Adding CA certificate into a browser distribution

Similar Messages

• Login error in Portal after importing a new certificate into BI

  Hi Experts,
  Our certificate in BI expired last month and we were unable to login to the BEx reports due to this.
  I have created a new certificate using Visual Administrator and imported that certificate into BI using STRUSTSSO2 after deleting the old certificate from the system PSE.
  After which I have added this new certificate to the ACL for Single Sign On.
  Then rebooted the JAVA stack for the changes to take effect.
  Now, when I want to login to view reports on the Portal created by BEx Analyzer, I am getting this RFC_ERROR_LOGON_FAILURE exception.
  When checked in SM50, it shows SsfVerify failed and SSF_API_NOCERTIFICATE errors.
  Please help me out resolving this. Did I miss out on any of the steps?
  Also when I ran the report, RSPOR_SETUP, the step 5 shows SID_certificate.crt is not existing and the step 12 shows that BI certificate not imported, SAP BI User is not mapped to SAP EP User.
  Regards,

  Hi,
  Have a look at this [thread|The URL http://xxx was not called due to an error; as well as the [Wiki Link|http://wiki.sdn.sap.com/wiki/display/BSP/Logon].
  Hope this will be helpful for you.
  Regards,
  Varadharajan M

• Get certificate from the browser

  Hi friends!,
  I am working with an application to get files from the client machine, to sign those files with the client's certificate and send those sign to the server.
  The application get the client's certificate from a key store, but I want the applet will get the certificate from the browser.
  Is that possible?.
  Thanks and sorry for my little english. Greetings from Venezuela.

  If all you're looking for is Client SSL Authentication, then you don't need to access the digital certificates through an applet; just enable ClientAuth on your web-server and let the browser handle it for you. While I haven't tried this with Chrome, Safari or Opera, I know for a fact that this works on Firefox and IE.
  If you're trying to access the digital certificates/keys in the browser-keystore for digitally signing some content that the applet creates, you're going to have far more difficulty. About 10-12 years ago, Netscape provided an API that allowed you to digitally sign text-content through JavaScript. That died a quiet death, I think, since I don't know of anyone who used that capability (outside of test environments).
  Years later, Mozilla added the ability to digitally sign XML content using XForms; there is even an add-on for Thunderbird (which uses the same libraries as Firefox for PKCS work): https://addons.mozilla.org/en-US/thunderbird/addon/4522/.
  However, to the best of my knowledge, the only way you can get an applet to access the borwser's keystore today is to have the security policy on the client-machine modified to provide access to the local file-system, and the applet then pretty much deals with the keystore and its objects through JCE.
  But, if I'm reading your post correctly, I think all you're looking for is SSL ClientAuth, for which you don't need to do anything other than enable it on your web-server that hosts the applets, and let the browser do the heavy lifting.
  Arshad Noor
  StrongAuth, Inc.

• Help requested with Importing a website's CA certificate into my Java App

  Hello everyone,
  First of all, I'm not sure if this is the right category for my question, so if not please move it appropriately.
  I'm creating a desktop application that will update your IPv4 address to Tunnelbroker (Hurricane Electric's IPv6 tunnel service). Right now it's about 76% complete, and I'm testing it out. My problem is this: Tunnelbroker uses their own CA Certificate (SSL) for their https:// connection, and it's not valid in Java/Netbeans. So, whenever I try to update the IPv4 address, I get the following Can't read from the Internet: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net foundThe website is https://ipv4.tunnelbroker.net (so you can verify that it's a valid site/certificate).
  I've found workarounds for importing my OWN CA Certificate into the application (or Netbeans), but nothing about importing a valid third-party CA Certificate into the application (or Netbeans). I've posted this question to the Netbeans forums--but have yet to receive anything from them. Also, I've found workarounds for trusting all certificates (although I'm not sure how to implement that into my application).
  What I'm looking for is either a) how to import the certificate into my application, so the user won't have to deal with it b) a workaround to bypass the security check c) any other method of getting over this hurdle.
  I'd say I'm an intermediate developer, so pointing me to something like "Adding a Certificate Exception" is fine, except that I need to know whether I can take everything inside of the main method and put it as it's own method somewhere (or do I need to create an entire class for that portion).
  Also, I don't necessarily want to use the "Trust All Certificates" method. Even though the end-user won't be able to change the site, I don't want to create that much of a security hole.
  Thank you for any assistance in this. (As an aside note, this will enable me to finally mark another "open" question as answered, as I haven't been able to test it yet because of this issue).
  Have a great day:)
  Patrick.

  EJP wrote:
  1. It should be in the directory of the JRE, not the JDK. The end user won't have one.
  2. Dunno, I would think so.
  3. This is a step for the end user to perform, not you. You don't want to be telling the end user who to trust, for all kinds of legal liability reasons. You want him to decide.Hello again.
  I have an update to this. I found out that the domain tunnelbroker.net is in my cacerts (at least if I run a small program to test the SSL Certificate for the site), however since it doesn't list ipv4.tunnelbroker.net as an alternative (that I can see), this is why I'm getting the SSL HandshakeException error.
  Here is the script that I ran (compiled and then used java -Djavax.net.debug=all TestSSL https://ipv4.tunnelbroker.net to run it.
  import java.io.BufferedReader;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.net.URL;
  import java.net.URLConnection;
  * @author Daryl Banttari
  public class TestSSL {
      public static void main(String[] args) {
          // default url:
          String urlString = "https://www.paypal.com/";
          // if any url specified, use that instead:
          if(args.length > 0) {
              urlString = args[0];
          System.out.println("Connecting to " + urlString + "...");
          try {
              // convert user string to URL object
              URL url = new URL(urlString);
              // connect!
              URLConnection cnx = url.openConnection();
              cnx.connect();
              // read the page returned
              InputStream ins = cnx.getInputStream();
              BufferedReader in = new BufferedReader(new InputStreamReader(ins));
              String curline;
              while( (curline = in.readLine()) != null ) {
                  System.out.println(curline);
              // close the connection
              ins.close();
          catch(Throwable t) {
              t.printStackTrace();
  }And here are the results of the complete debugging ***** WARNING there's a lot here ****
  >
  Connecting to https://ipv4.tunnelbroker.net...
  keyStore is :
  keyStore type is : jks
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: /usr/lib/jvm/java-6-openjdk/jre/lib/security/jssecacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  < ... Snipped to conserve space... >
  adding as trusted cert:
  Subject: OU=RSA Security 1024 V3, O=RSA Security Inc
  Issuer: OU=RSA Security 1024 V3, O=RSA Security Inc
  Algorithm: RSA; Serial number: 0xa0101010000027c0000000b00000002
  Valid from Thu Feb 22 15:01:49 CST 2001 until Sun Feb 22 14:01:49 CST 2026
  adding as trusted cert:
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Algorithm: RSA; Serial number: 0xbc201a57ebb49897
  Valid from Tue Jul 10 20:35:31 CDT 2007 until Fri Jul 07 20:35:31 CDT 2017
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
  adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
  adding as trusted cert:
  Subject: CN=CC Signet - PCA Klasa 2, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Issuer: CN=CC Signet - RootCA, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x3cbede10
  Valid from Thu Apr 18 09:54:08 CDT 2002 until Mon Sep 21 10:42:19 CDT 2026
  < ... Snipped to conserve space... >
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1286668278 bytes = { 67, 34, 247, 171, 23, 198, 239, 55, 170, 174, 198, 240, 212, 155, 66, 209, 111, 146, 87, 177, 42, 3, 70, 62, 239, 10, 223, 89 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
  Compression Methods: { 0 }
  Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
  Extension ec_point_formats, formats: [uncompressed]
  [write] MD5 and SHA1 hashes: len = 177
  0000: 01 00 00 AD 03 01 4D B1 00 F6 43 22 F7 AB 17 C6 ......M...C"....
  0010: EF 37 AA AE C6 F0 D4 9B 42 D1 6F 92 57 B1 2A 03 .7......B.o.W.*.
  0020: 46 3E EF 0A DF 59 00 00 46 00 04 00 05 00 2F 00 F>...Y..F...../.
  0030: 35 C0 02 C0 04 C0 05 C0 0C C0 0E C0 0F C0 07 C0 5...............
  0040: 09 C0 0A C0 11 C0 13 C0 14 00 33 00 39 00 32 00 ..........3.9.2.
  0050: 38 00 0A C0 03 C0 0D C0 08 C0 12 00 16 00 13 00 8...............
  0060: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
  0070: 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 03 00 ..>...4.2.......
  0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................
  0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................
  00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................
  00B0: 00 .
  main, WRITE: TLSv1 Handshake, length = 177
  [write] MD5 and SHA1 hashes: len = 173
  0000: 01 03 01 00 84 00 00 00 20 00 00 04 01 00 80 00 ........ .......
  0010: 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 01 00 ..../..5........
  0020: 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 C0 07 ................
  0030: 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 C0 00 ........@.......
  0040: C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 00 00 ..........3..9..
  0050: 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 00 80 2..8............
  0060: 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 13 00 ................
  0070: 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 ....@...........
  0080: 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D B1 00 .............M..
  0090: F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 9B 42 .C".....7......B
  00A0: D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .o.W.*.F>...Y
  main, WRITE: SSLv2 client hello message, length = 173
  [Raw write]: length = 175
  0000: 80 AD 01 03 01 00 84 00 00 00 20 00 00 04 01 00 .......... .....
  0010: 80 00 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 ....../..5......
  0020: 01 00 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 ................
  0030: C0 07 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 ..........@.....
  0040: C0 00 C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 ............3..9
  0050: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 ..2..8..........
  0060: 00 80 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 ................
  0070: 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 ......@.........
  0080: 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D ...............M
  0090: B1 00 F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 ...C".....7.....
  00A0: 9B 42 D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .B.o.W.*.F>...Y
  [Raw read]: length = 5
  0000: 16 03 01 00 4A ....J
  [Raw read]: length = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  main, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1286668279 bytes = { 139, 214, 225, 90, 66, 187, 209, 102, 61, 206, 214, 127, 65, 85, 39, 88, 162, 1, 53, 255, 208, 234, 207, 26, 74, 4, 177, 213 }
  Session ID: {89, 242, 19, 161, 3, 178, 31, 57, 88, 84, 187, 218, 194, 76, 244, 187, 23, 84, 240, 215, 19, 93, 176, 35, 237, 63, 49, 125, 232, 186, 89, 98}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Warning: No renegotiation indication extension in ServerHello
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  [Raw read]: length = 5
  0000: 16 03 01 02 BF .....
  [Raw read]: length = 703
  0000: 0B 00 02 BB 00 02 B8 00 02 B5 30 82 02 B1 30 82 ..........0...0.
  0010: 02 1A 02 09 00 BC 20 1A 57 EB B4 98 97 30 0D 06 ...... .W....0..
  0020: 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 9C 31 .*.H........0..1
  0030: 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 .0...U....US1.0.
  0040: 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 ..U....Californi
  0050: 61 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D a1.0...U....Frem
  0060: 6F 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 ont1 0...U....Hu
  0070: 72 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 rricane Electric
  0080: 2C 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 , LLC1.0...U....
  0090: 49 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 IPV61.0...U....t
  00A0: 75 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 unnelbroker.net1
  00B0: 1A 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B .0...*.H........
  00C0: 69 6E 66 6F 40 68 65 2E 6E 65 74 30 1E 17 0D 30 [email protected]
  00D0: 37 30 37 31 31 30 31 33 35 33 31 5A 17 0D 31 37 70711013531Z..17
  00E0: 30 37 30 38 30 31 33 35 33 31 5A 30 81 9C 31 0B 0708013531Z0..1.
  00F0: 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 0...U....US1.0..
  0100: 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 .U....California
  0110: 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D 6F 1.0...U....Fremo
  0120: 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 72 nt1 0...U....Hur
  0130: 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 2C ricane Electric,
  0140: 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 49 LLC1.0...U....I
  0150: 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 75 PV61.0...U....tu
  0160: 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 1A nnelbroker.net1.
  0170: 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B 69 0...*.H........i
  0180: 6E 66 6F 40 68 65 2E 6E 65 74 30 81 9F 30 0D 06 [email protected]..
  0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 .*.H............
  01A0: 30 81 89 02 81 81 00 D7 24 7C 25 2A 7E 69 75 4A 0.......$.%*.iuJ
  01B0: 85 01 91 86 60 8F 2C 96 E4 BE 96 E4 B6 36 28 A1 ....`.,......6(.
  01C0: 7A 56 53 5C 01 A4 13 C8 6B 96 44 B7 5E 3D C0 60 zVS\....k.D.^=.`
  01D0: B9 27 75 D5 A0 72 84 D7 54 C9 48 F4 B2 B4 B4 44 .'u..r..T.H....D
  01E0: 0C 3D 90 48 57 F4 17 8D 71 EA 1E F8 4E 6F 88 68 .=.HW...q...No.h
  01F0: 4F 5E 30 F9 56 F2 48 F4 57 18 3A 94 89 A9 09 60 O^0.V.H.W.:....`
  0200: 19 CD 15 98 88 47 C3 80 E7 50 30 33 DF A9 51 91 .....G...P03..Q.
  0210: A4 34 40 09 60 C5 C4 F9 38 7C 7A EB 5A F3 3C 63 .4@.`...8.z.Z.<c
  0220: 3D 2D 24 12 08 C6 6F 02 03 01 00 01 30 0D 06 09 =-$...o.....0...
  0230: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 55 *.H............U
  0240: 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 99 E.(.3.6.:.... ..
  0250: 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A 74 u.....bi..q....t
  0260: E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 71 .\c7d.`hCP.I...q
  0270: 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 71 ..7?.8.2Ul.c.j.q
  0280: 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 5B ..v.I...2......[
  0290: 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B DE .....,(....m6k..
  02A0: E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 5D ..&J..?..N.....]
  02B0: 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F .E..K.....Q....
  main, READ: TLSv1 Handshake, length = 703
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  Found trusted certificate:
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  main, WRITE: TLSv1 Alert, length = 2
  [Raw write]: length = 7
  0000: 15 03 01 00 02 02 2E .......
  main, called closeSocket()
  main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
       at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
       at TestSSL.main(TestSSL.java:33)
  Caused by: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:225)
       at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
       at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:285)
       at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:271)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
       ... 11 more
  {quote}
  So, now I'm trying to figure out how to get past this. Unless (and until) Tunnelbroker includes the alternative name in their certificate (or if it's included already, until I figure out how to get that alternative imported into my truststore), I'm never going to be able to update via java.
  Have a great day:)
  Patrick.

• How to load a client certificate into a servlet to access a Web Service

  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet running under
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the client and the
  server hosting the Web Service. Thus, my client has to send a certificate to the
  server.
  My problem is: how to get the certificate into the request? I know that, for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method. But I can't
  use this class.
  Is there any other method to make sure that SSL requests use my client certificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peer certificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508> <Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

  Hi all,
  I have solved this problem basically by using weblogic's SSLSocketFactory instead
  of the default one used by Axis. I created a custom HttpSender (MyHttpSender)
  which uses this Factory. I then created a custom Config class which I pass to
  the constructor of Service. The Config class looks like this:
  public class MyConfig extends SimpleProvider {
  * Constructor - deploy client-side basic transports.
  public MyConfig() {
  deployTransport("java", new SimpleTargetedChain(new JavaSender()));
  deployTransport("local", new SimpleTargetedChain(new LocalSender()));
  deployTransport("http", new SimpleTargetedChain(new MyHttpSender()));
  The relevant code within MyHttpSender looks something like this:
  SSLClientInfo sslinfo = new SSLClientInfo();
  File ClientKeyFile = new File("C:/certificates/testkey.pem");
  File ClientCertsFile = new File("C:/certificates/testcert.pem");
  InputStream[] ins = new InputStream[2];
  ins[0] = new FileInputStream(ClientCertsFile);
  ins[1] = new FileInputStream(ClientKeyFile);
  String pwd = "mykeypass";
  sslinfo.loadLocalIdentity(ins[0], ins[1], pwd.toCharArray());
  javax.net.SocketFactory sockf = weblogic.security.SSL.SSLSocketFactory.getJSSE(sslinfo);
  sock = sockf.createSocket(host, port) ;
  By the way, this change also solved the other problem I posted about (not being
  able to tunnel through the https proxy).
  Cheeers,
  Zoltan Schreter
  Nokia
  "Tony" <TonyV> wrote:
  Which API's are you currently using for the SSL communication in the
  client
  side?
  Tony
  "Zoltan Schreter" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  I am having the following problem:
  I am trying to use a Web Service client (Axis) within a servlet runningunder
  WebLogic 8.1.
  I would like to have mutual SSL-based authentication between the clientand the
  server hosting the Web Service. Thus, my client has to send a certificateto the
  server.
  My problem is: how to get the certificate into the request? I knowthat,
  for example,
  the HttpsURLConnection class of WebLogic has a loadIdentity method.But I
  can't
  use this class.
  Is there any other method to make sure that SSL requests use my clientcertificates?
  By the way, I am receiving the following error message from the server:
  <Apr 13, 2004 5:35:10 PM EEST> <Debug> <TLS> <000000> <Required peercertificate
  s not supplied by peer>
  <Apr 13, 2004 5:35:10 PM EEST> <Warning> <Security> <BEA-090508><Certificate
  ch
  ain received from 127.0.0.1 - 127.0.0.1 was incomplete.>
  Anyone has an idea?
  Thanks for any hints,
  Zoltan Schreter
  Nokia

• Adding a certificate to my N900

  I've added a certificate that is required to get to my exchange server but it still will not connect; What's up?  I put the cert at the root (data) folder with no luck.  I also used the Nokia PC and put it under the domain folder and still no luck.  I really need some help of the phone goes back
  Solved!
  Go to Solution.

  I get the same "either exchange requires secure connection or account is disabled".  message.
  I think Cert Manager is treating different certifcates types differently. I downloaded the certificate to documents. clicked on it in file manager and all it did was display the properties. The file has a ? icon that suggests that the file type is not liked to cert_manager although this is what displays the details but does not prompt top install. Support please download and try for yourself https://mail.4mostresourcing.co.uk/integration. I am happy to see a terminal based solution in the short term if fixing requires a new cert manager release or something.
  Incidentally we do have this working over imap with this certificate and we are not seeing any errors reported in the server logs

• Adding loops to the loop browser.

  I'm using mac os 10.4.11. I have placed all my loops on an external hard drive.
  1) Are only apple loops allowed to be added or aiff loops in general as well?
  2) when adding loops to the loop browser should one add an entire folder if they are in a folder or just the files within a folder? I added a folder of flutes but can not find flutes anywhere in the loop browser file list.
  3) As I didn't want the loops within the jam pack voices, and rhythm section installer packages to be added to garageband I removed the loops folders from the packages, and dropped them onto the loop browser. When looking in the jam pack management it shows the rhythm section but not the voices. When I again attempted to drop the voices folder it said it was already there, although I still can't see it.
  4) Once I understand how to do this correctly should I trash the loop browser apple loops index file and re-drop all the loops on the browser again to get everything cataloged correctly?
  Thank you,
  Robert

  Select "Add to Loop Library" from the Edit menu!

• Why am I getting File not Found alert when I type into my browser?

  Why do I keep getting a File not Found alert when I type into my browser?
  I have been using firefox for about 4 yrs now with very few problems. The problem I am having is that when ever I go to type in anything into my browser I keep receiving this message:
  (Scroll down to see the rest)
  File not found
  Firefox can't find the file at jar:file:///C:/Program Files (x86)/Mozilla Firefox/omni.jar!/chrome/en-US/locale/browser-region/region.propertieschronic+fatigue+syndrome.
  I recently installed Firefox 5.0 and this keeps happening. It happened with the 4.0 version a couple of days ago but mostly it is the 5.0 version that I am having problems with. When ever I want to do a search I have to manually type in google.com. Is there a solution to fix this?

  The NuGet is a dll that was built with 4.0.0.0.  The easiest thing to fix problem is target you VS project to use Net 4.0.  You could get a new version of NuGet, but if you do make sure you rebuild your entire project.  The dependencies in
  the VS compiler doesn't always recognize updated libraries.  So I normally rename the bin folder in the project and then delete the bin folder.  VS will create a new bin folder and then rebuild all the source files.  If your project contains
  multiple projects then remember to delete the bin from all projects.
  jdweng

• I have Firefox 6.0 running under Windows XL. When I forward an email with a URL in it, my recipients tell me the URL is not highlighted and they have to cut and paste it into their browser. Why? How can I get my forwarded URLs to be highlighted?

  I have Firefox 6.0 running under Windows XL. When I forward an email with a URL in it, my recipients tell me the URL is not highlighted and they have to cut and paste it into their browser. Why? How can I get my forwarded URLs to be highlighted?

  If you think getting your web pages to appear OK in all the major browsers is tricky then dealing with email clients is way worse. There are so many of them.
  If you want to bulk email yourself, there are apps for it and their templates will work in most cases...
  http://www.iwebformusicians.com/Website-Email-Marketing/EBlast.html
  This one will create the form, database and send out the emails...
  http://www.iwebformusicians.com/Website-Email-Marketing/MailShoot.html
  The alternative is to use a marketing service if your business can justify the cost. Their templates are tested in all the common email clients...
  http://www.iwebformusicians.com/Website-Email-Marketing/Email-Marketing-Service. html
  "I may receive some form of compensation, financial or otherwise, from my recommendation or link."

• I'm trying to invoke EXCEL or POWERPOINT file into the browser IE 6.0.  The

  I'm running TOMCAT locally on my PC (running Windows NT).
  I'm trying to invoke EXCEL or POWERPOINT file into the browser IE 6.0.
  The output is coming out all scrambled (almost like ASCII code or something),
  where it seems like the applications are not firing up.
  However, an MSWord file shows up fine. So I go to the WEB.XML file in the TOMCAT\CONF
  folder and notice that a MIME type has been set up for MSWord and not the other two.
  I set one up for EXCEL and POWERPOINT but the XLS or PPT files still don't work.
  So, just for kicks, I comment out the MSWord MIME definition but the MSWord file still worked!!!
  I can't figure out what's going on here.
  I'm stopping and starting the TOMCAT service each time I make changes to the WEB.XML file,
  but it seems like none of the changes are taking affect.
  I install all the viewers for MS-Word, ppt, and excell.
  But in Netscape it works fine.

  To support various file formats in IE browser while using window.open like .doc, .docx, .ppt, .pptx, .xls, xlsx etc.,
  The following code can also be used to force any format to get launch outside IE
  For these first configure a filter in web.xml and then include the filter class in given path
  <filter>
  <filter-name>MimeFilter</filter-name>
  <filter-class>com.srk.MimeFilter</filter-class>
  </filter>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.xls</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.xlsx</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.ppt</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.doc</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.docx</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>MimeFilter</filter-name>
  <url-pattern>*.pptx</url-pattern>
  </filter-mapping>
  and then include the filter class in the declared path
  import java.io.*;
  import java.util.logging.*;
  import javax.servlet.*;
  import javax.servlet.Filter;
  import javax.servlet.http.*;
  public class MimeFilter implements Filter {
  public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain chain) throws IOException, ServletException {
  HttpServletResponse httpResp = (HttpServletResponse) response;
  HttpServletRequest httpReq = (HttpServletRequest) request;
  String fileUrl = httpReq.getRequestURI();
  if(fileUrl.lastIndexOf(".xls")!=-1)
  fileUrl = fileUrl.substring(fileUrl.lastIndexOf("/")+1);
  httpResp.setContentType("application/vnd.ms-excel");
  httpResp.setHeader("Content-disposition", "attachment; filename="+fileUrl);
  if(fileUrl.lastIndexOf(".ppt")!=-1)
  fileUrl = fileUrl.substring(fileUrl.lastIndexOf("/")+1);
  httpResp.setContentType("application/powerpoint");
  httpResp.setHeader("Content-disposition", "attachment; filename="+fileUrl);
  if(fileUrl.lastIndexOf(".doc")!=-1)
  fileUrl = fileUrl.substring(fileUrl.lastIndexOf("/")+1);
  httpResp.setContentType("application/msword");
  httpResp.setHeader("Content-disposition", "attachment; filename="+fileUrl);
  chain.doFilter(request, response);
  public boolean isLoggable(LogRecord record) {
  return false;
  public void destroy() {
  public void init(FilterConfig arg0) throws ServletException {
  Please let me know your feedback.

• Need helpcreating a script to read the name of a folder and adding that name into the permissions of that folder

  Need help creating a script to read the name of a folder (which is the AD Username) and adding that name into the permissions of that folder.
  I have over 100 folders which I need to add the AD user to read and write to their own folder
  Hope you guys understand what I mean

  Just to add, Mac in intergrated into AD and all I need is help in creating the script
  Thanks

• Adobe Photoshop asked me to copy and paste a URL into my "browser" to confirm my e-mail address. What, and where, is my Browser? How do I do that?

  Upon register with Adobe Photoshop, they asked me to copy and paste a URL into my "browser" to confirm my e-mail address. What, and where, is my Browser? How do I do that?

  If this has arrived in an email from Adobe, it's probably legitimate.
  Usually though, you can click the link and it will confirm your registration automatically.
  Otherwise copy it and then paste it into the location bar.
  '''N.B.''' See this link for possible malware: http://www.adobe.com/support/reader/

• How can i insert a root certificate into firefox data base

  We are a software development company, we launched an app that is called SAINT, its an internet filters that monitors web traffic, www.saintapp.com, we use a certificate that when going to secure sites, like, hotmail, gmail, aolmail, yahoo mail, banks, etc, it will display an Untrusted connection message and we have to add an exception to continue, that is because firefox uses it own certificate database and does not use microsofts, our app incerts the certificate into microsoftsdata base, how can insert our certificate into Firefox database? or can we sent to you the certificate and you can insert it into your database and release an update? what can we do?
  please advice

  Ok,
  Replace array subset is what I was looking for I think. I'll try it out.
  What I meant earlier is; if you have the array (with row indexing on the left)
  0: 1 1 1 1
  1: 2 2 2 2
  2: 3 3 3 3 
  3: 4 4 4 4
  And you want to put 8888 into array with the insert into array vi, at row 2, it becomes 
  0: 1 1 1 1
  1: 2 2 2 2
  2: 8 8 8 8
  3: 3 3 3 3
  4: 4 4 4 4
  But I want it to look like 
  0: 1 1 1 1
  1: 2 2 2 2
  2: 8 8 8 8
  3: 4 4 4 4 
  So I have overwritten row 2, taking into account array indexing starts at 0 :-)

• Multiple certificate stored in Browser

  I run certificate request using https://.../oca/sso_oca_link and also /oca/user.
  eg. with these User DN:
  => cn=ferry,cn=users,dc=subdom,dc=mydomain,dc=com
  => cn=tova,cn=users,dc=subdom,dc=mydomain,dc=com
  => cn=ferry,cn=users,dc=subdom,dc=mydomain,dc=com
  By requesting certificate several times from the same PC using several user account, have result in multiple certificate stored in Browser.
  When visit my secure web using Internet Explorer 6, a window raised and lists these
  "users"
  "users"
  "users"
  By using Netscape Navigator 7.1: a window appear with a bit more information display
  "users's myOrganisation"
  "users's myOrganisation"
  "users's myOrganisation"
  and some explanation eg
  Issued to:
  Subject: CN=ferry, CN=users, DC=subdom, DC=domain, DC=com
  Serial Number: 1C
  Valid from 23/09/2005 14:53:42 to 23/09/2006 14:53:42
  Issued by:
  Subject: CN=MyCcertificate Authority,...
  How to display USER NAME (according to CN) in the list instead of "users" ?
  or this is the expected behaviour?
  TIA,
  ferry

  Ok. I've found the solution.
  For reference to all you guys:
  ByteArrayInputStream bais = new ByteArrayInputStream( (byte[])attr.get() );
  CertificateFactory cf = CertificateFactory.getInstance("X.509");
  cert = (X509Certificate)cf.generateCertificate(bais);

• Error during import certificate into sapwebdispatcher

  HI experts:
  I have a problem importing a certificate in a web dispatcher. The error is the next:
  import_own_cert: Installation of certificate failed
  ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k
  ey found
  Iu00B4m trying importi a verysign certificate.
  If i import a temporal certificate from sap page, it works correctly.
  The verysign certificate is ok. It is .p7b. I open it and i have 2 certificates into the same file. One of them is with the name of the web dispatcher hostname, and the other: Very sign Class 3.... Both are valid, one of them to 2012 and the other to 2019.
  The web dispatcher works between the sap netweaver portal in windows-oracle and the ECC 6.0 in windows-oracle.
  The web dispatcher profile is the next:
  SAPSYSTEMNAME = JEE
  INSTANCE_NAME = WD05
  SAPSYSTEM = 06
  SAPGLOBALHOST = sapwep.madrid.informa
  SAPLOCALHOSTFULL = sapwep.madrid.informa
  DIR_INSTANCE=k:\usr\sap\wd\secudir
  ssl/ssl_lib=k:\usr\sap\wd\secudir\sapcrypto.dll
  ssl/server_pse = k:\usr\sap\wd\secudir\temporal.pse
  #ms/https_port = 8101
  wdisp/server_info_protocol = http
  wdisp/ssl_encrypt = 0
  wdisp/add_client_protocol_header = true
  icm/HTTPS/verify_client = 0
  icm/server_port_1 = PROT=HTTPS, PORT=60000
  Example: SAPLOCALHOST=vwdisphost.sap.com
  SAPLOCALHOST = sapwep.madrid.informa
  #--- SAP Web Dispatcher-specific parameters
  icm/server_port_0 = PROT=HTTP, PORT=8206,TIMEOUT=30,PROCTIMEOUT=600
  rdisp/mshost = sapvsap.madrid.informa
  ms/http_port = 8100
  icm/HTTP/admin_0= PREFIX=/sap/wdisp/admin,DOCROOT=./admin
  icm/max_conn              = 16384 
  icm/max_sockets          = 32768
  wdisp/HTTP/max_pooled_con = 16000
  wdisp/HTTPS/max_pooled_con  = 16000
  icm/req_queue_len          = 6000
  icm/min_threads            = 100
  icm/max_threads            = 500
  mpi/total_size_MB          = 500
  mpi/max_pipes              = 20500
  mpi/buffer_size           = 32768
  Iu00B4m trying to import it using:
  K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
  cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
  Can somebody help me?.
  Thanks.

  K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
  cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
  That doesn't look quite right.
  It should be something along the lines of:
  sapgenpse import_own_cert -p K:\usr\sap\wd\secudir\prueba.pse -c K:\usr\sap\wd\secudir\certifi
  cado.7b -r CA.cer
  Note the -r for CA root certificate. Although it should not be required for a PKCS#7 certificate to specify a CA root when importing as it should already have it included in the certificate. You can try importing without specifying the CA root too.
  Nelis