BEX Analyzer 3.5 Expired Certificate / Digital Signature

Similar Messages

• Digital signature / certificate

  how does the certificate (digital signature) work in OS X?
  I installed one certificate from Trustcenter.de , put it in 'login' keychain.
  I created one myself in the 'login' keychain.
  I created one myself in the 'system' keychain.
  None of those i can see in the Digital Signature menu in: Microsoft Excell, Open Office 2.3, Neooffice
  I installed 5-6 certificates on windows xp and vista machines at my work, using digital signature is crutial for me, please help..

  Please check the below notes:
  [Note 455033 - SAPCRYPTOLIB versions, bugs and fixes|https://service.sap.com/sap/support/notes/455033]
  [Note 991968 - Value list for login/password_hash_algorithm|https://service.sap.com/sap/support/notes/991968]
  Following Algorithms are provided by SAPCryptolib
  1. Under HASH Algorithms:
  RSA-MD2          OID 1.2.840.113549.2.2, NULL parameter
  RSA-MD4          OID 1.2.840.113549.2.4, NULL parameter
  RSA-MD5          OID 1.2.840.113549.2.5, NULL parameter
  NIST-SHA     OID 1.3.14.3.2.18, NULL parameter
  SHA-1          OID 1.3.14.3.2.26, NULL parameter
  md2          Same algorithm as RSA-MD2
  md4          Same algorithm as RSA-MD4
  md5          Same algorithm as RSA-MD5
  RIPEMD-160     OID 1.3.36.3.2.1, NULL parameter
  ripemd160     Same algorithm as RIPEMD-160
  sha          Same algorithm as NIST-SHA
  sha1          Same algorithm as SHA-1
  For more details on which algo.s are supported and provided by SAPCryptolib, please check the following links:
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e186c590-0201-0010-af8d-a2697dee13c0
  [Secure System Management FAQ|http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/a0b60eb4-a1fa-2b10-58b6-b83ed4d3ff82]
  Regards,
  Dipanjan

• Adobe Reader X doesn't even try to validate expired user certificate used in digital signature

  Verifying a file signed with an expired certificate (timestamped or not) causes Adobe Reader to raise strange CRL parsing error:
  Note:
  the CRL is currently valid
  the errors "propagates" also on the OCSP responses
  the file is timestamped before the certificate revocation.
  the error is reproducible everytime and with different signature/CAs: personally I've tried with Frenc, Italian and Spanish signed evidences.
  Below the exceprt from the CertificateViewer-->ErrorInformation window
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z              
  CRL has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z
  CRL has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z
  CRL has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z
  CRL has expired or is not yet valid____________________________________________________________
  OCSP response has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z
  CRL has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
  This update: 20120123110005Z
  Next update: 20120124110005Z
  CRL has expired or is not yet valid____________________________________________________________
  or, for example
  CRL processing error
  Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
  This update: 20120305161509Z
  Next update: 20120305172400Z
  CRL has expired or is not yet valid____________________________________________________________
  OCSP response has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
  This update: 20120305161509Z
  Next update: 20120305172400Z
  CRL has expired or is not yet valid____________________________________________________________
  CRL processing error
  Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
  This update: 20120305161509Z
  Next update: 20120305172400Z
  CRL has expired or is not yet valid

  Hello
  This issue dates back from 2012 and is still in Adobe Reader XI and DC. The behaviour seems to happen when a certificate has expired, there are no embedded CRL/OCSP responses and Reader is configured to validate at the time the signature was made. It goes online to check revocation based on the currently available CRL which is evidently NOT the CRL that was used at the time of signature, and fails with the "...not yet valid..." error message. If the certificate is not in the CRL, it should just forget about it and check if the signature date is between the certificate notBefore and notAfter dates.
  Can someone from Adobe just confirm if this is an actual bug or the intended behaviour ?
  Thank you.

• Digital signature and certificates on Mail

  Hello All,
  I'm new using mac and i have a token with my digital certificate. So i wanna know:
  How can i use subscribe or use a digital signature on Mail. How can i use my certificate to sign the message.
  Thanks,
  Altemir Pacheco

  Altemir ... It's important that the certificate has been created for the e-mail address you want to use as sender e-mail. Your certificate needs to be imported into keychain. Keychain only accepts certificates in a number of formats, among them .p12. You can import in a number of ways, you can for example drop your .p12 file (the certificate) on the keychain icon. Then open keychain and check whether the certificate is visible under "my certificates". It has to appear there and it has to show as "valid" and not as "expired". Control-click on the certificate and set-up a new preferred identity for your e-mail address (I am not sure whether this step actually does any difference but give it a try). Close mail.app and restart mail.app. When you now create a new e-mail and you choose as sender e-mail the e-mail address for which you have the certificate then you should see on the right side, just below the subject line a little symbol which you can click on for activating the signature for the e-mail your writing. Hope all this works.

• Message level security: difference digital signature and certificate

  Hi everybody,
  could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
  Thans
  Regards Mario

  Mario,
  A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
  A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
  where as
  A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
  hope it helps u.
  --Archana

• Digital Signature Expiration

  We are currently running 5.1 SP6 and are a little confussed with all the release notes that have been posted regarding the digital signature expiration as to whether or not our version will be affected by this.  From the most current release notes, it sounds like versions BPC 7M SP3, BPC 5.1 SP7, BPC 5.1 SP8, and CPM 4.2 SP05 Patch 1 are the only ones that will be affected.  Is this true?
  It also sounds like it is more of a nusance than anything because you will recieve a warrning message if your security level is set to very high so you would have to change your security to a lower level.  It doesn't sound like any system funcationality will be affected.  Is this also true?

  The digital signatures are for our excel components (add-ins). They must be signed (by verisign for example) in order for excel to allow them to run. The certificates expire, really they are not supposed to but there was a glitch in the these particular builds that allows them to expire, once they expire it could render BPC for Office unusable. This depends on Office's macro security, for example, if in excel your macro security is set to High, when you run BPC you will get a message that says the macros are unsigned and won't them be invoked. If you macro security is set to medium you will only get a warning and it will let BPC load if you click Ok on the warning.
  These are the only versions that are effected.
  Links to SAP notes with more information on the patch and to download the patch:
  4.2 SP5 - https://service.sap.com/sap/support/notes/1334222 
  5.1 SP7 - https://service.sap.com/sap/support/notes/1334157
  5.1 SP8 - https://service.sap.com/sap/support/notes/1334216
  7.0 SP3 - https://service.sap.com/sap/support/notes/1334217
  Hope this helps.

• Linksys Routers not accessable via HTTPS and This certificate has an invalid digital signature.

  please help cannot logon to my router.
  how to install custome certificate with ssh?
  This is happing when certificate give me error: "This certificate has an invalid digital signature."
  Why not imlement update with ease import of custome certificate?
  I send many request to support but zero result.
  ig you google it this problem you will see that only cisco goods have this problem and no one care about that according cisco support. why? I will never buy cisco product. 

  I try different browsers and they all have certificate notice alert.
  New IE on win8 by default not allow to enter secure page with expire certificates.
  I hope that cisco will make new firmeware with functionality to add costume certificate pfx for example.
  Cisco support lower encryption type. Every new windows encrase cryptograpgi that IE support by default. Look IE about to see type 64 or 128 or 256…
  On xp will work good, but we are now in era of win 8 with IE that support by default 128 or 256 depending home or server version.

• How to extract certificates from IE for digital signature

  hi
  how to extract certificates from the cert store provided by Internet Explorer 6.0 and use it to read & verify the digital signatures present in the pc.this is needed in my web based application n i have no idea!!!
  pls help me out
  i have studied a lot about all JCA n JCE but the extraction part still baffles me!!!
  my application will be java based so i can make an applet/ servlet/ jsp
  drop your ideas as soon as u get time as i am stuck in the initial phase itself
  priya_16

  hi
  i've the same problem. i've found this solution, but you need download a JCE Provider that allow you to read the explorer certificate store.
  You can try this one: https://download.assembla.se/jceprovider/
  and the code:
  import se.assembla.*;
  public class Listcerts {  
       public static void list() throws Exception{
            java.security.Security.insertProviderAt(new se.assembla.jce.provider.ms.MSProvider(), 2);
            KeyStore ks = KeyStore.getInstance("MSKS","assembla");
            ks.load(null,null);
            X509Certificate cert=null;
            String alias=null;
            int count=0;
            for (java.util.Enumeration e=ks.aliases();e.hasMoreElements();){
                      alias=(String)e.nextElement();
                      cert=(X509Certificate)ks.getCertificate(alias);
                      System.out.println("\n Certificado alias"+alias+":");
                      System.out.println(cert);
                 count++;
            System.out.println ("NUM CERTS="+count);
  now, i need the same solution for Firefox browser XP
  good luck
  Message was edited by:
  meteko

• Digital Signatures and Certificates

  I use Adobe Profession 8,
  I installed a certifcate on my computer (certnew.cer) which has my informations and stuff on it.. ok so far. We have our own certificate server.
  When i try to apply a signature on a pdf i created, my name is not on the list (Adobe). The only options i have is to create one or import one (.pfx, .p12). I dont mind importing one but it cant import .cer files.
  Testing on another computer, after installing his certificate, his name was shown on the list in adobe.
  Is there something that I can be doing wrong?
  Is there are way to import a .cer file instead of a .pfx, .p12?
  Is there an easy method of converting a .cer to .pfx (.p12) apart from using Windows Drivers Kit?

  A cer file doesn't have a private key. It contains a public key and other certificate data. Signing requires a digital ID which includes both the cert/public key and the private key, and these are usually stored in pfx/p12 files.
  Self-signed digital IDs are inherently less secure, but they can be made more secure if the recipient verifies the cert "thumbprints" that the signer shares ahead of time. . .
  Comprehensive digital signature instructions exist in this doc:
  http://www.adobe.com/devnet/acrobat/pdfs/digsig_user_guide.pdf
  See also other security related docs on:
  http://www.adobe.com/devnet/acrobat/security.html
  ben

• Digital Signatures and Certificate Authorities

  My users are wanting a way to sign PDF documents, and have them verified for internal and external receipients. We are currently using Acrobat 9 Standard. I know you can create signatures and 'self-sign' them, but those are only trusted if the receipient manually adds them to their 'Trusted' people.
  From my reading, it looks like we need to purchase a third party code signing certificate, such as the following: http://www.verisign.com/code-signing/
  My question is, what do we need to do to make that certificate availbable to my users to use for their signatures? I'm having a hard time finding documentation on this part.

  Here's a good starting point for understanding how CDS and AATL work with Acrobat and Reader: http://learn.adobe.com/wiki/display/security/Digital+Signatures+101
  Another option you should look into is Adobe EchoSign: http://blogs.adobe.com/acrobat/tag/echosign

• How can I create digital signatures for my users using Windows 2008 Active Directory Certificate Services?

  Hi,
  I need to create local digital signatures for my users. How can I do that using W2k8 Active Directory Certificate Services? We are gonna sign Office 2010 documents.
  What company offers cheap digital signatures solutions?
  Thanks in advanced

  Consider the following:
  if you use your local CA server to issue digital signature certificates, there is no cost, because you are eligible to issue so many certificates as you need. However, documents signed by these certificates will be considered trusted only within your AD
  forest and other machines that explicitly trust your local CA. Any external client will not trust your signatures.
  If you want to make your signature trusted outside your network (say, in worldwide), you need to pruchase a certificate from trusted commercial CA (VeriSign, GoDaddy, GlobalSign, StartCom, etc) according to respective vendor price list. In that case you
  don't need to have your local CA server, because it is not used. All certificate management is performed by the external CA. A most common scenario is to purchase signing certificate for particular departament principals (head managers) or few certificates
  for a whole company (all documents are revised by a responsible person or persons who holds signing certificate and sign them after review).
  so, it is not clear from your post what exactly you need.
  My weblog: http://en-us.sysadmins.lv
  PowerShell PKI Module: http://pspki.codeplex.com
  Windows PKI reference:
  on TechNet wiki

• Digital Signature on TDS certificate - Vendors

  Dear All,
  Their is possiblity to insert digital signature on TDS certificate given to employees(form 16), but is their any chance of inseting the digital signature on TDS certificate given to Vendors.
  Thanks & Regards
  Krishna Chaitanya

  Hi,
  Thanks for your reply.
  I allready worked on this SAP note.
  But there are some configurations like ADS,SSL in Java and ABAP instances.
  I did the configuration of ADS,SSL in both the instances.
  I followed the blog of Dezso Pap "ADS SSL configuration journal I. / ABAP -> JAVA / 640 - 70x
  But when i test the program FP_PDF_TEST_00 i'am getting an error message "SOAP runtime exception."
  I feel some problem in SSL certificates.I'am working on it.
  With Regards,
  Pradeep.B

• Digital Signature on Vendor TDS Certificate

  Hi,
  We have to implement digital signature on vendor TDS certificate. Is it
  applicable in SAP? Is there any SAP release regarding digital signature
  on vendor TDS certificate?
  Regadrs,
  Ranjeet

  Hi,
  Please confirm first since for Form 16A also there is a requirement of Digital Signatory. Refer the link
  Regards,
  Shridhar
  [Form 16A|http://sukhfinance.blogspot.com/2011/05/tds-certificates-in-form-no-16a-to_18.html]

• Automatically renewing certificates for digital signatures

  Is it possible to setup some form of system that automatically renews the user certificate for digital signatures? If so, where can i find information on this?

  Hi - these are all reader extended through Livecycle ES Reader extensions and are signed by users in Reader. What I am asking is if anyone has an idea where this behaviour is declared, so that I can change it.

• Adobe XI when i use signature option i try to use rectangle, it gives option of certificate signature, does not give me webcam or digital signature or any other option to sign

  when i use signature option i try to use rectangle, it gives option of certificate signature, does not give me webcam or digital signature or any other option to sign, have downgraded to Adobe X, no options show. Have upgraded back to XI no change. Free software I am using currently.

  There are two types of signatures in PDF: electronic signatures, which are just images (stamps, text, image) and digital signatures.
  If you want to use electronic signatures in Acrobat XI go to Fill&Sign->Place Signature. If a drag rectangle for the digital signature dialog comes up, you have selected digital signatures and Acrobat/Reader remembered it. Cancel it, go back to Fill&Sign->Place Signature and click a triangle to the left of "Place Signature". Then click on "Changed Saved Signature" and select the electronic signature type you want to use.
  If you want to use digital signatures you can create custom digital signature appearance. Go to Edit->Preferences->Signatures->Creation&Appearance->More. In the "Appearances" section click "New". You will be presented with the dialog that allows you to create a custom appearance. If you want to put there your picture or image of your ink signature, you need to prepare this image as a file beforehand, select "Image" radio button, browse to the location of your image file. In Reader you can use only PDF as your image file. In Acrobat you can use many more file formats: JPEG, PNG, etc.