Asa ssh/vnc plugins digital certificates expired
Hi,
we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
(ssh-plugin.08030, vnc-plugin.080130).
Are newer ones available?
Thanks
Dorothea
BTW this could be of help:
http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
You probably want to install a code signer certificate.
While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...
Similar Messages
-
ASA-SSM-10 with IME: certificate expiration
ASDM and IDM work fine with my SSM. I'm attempting to add my SSM as a new device into (just installed) IME 7.0.1. Dialog box says:
IOException when try to get certificate: java.security.cert.CertificateExpired Exception: NotAfter: Tue Jul 28 04:44:51 EDT 2009
What is the issue here, and how do I fix it?
Thanks in advance,
-- BillFound answer to this, via Cisco Service Request. Used CLI on AIP-SSM:
sensor# tls generate-key
Then I refreshed sensor details in IME, tried adding a new device and all worked fine. IME has the AIP-SSM reporting I was after, so - good deal. -
Digital Certificate of SAP AG from VeriSign expired on 26.02.2005 ?
Hi,
When we open BEx, Security Warning screen of office 2003 appears. Although SAP note says that "click 'Always trust macros from this publisher'", this check is grayed out.It is because Validity of Digital Certificate is 26.02.2005.
Question is ;
is there a newer version of *.xla with new Digital certificate? or any other comment which we don't encounter this screen everytime we start BEx without lowering the security settings?
Thanks &B RegardsSinan,
We are experiencing the same exact problem. How did you fix this issue??
Regards,
Vinay -
WVC54GC V1.1 - Software Certificate Expired!
I have this camera put away some time, and recently I installed it again.
It was no problem finding it and setting it up both with cable and wireless.
And no problems coming to the webpage where I should could see the camera.
I choose "View Video" and it pops up with software install (NetCamPlayerWeb11gv2.cab)
Then it says Unknown Supplier and something about Windows has blocked it to protect my computer.
Under certificate it says that it's expired:
Cisco-Linksys LLC
Verisign Class 3 Code Signing 2004A
From June 9th, 2006 to July 12th, 2009
I can not install the software in neither in IE or Firefox.
Newest firmware installed. Tried from Win7, XP and VirtualXP - no luckYou are absolutely not reading anything I'm writing...
You can change all the security settings you want.
NOTHING WILL WORK as the software integrated in the camera's firmware is expired.
Only solution is to change the time on the PC back to the time where the software was NOT expired.
I have mounted video-surveillance as a technician in years. And obviously I know more about your product than yourself.
Scary!
I say again, It has nothing to do with IE security as I tried it as the first thing.
IE ask your permission to install activex, but it is not helping as it does not change that the software is expired.
But certainly I have realized what brand of products NOT to purchase at a later time.
You can take a look at your own previously releasenotes:
http://homedownloads.cisco.com/downloads/WVC54GC_V11_FW126,0.txt
quote:
Version v1.19, Jul 7, 2006
- Fix: Unable to install ActiveX plugin to view video. Verisign digital signature expired.
/quote
Even noobs can see that this is the problem AGAIN, as the Verisign digital signature once again has expired.
(As I said from the beginning)
So try again! -
Applet digital certificate is diplaying before applet loads
Hi All,
I have a drop-down in a jsp page. I want to display a signed applet when I select a particular option from that drop-down list.
In http mode the digital certificate is displaying only when I select that particular option from dropdown list. (working fine)
Problem:
But in https mode the digital certificate is diplaying whenever that jsp loads.(i.e. certificate is diplaying before selecting an value from dropdown list)
Suggestions please.
Thanks,
KrishnaI am having a similar issue. Clients using a system running an old version of Crystal Reports are encountering a warning that the digital signature has expired. It appears to only affect clients using Java 1.5.0 and newer.
Is there a way to update the digital signature? -
VPN error when using Microsoft digital certificates.
Hi,
I tried implementing site-site VPN between Cisco Router and Cisco ASA using Microsoft digital certificates. After performing the following configurations, I was not able to ping to other site LAN. I enabled debug and got following out put. I sucessfully enrolled digital certificates.
Cisco ASA config:
access-list 100 extended permit ip 10.1.1.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 100
static (inside,outside) 1.1.1.10 10.1.1.10 netmask 255.255.255.255
route outside 0.0.0.0 0.0.0.0 1.1.1.2 1
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto map mymap 1 match address 100
crypto map mymap 1 set peer 2.2.2.2
crypto map mymap 1 set transform-set myset
crypto map mymap interface outside
crypto ca trustpoint winca
enrollment url http://10.1.1.10:80/certsrv/mscep/mscep.dll
crl configure
crypto isakmp enable outside
crypto isakmp policy 10
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
trust-point winca
On router:
crypto ca trustpoint winca
enrollment mode ra
enrollment url http://1.1.1.10:80/certsrv/mscep/mscep.dll
crypto isakmp policy 19
encr 3des
group 2
authentication rsa-sig
crypto isakmp key cisco address 1.1.1.1
crypto map mymap 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set myset
match address 100
access-list 100 permit ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255
crypto ipsec transform-set myset esp-3des esp-sha-hmac
Debug output on ASA
CorpASA# Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Removing peer from peer table failed, no match!
Nov 15 02:12:49 [IKEv1]: Group = 2.2.2.2, IP = 2.2.2.2, Error: Unable to remove PeerTblEntry
CorpASA#
CorpASA#
CorpASA# Nov 15 02:13:06 [IKEv1]: Removing peer from peer table failed, no match!
Nov 15 02:13:06 [IKEv1]: Error: Unable to remove PeerTblEntry
Nov 15 02:13:11 [IKEv1]: Removing peer from peer table failed, no match!
Nov 15 02:13:11 [IKEv1]: Error: Unable to remove PeerTblEntry
Debug out put on router:
R2#ping 10.1.1.10 source 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
Nov 15 02:21:01.067: %SYS-5-CONFIG_I: Configured from console by console
Nov 15 02:21:02.651: ISAKMP: received ke message (1/1)
Nov 15 02:21:02.655: ISAKMP (0:0): SA request profile is (NULL)
Nov 15 02:21:02.655: ISAKMP: local port 500, remote port 500
Nov 15 02:21:02.655: ISAKMP: set new node 0 to QM_IDLE
Nov 15 02:21:02.655: ISAKMP: insert sa successfully sa = 64597C20
Nov 15 02:21:02.655: ISAKMP (0:1): Can not start Aggressive mode, trying Main mode.
Nov 15 02:21:02.659: ISAKMP: Looking for a matching key for 1.1.1.1 in default : success
Nov 15 02:21:02.659: ISAKMP (0:1): found peer pre-shared key matching 1.1.1.1
Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-07 ID
Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-03 ID
Nov 15 02:21:02.659: ISAKMP (0:1): constructed NAT-T vendor-02 ID
Nov 15 02:21:02.659: ISAKMP (0:1): Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Nov 15 02:21:02.663: ISAKMP (0:1): Old State = IKE_READY New State = IKE_I_MM1
Nov 15 02:21:02.663: ISAKMP (0:1): beginning Main Mode exchange
Nov 15 02:21:02.663: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE
Nov 15 02:21:02.703: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATE
Nov 15 02:21:02.707: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Nov 15 02:21:02.707: ISAKMP (0:1): Old State = IKE_I_MM1 New State = IKE_I_MM2
Nov 15 02:21:02.707: ISAKMP (0:1): processing SA payload. message ID = 0
Nov 15 02:21:02.707: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:02.707: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
Nov 15 02:21:02.711: ISAKMP : Scanning profiles for xauth ...
Nov 15 02:21:02.711: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 19 policy
Nov 15 02:21:02.711: ISAKMP: encryption 3DES-CBC
Nov 15 02:21:02.711: ISAKMP: hash SHA
Nov 15 02:21:02.711: ISAKMP: default group 2
Nov 15 02:21:02.711: ISAKMP.: auth RSA sig
Nov 15 02:21:02.711: ISAKMP: life type in seconds
Nov 15 02:21:02.711: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
Nov 15 02:21:02.715: ISAKMP (0:1): atts are acceptable. Next payload is 0
Nov 15 02:21:02.771: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:02.771: ISAKMP (0:1): vendor ID seems Unity/DPD but major 194 mismatch
Nov 15 02:21:02.775: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Nov 15 02:21:02.775: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM2
Nov 15 02:21:02.783: ISAKMP (0:1): constructing CERT_REQ for issuer cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
Nov 15 02:21:02.783: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP
Nov 15 02:21:02.783: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Nov 15 02:21:02.787: ISAKMP (0:1): Old State = IKE_I_MM2 New State = IKE_I_MM3
Nov 15 02:21:02.903: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP
Nov 15 02:21:02.907: ISAKMP (0:1): Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Nov 15 02:21:02.907: ISAKMP (0:1): Old State = IKE_I_MM3 New State = IKE_I_MM4
Nov 15 02:21:02.907: ISAKMP (0:1): processing KE payload. message ID = 0
Nov 15 02:21:02.979: ISAKMP (0:1): processing NONCE payload. message ID = 0
Nov 15 02:21:02.987: ISAKMP (0:1): SKEYID state generated
Nov 15 02:21:02.991: ISAKMP (0:1): processing CERT_REQ payload. message ID = 0
Nov 15 02:21:02.991: ISAKMP (0:1): peer wants a CT_X509_SIGNATURE cert
Nov 15 02:21:02.995: ISAKMP (0:1): peer want cert issued by cn=md902j-n5dros99,dc=md902j,dc=ca,dc=com
Nov 15 02:21:02.995: ISAKMP (0:1): Choosing trustpoint winca as issuer
Nov 15 02:21:02.995: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:02.995: ISAKMP (0:1): vendor ID is Unity
Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID seems Unity/DPD but major 11 mi.smatch
Nov 15 02:21:02.999: ISAKMP (0:1): vendor ID is XAUTH
Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:02.999: ISAKMP (0:1): speaking to another IOS box!
Nov 15 02:21:02.999: ISAKMP (0:1): processing vendor id payload
Nov 15 02:21:03.003: ISAKMP (0:1:): vendor ID seems Unity/DPD but hash mismatch
Nov 15 02:21:03.003: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Nov 15 02:21:03.003: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM4
Nov 15 02:21:03.007: ISAKMP (0:1): Send initial contact
Nov 15 02:21:03.067: ISAKMP (1): My ID configured as IPv4 Addr,but Addr not in Cert!
Nov 15 02:21:03.067: ISAKMP (1): Using FQDN as My ID
Nov 15 02:21:03.067: ISAKMP (0:1): SA is doing RSA signature authentication using id type ID_FQDN
Nov 15 02:21:03.067: ISAKMP (0:1): ID payload
next-payload : 6
type : 2
FQDN name : R2.cisco.com
protocol : 17
port : 500
length : 20
Nov 15 02:21:03.067: ISAKMP (1): Total payload length: 20
Nov 15 02:21:03.095: ISAKMP (0:1): constructing CERT payload for hostname=R2.cisco.com
Nov 15 02:21:03.095: ISKAMP: growing send buffer from 1024 to 3072
Nov 15 02:21:03.095: ISAKMP (0:1): using the winca trustpoint's keypair to sign
Nov 15 02:21:03.215: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Nov 15 02:21:03.219: ISAKMP (0:1): Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Nov 15 02:21:03.219: ISAKMP (0:1): Old State = IKE_I_MM4 New State = IKE_I_MM5
Nov 15 02:21:03.375: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Nov 15 02:21:03.375: ISAKMP: set new node -1205710646 to QM_IDLE
Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Nov 15 02:21:03.379: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Nov 15 02:21:03.383: ISAKMP (0:1): received packe.t from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Nov 15 02:21:03.383: ISAKMP (0:1): received packet from 1.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH
Nov 15 02:21:03.383: ISAKMP: Info Notify message requeue retry counter exceeded sa request from 1.1.1.1 to 2.2.2.2...
Success rate is 0 percent (0/5)
R2#
Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
Nov 15 02:21:13.219: ISAKMP (0:1): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Nov 15 02:21:13.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Nov 15 02:21:13.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
R2#
Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
Nov 15 02:21:23.219: ISAKMP (0:1): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Nov 15 02:21:23.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Nov 15 02:21:23.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
R2#
Nov 15 02:21:32.651: ISAKMP: received ke message (1/1)
Nov 15 02:21:32.651: ISAKMP: set new node 0 to QM_IDLE
Nov 15 02:21:32.651: ISAKMP (0:1): SA is still budding. Attached new ipsec request to it. (local 2.2.2.2, remote 1.1.1.1)
Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
Nov 15 02:21:33.219: ISAKMP (0:1): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
Nov 15 02:21:33.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Nov 15 02:21:33.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
R2#
Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH...
Nov 15 02:21:43.219: ISAKMP (0:1): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Nov 15 02:21:43.219: ISAKMP (0:1): retransmitting phase 1 MM_KEY_EXCH
Nov 15 02:21:43.219: ISAKMP (0:1): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH
PLease assist me in sorting this issue, i need to implement on my live network.
Thanks a lot in advance.
Regards,
Mohan.DHI Mate ,
your ASA is sending the ASA certificate :
but after that we are recieving an isakmp notify message which tears down the connection ?
somehow the remote peer didn't like the ASA certificate
do you have access to that peer ? is it a CISCO ASA?
is the time synchronized with that side ?
it the CA certificate installed on that peer?
HTH
Mohammad. -
Adobe Dreamweaver + Air, Digital Certificate Missing?
I was trying to test out the Adobe Air plugin for Dreamweaver. I have the SDK and the plugin installed but when i fill out the Air Application Settings a popup window appeared saying "Please specify a digital certificate and the coresponding password. So i did some googleing and saw a screenshot of the same window but the digital certificate thing was at the bottom of the window. My Air Application Settings window does not have that at the bottom so i cannot finish the form and finish my Adobe Air application. Does anyone know how to fix this or am i missing something?
I don't know this error. I guess it is probably because
Dreamweaver could not create the certificate file. In that case,
you might change to another directory to output the certificate. -
We are currently running 5.1 SP6 and are a little confussed with all the release notes that have been posted regarding the digital signature expiration as to whether or not our version will be affected by this. From the most current release notes, it sounds like versions BPC 7M SP3, BPC 5.1 SP7, BPC 5.1 SP8, and CPM 4.2 SP05 Patch 1 are the only ones that will be affected. Is this true?
It also sounds like it is more of a nusance than anything because you will recieve a warrning message if your security level is set to very high so you would have to change your security to a lower level. It doesn't sound like any system funcationality will be affected. Is this also true?The digital signatures are for our excel components (add-ins). They must be signed (by verisign for example) in order for excel to allow them to run. The certificates expire, really they are not supposed to but there was a glitch in the these particular builds that allows them to expire, once they expire it could render BPC for Office unusable. This depends on Office's macro security, for example, if in excel your macro security is set to High, when you run BPC you will get a message that says the macros are unsigned and won't them be invoked. If you macro security is set to medium you will only get a warning and it will let BPC load if you click Ok on the warning.
These are the only versions that are effected.
Links to SAP notes with more information on the patch and to download the patch:
4.2 SP5 - https://service.sap.com/sap/support/notes/1334222
5.1 SP7 - https://service.sap.com/sap/support/notes/1334157
5.1 SP8 - https://service.sap.com/sap/support/notes/1334216
7.0 SP3 - https://service.sap.com/sap/support/notes/1334217
Hope this helps. -
Multiple SAP Passports(Digital Certificates)
Hi Guys,
I want to know how i could have multiple digital certificates created to login to service.sap.com.
My case is that i have 2 S IDs. I have created an SAP Passport(digital certificate) for 1 S ID, so that i dnt have to enter the user name and password every time i login to service market place. However i would want to create a digital certificate for my other S ID as well. How do i do that..
Help appreciated
Rgds,
PrabinathHi Aj,
When your SAP passport expires SAP recommends to delete your old SAP Passport and create new passport. Since the new SAP Passport is valid already, there is no reason to retain the old one.
Please check and let me know if you need any information.
Regards,
Kiran .V -
I obtained new digital certificate, which is working without any problems. When I try to export backup copy of new or already existing certificate, I get response window that exportation failed due to unknown reason. I use Firefox 3.6.14
The same problem occured with FF in Linux. The solution found there was to uninstall Torbutton, restart FF and try again. In my case I had to try twice. There may of course be other plugins that cause problems ...
-
CUCM - Tomcat.der certificate expired
I got an RTMT alert related to tomcat.der certificate expired.
At Mon Aug 04 21:00:16 CDT 2014 on node 10.203.12.10, the following SyslogSeverityMatchFound events generated:
SeverityMatch : Critical
MatchedEvent : Aug 4 21:00:01 CUCM01 local7 2 : 195: CUCM01.TEST.COM: Aug 05 2014 02:00:01.21 UTC : %UC_CERT-2-CertValidfor7days: %[Message=Certificate expiration Notification. Certificate name:tomcat.der Unit:tomcat Type:own-cert Expiration:Wed Aug 6 14:42:00:000 CDT ][AppID=Cisco Certificate Monitor][ClusterID=][NodeID=CUCM01]: Alarm to indicate that Certificate has Expired or Expires in less than seven days AppID : Cisco Syslog Agent ClusterID :
NodeID : CUCM01
Could you please help me how to solve this problem.
Regards
SathyaHow can I find whether the previous certificate is self signed or not.
Two methods:
1 - Go to OS Administration ( https://SERVER/cmplatform/ ) and login. (Remember, this is the operating system ID and password and NOT the ID/Password you use to login to ccmadmin with.) Go to Security -> Certificate Management and click find. This will list all your certificates. The tomcat one is usually at the top. The right hand column will tell you if it's self-signed or not.
2 - Go to https://SERVER/cmplatform (no need to login) and click on the padlock to examine the certificate.
whether the new certificate can be upload after the previous certificate is expired, will there be any problem.
You can replace a certificate any time you want. You don't have to replace an expired certificate - but it's good practise too. (And it stops those annoying emails too!)
Any services or server needs to be rebooted.
For the Tomcat certificate, you have to restart the Tomcat service. This can only be done from the server CLI. So either login to the console, or SSH in (again, with the operating system ID & password) and type the command "utils service restart Cisco Tomcat" (NOTE: This is CaSe SeNsItIvE) Whilst this is restarting, all the web apps (ccmadmin, cmplatform, etc.) will be offline.
How can we verify whether the certificates are proper.
Not sure what you mean by this. If you mean: "How can I be sure the server is using the new certificate?" go to https://SERVER/ccmadmin and in your browser click the padlock to examine the certificate. HINT: You *may* have to restart your browser for it to notice the certificate change.
GTG -
WebVPN-Problem with Digital Certificate and AAA
Hello everyone,
I have a problem during configuring WebVPN on ASA 5520 using AAA and digital certificate of Microsoft. (MSCEP)
Currently, The WebVPN service is enabled and it worked well with AAA (local or external) only,
But now, I want to use both AAA and Certificate for most secure-I mean that the users will be authenticated 2 times (firstly, it is checked by valid certificate then user/pass is second one).
Here are details:
I tried installation CA server (Microsoft CA service combined with SCEP) and register ASA with CA server (ASA work as subordinate CA)-->these steps is ok, asa has registed, then client use web-browser request CA and it's issued by CA administrator then it is installed on web-browser.
Testing:
The Client tried to test with access SSL VPN, the welcome WEBVPN message prompt user/pass but the message is "Logon Failed" before I give user and pass,
Does anyone know and advise ?
Thanks
KhanhHi all,
Here are attach files for my issuse,
Khanh -
How to renewal the Java Keytool DIgital Certificate programmatically?
Hi,
I created the self signed Digital certificate programmatically.My certificate got expired.I want to Renewal the Digital certificate programmatically.
If any one is having idea to renewal the certificate,please share it to me.
Thank youWhenever we want to renewal the certificate , we have to create new key store file and new certficate file .
NO
Absolutely not.
I've just told you that.
Instead of tcreating new certificate/keystore file, is it possible to update the +'valid from and Valid to date '+ alone in old keystore file?I've jsut answered that as well. I don't know what code you executed to generate the original certificate but you have to repeat the part that signed it. -
Private key and digital certificate
I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
and i got,
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
Question :
I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
If so , what are private keys and digital certificate in the above contents ?
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_CitizenThe content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .
-
Hi Guys
I need to add a digital certificate to a clients customer statements and invoices. XML Publisher 5.6.3 has been used originally to design the templates as RTF. I have the following questions please...
1. Can an RTF template be used or do I need to convert it to a pdf template?
2. Can XML publisher even be used or do I need to get the DBAs to install BI Publisher. XML Publisher doesn't even have the signature properties in the admin screens that BI Publisher has.
Below is a copy of the xdo.cfg file which currently does not add the pfx file...
<config version="1.0.0" xmlns="http://xmlns.oracle.com/oxp/config/">
<properties>
<property name="system-temp-dir">/tmp</property>
<property name="pdf-security">false</property>
<property name="pdf-open-password">testpass</property>
<property name="pdf-permissions-password">testpass</property>
<property name="pdf-encryption-level">1</property>
<property name="pdf-no-printing">true</property>
<property name="pdf-no-changing-the-document">true</property>
<property name="signature-enable">true</property>
<property name="signature-pkcs12-path">/app/oracle/product/appldev/apps/apps_st/appl/xdo/12.0.0/resource/digcert.pfx</property>
<property name="signature-pkcs12-password">testpass</property>
<property name="signature-field-location">top-left</property>
<property name="signature-reason">taxreasons</property>
<property name="signature-signed-at">Cape Town</property>
<property name="signature-display-style">detailed</property>
</properties>
</config>
Any help will be greatly appreciated.thanks for the summary of the many posts and threads describing all of these steps.
Maybe you are looking for
-
Hi friends need some help in ALE IDOC !
For training purpose I am trying to create an IDOC using ALE where I am using the same client as server as well as receiver......So I am using as receiver "NONE" . this is already present in the SM59 under logical systems.. But i cant create a port
-
how can I get the back ground to be white again; with out "downgrading"
-
Can I use touchID for accepting a call?
In security mode I can only swipe to accept call , sadly can it be a good idea to use TouchID for it?
-
How to have drop down menu in which we cant continue until selection is made
Hi All, I have a case in which I have 4 drop down menu, and a continue button, I want to make sure that a user cant continue until selection is been made on all the four or atleast from some of the drop down menu. how can I do that. Solved! Go to Sol
-
MicroPhoto Help needed! URGENT
My player has randomly gone into recovery mode and i cant get out of it!?Ive tried clean up and reboot and nothing will make it go back to normal!?Please help i need my music back!?