHandshake();
String [] arr = socket.getEnabledProtocols();
URL url = new URL("https://10.200.140.117/dirNotes");
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setDoInput(true);
urlc.setUseCaches(false);
Object[] params = {strCabecalhoMsg, strDadosMsg};
Service service = new Service();
Call call = (Call) service.createCall();
call.setTargetEndpointAddress(url);
call.setOperationName("serviceName");
String ret = (String) call.invoke(params);
System.out.println("Result: " + ret);
catch (UnknownHostException uhe) {
uhe.printStackTrace();
System.err.println(uhe);
catch (Exception uhe) {
uhe.printStackTrace();
System.err.println(uhe);
private static void carregarXMLCabecalhoDados()
try
BufferedReader input = new BufferedReader( new FileReader("notas/cabecalho.xml"));
String str;
while((str=input.readLine()) != null)
strCabecalhoMsg += str ;
System.out.println("Cabe�a: " + strCabecalhoMsg);
input = new BufferedReader( new FileReader("notas/nota.xml"));
while((str=input.readLine()) != null)
strDadosMsg += str ;
System.out.println("Nota: " + strDadosMsg);
catch (FileNotFoundException e)
// TODO Auto-generated catch block
e.printStackTrace();
catch (IOException e)
// TODO Auto-generated catch block
e.printStackTrace();
_THE TRACE_
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
*others trusted certs*
trigger seeding of SecureRandom
done seeding SecureRandom
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158630 bytes = { 48, 135, 53, 24, 112, 72, 104, 220, 27, 114, 37, 42, 25, 77, 224, 32, 12, 58, 90, 217, 232, 3, 104, 251, 93, 82, 40, 91 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158523 bytes = { 56, 166, 181, 215, 86, 245, 8, 55, 214, 108, 128, 50, 8, 11, 0, 209, 38, 62, 187, 185, 240, 231, 56, 161, 212, 111, 194, 79 }
Session ID: {222, 2, 0, 0, 147, 179, 182, 212, 18, 34, 199, 100, 168, 167, 48, 116, 140, 186, 151, 153, 226, 168, 163, 174, 24, 83, 208, 73, 179, 57, 86, 137}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
Version: V3
*many chains and related data*
Found trusted certificate:
Version: V3
Subject:
*many trusted certificates and related data*
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 117, 112, 233, 166, 240, 9, 226, 67, 53, 111, 194, 84, 124, 103, 197, 28, 17, 36, 32, 48, 145, 166, 161, 61, 30, 63, 153, 214, 137, 113, 222, 204, 138, 77, 212, 75, 65, 192, 159, 215, 69, 156, 47, 188, 179, 219 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 75 70 E9 A6 F0 09 E2 43 35 6F C2 54 7C 67 ..up.....C5o.T.g
0010: C5 1C 11 24 20 30 91 A6 A1 3D 1E 3F 99 D6 89 71 ...$ 0...=.?...q
0020: DE CC 8A 4D D4 4B 41 C0 9F D7 45 9C 2F BC B3 DB ...M.KA...E./...
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 26 30 87 35 18 70 48 68 DC 1B 72 25 2A Gjs&0.5.pHh..r%*
0010: 19 4D E0 20 0C 3A 5A D9 E8 03 68 FB 5D 52 28 5B .M. .:Z...h.]R([
Server Nonce:
0000: 47 6A 73 BB 38 A6 B5 D7 56 F5 08 37 D6 6C 80 32 Gjs.8...V..7.l.2
0010: 08 0B 00 D1 26 3E BB B9 F0 E7 38 A1 D4 6F C2 4F ....&>....8..o.O
Master Secret:
0000: 0B 3A 71 F8 BB 79 5E 07 78 C2 5F 13 4F 92 9D 87 .:q..y^.x._.O...
0010: CF 69 0D 07 78 D2 59 46 1E C3 C1 5B A2 DB 04 B9 .i..x.YF...[....
0020: 42 60 92 48 59 8E FD FD C3 5B BD 00 9C 54 7A 7E B`.HY....[...Tz.
Client MAC write Secret:
0000: 33 7C 19 C4 75 D2 CE 82 39 98 37 E5 7D 20 CB B1 3...u...9.7.. ..
Server MAC write Secret:
0000: 1E 1E 48 C7 D4 77 23 E4 22 26 8B 98 2E 92 5C 95 ..H..w#."&....\.
Client write key:
0000: EE 05 39 76 B2 85 63 6C F7 70 30 CB 6D 08 07 54 ..9v..cl.p0.m..T
Server write key:
0000: 5C 2E 3B 5E DC D9 EC C5 04 C4 D5 B5 12 11 B9 08 \.;^............
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 143, 115, 243, 131, 242, 244, 12, 44, 191, 172, 205, 122 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 231, 215, 37, 250, 177, 121, 111, 192, 11, 41, 1, 165 }
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : Certificados/certificadoSondaMonitor.jks
keyStore type is : JKS
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: Certificados\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 21:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019
adding as trusted cert:
* many certificates*
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
export control - checking the cipher suites
export control - found legal entry in cache...
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1198158632 bytes = { 93, 1, 41, 236, 165, 146, 251, 117, 129, 195, 129, 72, 245, 181, 43, 48, 80, 251, 244, 198, 223, 85, 82, 101, 20, 159, 17, 26 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 3953
*** ServerHello, TLSv1
RandomCookie: GMT: 1198158525 bytes = { 109, 114, 234, 1, 130, 97, 251, 9, 61, 105, 56, 246, 239, 222, 97, 143, 22, 254, 65, 213, 10, 204, 153, 67, 237, 133, 223, 48 }
Session ID: {23, 30, 0, 0, 26, 129, 168, 21, 252, 107, 124, 183, 171, 228, 138, 227, 94, 17, 195, 213, 216, 233, 205, 2, 117, 16, 21, 65, 123, 119, 171, 109}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
*** Certificate chain
chain [0] = [
many chains again
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
Random Secret: { 3, 1, 116, 247, 155, 227, 25, 25, 231, 129, 199, 76, 134, 222, 98, 69, 149, 224, 75, 6, 60, 121, 115, 216, 244, 246, 102, 92, 188, 64, 113, 56, 190, 43, 32, 51, 90, 254, 141, 184, 71, 48, 41, 29, 173, 180, 46, 116 }
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 74 F7 9B E3 19 19 E7 81 C7 4C 86 DE 62 45 ..t........L..bE
0010: 95 E0 4B 06 3C 79 73 D8 F4 F6 66 5C BC 40 71 38 ..K.<ys...f\.@q8
0020: BE 2B 20 33 5A FE 8D B8 47 30 29 1D AD B4 2E 74 .+ 3Z...G0)....t
CONNECTION KEYGEN:
Client Nonce:
0000: 47 6A 73 28 5D 01 29 EC A5 92 FB 75 81 C3 81 48 Gjs(].)....u...H
0010: F5 B5 2B 30 50 FB F4 C6 DF 55 52 65 14 9F 11 1A ..+0P....URe....
Server Nonce:
0000: 47 6A 73 BD 6D 72 EA 01 82 61 FB 09 3D 69 38 F6 Gjs.mr...a..=i8.
0010: EF DE 61 8F 16 FE 41 D5 0A CC 99 43 ED 85 DF 30 ..a...A....C...0
Master Secret:
0000: FC C9 75 A4 2B F1 8A D8 AD 16 27 70 B7 E4 64 6C ..u.+.....'p..dl
0010: 05 D7 33 4A 53 91 2F 51 1E 32 D3 3B 2E 18 2E BC ..3JS./Q.2.;....
0020: E4 16 EE 2F 01 A1 08 48 19 09 32 68 CE 69 8F B1 .../...H..2h.i..
Client MAC write Secret:
0000: F1 95 3B CE 06 5B 8A 9B EC DE 1C 8F B4 AB D9 36 ..;..[.........6
Server MAC write Secret:
0000: BF 52 36 48 63 24 FE 74 22 BE 00 99 BE F0 6E E5 .R6Hc$.t".....n.
Client write key:
0000: 9F 08 0A 6E 8F 54 A3 66 1C BC C7 6B AE 88 67 E0 ...n.T.f...k..g.
Server write key:
0000: 06 A1 0B 4F 69 DE 5F AF 0E 6B B5 04 ED E8 EA F5 ...Oi._..k......
... no IV for cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 148, 93, 105, 42, 110, 212, 55, 2, 150, 191, 13, 111 }
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data: { 171, 150, 45, 10, 99, 35, 67, 174, 35, 52, 23, 192 }
%% Cached client session: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
main, setSoTimeout(600000) called
main, WRITE: TLSv1 Application Data, length = 282
main, WRITE: TLSv1 Application Data, length = 8208
main, WRITE: TLSv1 Application Data, length = 1102
main, READ: TLSv1 Application Data, length = 1830
main, received EOFException: ignored
main, called closeInternal(false)
main, SEND TLSv1 ALERT: warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true)
AxisFault
faultCode: {http://xml.apache.org/axis/}HTTP
faultSubcode:
faultString: (404)Not Found
faultActor:
faultNode:
faultDetail:
{}:return code: 404
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=Windows-1252">
<STYLE type="text/css">
BODY { font: 8pt/12pt verdana }
H1 { font: 13pt/15pt verdana }
H2 { font: 8pt/12pt verdana }
A:link { color: red }
A:visited { color: maroon }
</STYLE>
</HEAD><BODY><TABLE width=500 border=0 cellspacing=10><TR><TD>
<h1>The page cannot be found</h1>
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
<hr>
<p>Please try the following:</p>
<ul>
<li>Make sure that the Web site address displayed in the address bar of your browser is spelled and formatted correctly.</li>
<li>If you reached this page by clicking a link, contact
the Web site administrator to alert them that the link is incorrectly formatted.
</li>
<li>Click the <a href="javascript:history.back(1)">Back</a> button to try another link.</li>
</ul>
<h2>HTTP Error 404 - File or directory not found.<br>Internet Information Services (IIS)</h2>
<hr>
<p>Technical Information (for support personnel)</p>
<ul>
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a> and perform a title search for the words <b>HTTP</b> and <b>404</b>.</li>
<li>Open <b>IIS Help</b>, which is accessible in IIS Manager (inetmgr),
and search for topics titled <b>Web Site Setup</b>, <b>Common Administrative Tasks</b>, and <b>About Custom Error Messages</b>.</li>
</ul>
</TD></TR></TABLE></BODY></HTML>
{http://xml.apache.org/axis/}HttpErrorCode:404
(404)Not Found
at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at principal.SSLClient.main(SSLClient.java:86)
(404)Not Found
-----I'm having the same problem with the same URL. I try many configuration and nothing works. My code is:
public class NFeClient {
static{
Security.addProvider(new BouncyCastleProvider());
public static void main(final String[] args) throws Exception {
final String path = "https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx";
final String keyStoreProvider = "BC";
final String keyStoreType = "PKCS12";
final String keyStore = "/home/mendes/certificados/cert.p12";
final String keyStorePassword = "xxxx";
System.setProperty("javax.net.ssl.keyStoreProvider",keyStoreProvider);
System.setProperty("javax.net.ssl.keyStoreType",keyStoreType);
System.setProperty("javax.net.ssl.keyStore",keyStore);
System.setProperty("javax.net.ssl.keyStorePassword",keyStorePassword);
System.setProperty("javax.net.ssl.trustStore","/home/mendes/workspace/NFE/jssecacerts");
final SSLContext context = SSLContext.getInstance("TLS");
final KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
final KeyStore ks = KeyStore.getInstance(keyStoreType);
ks.load(new FileInputStream(keyStore), keyStorePassword.toCharArray());
kmf.init(ks, keyStorePassword.toCharArray());
context.init(kmf.getKeyManagers(), null, null);
final URL url = new URL(path);
final HttpsURLConnection httpsConnection = (HttpsURLConnection) url.openConnection();
httpsConnection.setDoInput(true);
httpsConnection.setRequestMethod("GET");
httpsConnection.setRequestProperty("Host", "iis-server");
httpsConnection.setRequestProperty("UserAgent", "Mozilla/4.0");
httpsConnection.setSSLSocketFactory(context.getSocketFactory());
try{
final InputStream is = httpsConnection.getInputStream();
final byte[] buff = new byte[1024];
int readed;
while((readed = is.read(buff)) > 0)
System.out.write(buff,0,readed);
}catch(final IOException ioe){
ioe.printStackTrace();
}and the response of the server is always the same:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://homologacao.nfe.sefaz.rs.gov.br/ws/nfeconsulta/nfeconsulta.asmx
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1241)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at br.com.esales.nfe.signer.client.NFeClient.main(NFeClient.java:60)Edited by: mendes on Apr 25, 2008 9:56 AM -
Issue in free SSL cert installation on Weblogic using keytool and Keystore
Link which we used to follow below mentioned steps:-
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/ssl.html#1167001
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674
Steps:
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
9) After this we have restarted the server, but it is giving following error on console as shown below:
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore file /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks.>
<Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer.>
<Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
Please let me know if I am missing anything
Please help me to checkout and resolve this issue.Thankx for ur interest and reply.
It says meyKey2 is type "keyEntry" not privateKeyEntry..but i hv followed steps which were mentioned.
To give you details , I have executed listing command and appended its output below:
Please find output of following command
keytool -list -v -keystore webconkeystore.jks -storepass webconkeystorepassword >> output.txt
contents of output.txt is
Keystore type: jks
Keystore provider: SUN
Your keystore contains 5 entries
Alias name: intermediateca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Alias name: rootca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey2
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=TechProcess, L=Mumbai, ST=Maharashtra, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 232d382baddef6a3734984950d3505dc
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: F2:28:41:DB:58:F4:5B:F4:9E:14:A4:D1:C6:9A:54:FB
SHA1: 39:87:00:98:45:D3:30:C9:58:0D:A5:30:73:9B:10:19:B9:77:D0:F7
Certificate[2]:
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Certificate[3]:
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey1
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 353710f6c067ba67988004f2080eb4ac
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: 3C:C7:B1:DB:BB:A6:60:34:08:31:88:90:AE:EE:CB:7B
SHA1: 69:63:20:CB:BC:93:89:88:19:1F:37:C0:A3:EE:E5:50:5A:29:39:DA
Alias name: mykey
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Serial number: 4aefbcd1
Valid from: Tue Nov 03 10:47:05 IST 2009 until: Mon Feb 01 10:47:05 IST 2010
Certificate fingerprints:
MD5: 51:E7:52:7A:AA:1A:F6:E1:72:3C:BE:EF:D7:BF:92:85
SHA1: F3:7C:D2:18:2C:75:9D:A5:70:28:1F:3C:90:93:B9:E4:1F:57:3B:DC
Edited by: user1685139 on Nov 4, 2009 3:55 PM -
Install Certificate (.cer) to target machine's trustedpublisher Failed
I am attempting to use the following command to install a certificate to a client machine. This is the certificate that I am signing a silverlight XAP file with (exported as .cer without the private key).
certmgr.exe -add .\DigiCert.cer -s -r localMachine trustedpublisher
When I run this command, I get:
Error: Failed to open the distantion Store
CertMgr Failed
The cert is able to be opened and installed using the wizard just fine, however I'm trying to reduce the number of steps the end user has to take to use the silverlight application, and the 5 or so steps the wizard has just adds to their frustration.As I wasn't making any headway with this, I just decided to make my own cert installer. For those that need it, you can use the following code to install a certificate. I hard-coded the name of the cert file and which store to put it in, which could easily
be converted to parameters.
namespace MyCompany.Cert
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography.X509Certificates;
using System.Security.Principal;
public class Program
enum ExitCode
Success = 0,
UnauthorizedAccess = 1,
FileNotFound = 2,
UnknownError = 10,
static int Main(string[] args)
try
var tr1 = new TextWriterTraceListener(File.CreateText(@"C:\Temp\CertificateInstallLog.txt"));
Trace.Listeners.Add(tr1);
Trace.WriteLine("Checking for admin rights");
if (!IsUserAdministrator())
Trace.WriteLine("Failed to install certificate: Requires Administrator rights");
return (int)ExitCode.UnauthorizedAccess;
Trace.WriteLine("Have Admin rights, installing certificate");
Trace.WriteLine("Create Store Reference: localMachine trustedPublisher");
var store = new X509Store(StoreName.TrustedPublisher, StoreLocation.LocalMachine);
Trace.WriteLine("Opening Store: Read/Write");
store.Open(OpenFlags.ReadWrite);
Trace.WriteLine("Adding Certificate from file");
var cert = GetCertificate();
Trace.WriteLine("Got certificate from file");
store.Add(cert);
Trace.WriteLine("closing store");
store.Close();
Trace.WriteLine("Exiting");
Trace.Flush();
return (int)ExitCode.Success;
catch (FileNotFoundException ex)
Trace.WriteLine("Failed to install certificate. File not found");
Trace.Flush();
return (int)ExitCode.FileNotFound;
catch (Exception ex)
Trace.WriteLine("Failed to install certificate. " + ex.Message);
Trace.Flush();
return (int)ExitCode.UnknownError;
public static X509Certificate2 GetCertificate()
X509Certificate2 cert;
try
Trace.WriteLine("trying path 'DigiCert.cer'");
cert = new X509Certificate2("DigiCert.cer");
catch (System.Security.Cryptography.CryptographicException)
Trace.WriteLine("Path 'DigiCert.cer' failed");
var path = string.Empty;
try
path = @"C:\Program Files" +
(Directory.Exists(@"C:\Program Files (x86)") ? @" (x86)" : string.Empty) +
@"\<someprogramfolder>\DigiCert.cer";
Trace.WriteLine("trying path " + path);
cert = new X509Certificate2(path);
catch (System.Security.Cryptography.CryptographicException ex)
Trace.WriteLine("Path '{0}' failed", path);
throw ex;
return cert;
/// <summary>Query if this object is user administrator.</summary>
/// <returns>true if user administrator, false if not.</returns>
public static bool IsUserAdministrator()
var user = WindowsIdentity.GetCurrent();
if (user == null)
throw new NullReferenceException("Could not determine windows identity");
var myPrincipal = new WindowsPrincipal(user);
if (myPrincipal.IsInRole(WindowsBuiltInRole.Administrator)) { return true; }
Trace.WriteLine("You need to run the application using the 'Run as Administrator' option");
return false;
Don't forget to include an app.manifest that tells the program to always request admin rights:
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app" />
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<!-- UAC Manifest Options
If you want to change the Windows User Account Control level replace the
requestedExecutionLevel node with one of the following.
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
Specifying requestedExecutionLevel node will disable file and registry virtualization.
If you want to utilize File and Registry Virtualization for backward
compatibility then delete the requestedExecutionLevel node.
-->
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
<applicationRequestMinimum>
<defaultAssemblyRequest permissionSetReference="Custom" />
<PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" Unrestricted="true" />
</applicationRequestMinimum>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
</application>
</compatibility>
</asmv1:assembly> -
What to do with CER file?
Hello all.
This is my first time working with security in Java and I am completely lost.
Here is my situation:
1) I have a P12 file given to me by a vendor
2) I imported the P12 file into InternetExplorer
3) I exported the certificate from IE to a DER "cer" file
4) I use KeyTool to import it.
No matter what I do I do not seem to be able to get this to work....
Where I am confused especially, is what to do with the CER file that I got from the vendor. I thought once I exported it I could import it in using the keytool but that doesn't see to work.
I'm basically lost and need some direction. Any help or pointers would be appreciated.
BTW: Please excuse the code i keep trying different things.
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.net.*;
import javax.net.ssl.*;
import java.io.*;
public class TestLiveConnection extends junit.framework.TestCase
private static String host = "someUrl";
private static int port = 3018;
private static String cert = "c:\\myStore.jks";
private static String ctype = "JKS";
private static String cpass = "xxx";
private static String trust = "c:\\myStore.jks";
private static String ttype = "JKS";
private static String tpass = "xxx";
private static String protocol = "SSLv3";
* Tests the ability to establish an SSL connection.
public void test_SSLConnection()
System.out.println("------ POST using URL ------------");
String tu4i = "someRequest";
//System.setProperty("javax.net.debug", "all");
System.setProperty("javax.net.ssl.trustStore", trust);
System.setProperty("javax.net.ssl.trustStorePassword", tpass);
System.setProperty("javax.net.ssl.keyStore", cert);
System.setProperty("javax.net.ssl.keyStorePassword", cpass);
SSLContext ctx;
SSLSocketFactory factory = null;
KeyManagerFactory kmf;
TrustManagerFactory tmf;
KeyStore tks;
KeyStore kks;
try
char[] tphrase = tpass.toCharArray();
char[] cphrase = cpass.toCharArray();
kmf = KeyManagerFactory.getInstance("SunX509");
kks = KeyStore.getInstance(ctype);
kks.load(new FileInputStream(cert), cphrase);
kmf.init(kks, cphrase);
tmf = TrustManagerFactory.getInstance("SunX509");
tks = KeyStore.getInstance(ttype);
tks.load(new FileInputStream(trust), tphrase);
tmf.init(tks);
ctx = SSLContext.getInstance(protocol);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
SSLSocket socket = (SSLSocket)factory.createSocket("someUrl", 3018);
socket.setEnabledProtocols(new String[] { "SSLv3" });
this.transmit(socket, tu4i);
catch (Exception e)
System.out.println("Exception: " + e.getMessage());
/*------------- Try using HTTPS Connection --------------------
System.out.println("---------------------- Use HTTPS Connection");
try
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
URL theURL = new URL("https://someurl:3018");
HttpsURLConnection tuCredit = (HttpsURLConnection)theURL.openConnection();
tuCredit.setSSLSocketFactory(factory);
tuCredit.setDoOutput(true);
PrintWriter pwOut = new PrintWriter(tuCredit.getOutputStream());
pwOut.println(tu4i);
pwOut.close();
if (pwOut.checkError()) System.out.println("SSLSocketClient: java.io.PrintWriter error");
// read response
String inputLine;
InputStream is = tuCredit.getInputStream();
BufferedReader in = new BufferedReader(new InputStreamReader(is));
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
pwOut.close();
catch (Exception e)
System.out.println("IOException: " + e.getMessage());
e.printStackTrace();
private String transmit(Socket socket, String request) throws IOException
String response = null;
PrintWriter out = null;
BufferedReader in = null;
try
//Open a new Output Stream at the socket
out = new PrintWriter(socket.getOutputStream(), true);
//Open a new Input Stream
in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
System.out.println(" " + request.length() + " -> " + request);
out.write("GET /?ping HTTP/1.1\r\n");
out.write("Host: someUrl:3018\r\n");
out.write("Agent: Test\r\n");
out.write("\r\n");
out.flush();
response = in.readLine();
//save it in the log file
System.out.println(" " + response.length() + " <- " + response);
finally
out.close();
in.close();
out = null;
in = null;
return (response);
}A .dmg file is an image file. If you open it a new "drive" will appear on your desktop with the files the image file contains. Applications commonly come this way and you drag the application to your applications folder, or maybe you run an installer from the image drive. I am guessing that what is happening to you is the dmg file is appearing and then automatically (probably some setting on your browser) opening so you are also seeing the drive. The drive doesn't actually contain anything so you can drag it to the trash when you are done with it. It's the dmg file that contains the original files and once you have dragged those from the drive to your folder you will have made a copy by doing so and you can get rid of the dmg file too.
-
Provider hosted App certificates (.cer & .pfx)
I have a implemented a provider hosted App inside the SharePoint 2013 server (the certificates .cer & .pfx taken from the IIS of same server) and able to get the result. However I am not clear about taking the certificates in the multi server
environment (SharePoint Server & IIS server for remote web app).
can anyone please suggest from which server (Sharepoint Server or IIS server) do I need to take the .cer & .pfx files to configure multi server environment ?
ThanksHi,
According to your post, my understanding is that you want to create a provider hosted app and use NLB in premise environment.
You need to use a different certificate on this ‘Listener’ web application.
Configuring SharePoint 2013 Apps and Multiple Web Applications on SSL with a
Single IP Address
For more information, you can refer to:
Aspiring Architect: Sharepoint 2013 - Avoiding Azure on Dev Box
More TroubleShooting Tips for High Trust Apps on SharePoint 2013
You need to ensure that all connections to the SharePoint servers are secure and encrypted
Best Regards,
Linda Li
Linda Li
TechNet Community Support
Maybe you are looking for
-
Hi there, I have a client who is having problems with their service purchase orders. When someone copies an approved service PO to an invoice/GRPO and they change the GL account on the line level the document loses the link to the PO. This then resul
-
When i connect my ipod to the computer it comes up please wait very low battery even when its fully charged and nothing happens
-
FG Op., Addition, SALE, Closing Balance Report
Can any one tell me how can i gent the Total Finished Goods Opening, addition/Produced , Sold and Closing Balance for Manufacturing Company ? In the same way for the Trading Company, how can i get the details of the Opeing Goods, Purchased, Goods in
-
Signature text not picked up in standard correspondence SAP10
Hello FI experts There is a requirement in my project to send standard letters to vendors and cutomers. I have doen all the settings, correspondence type, form etc.has been done; but the signature text is not picked up in the form. I have dfefined th
-
Does Firefox 7.o have a supported 64-bit version for Windows 7?
On the system requirements page for Firefox 7.0, I found the following statement: "Please note that while the 32-bit and 64-bit versions of Windows Vista and Windows 7 can be used to run Firefox 6, only 32-bit builds of Firefox 6 are supported. at th