Certificate store only valid for one machine
Hello all,
I'm new in the world of digital certificates and I've found one little big problem that is driving me crazy. I'm using a certificate to establish a SSL connection between a web server and a client browser. This certificate (I'm using Tomcat) is inside a keystore (a jks file). The problem is that this certificate is really important, and the people that provides it does not want it to be used by anyone, so they don�t want anyone to be able to export the private key inside it.
As I have to include the password to the certificate and the store is a config file, if someone enters in the system as the tomcat user and copies the jks file and also copies the password, will have all the control over the certificate, and will can use it.
The only solution to this problem I can think of is, and I don�t know if it is possible, is to include the certificate in a computer-dependant keystore. Is there a way to do it? Is there any other method to prevent someone with the privileges of the tomcat user to use the certificate?
Thank you all in advance :)
If I understand your problem correctly, then I don't think there is anything you can do short of using a hardware security module (HSM). And even an HSM is not a magical device that can prevent you from using it insecurely. For example, you suggest that you cannot prevent an unauthorized user from logging on with the same account as Tomcat. In that case, even if the private key never leaves the HSM it is still available for private-key operations, a severe weakness. Thus, at a minimum, you must at least ensure that only authorized users have access to the private key regardless of how it stored.
It is certainly possible to create a computer-dependent keystore, but all such schemes that I am aware are essentially just obfuscation.
Similar Messages
-
50.28.68.31:2087 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for <a id="cert_domain_link" title="new.thelifeincomegroup.com">new.thelifeincomegroup.com</a>
(Error code: sec_error_untrusted_issuer)See https://support.mozilla.org/kb/Secure+Connection+Failed
-
sir, each time when i open my browser i'm facing such type of error certificate and closing browser at the same instant. i don't know how to fix it please help me
Hi,
If you click on the certificate '''Details''' it would show the root Certificate Authority (the topmost one) and any intermediate CAs that signed/issued this security certificate. You would need at least the root CA certificate to be installed ('''Import''') and trusted in the Firefox certificate database ('''Tools '''('''Alt '''+ '''T''') > '''Options '''> '''Advanced '''> '''Encryption '''> '''View Certificates''' > '''Authorities'''), though sometimes depending on the server configuration you may need all the certificates in the hierarchy to be installed.
[https://support.mozilla.org/en-US/kb/Options%20window%20-%20Advanced%20panel?as=u Options > Advanced]
[https://support.mozilla.org/en-US/kb/Options%20window Options] -
I have moved from Ireland to the USA and now (legally) live in Seattle. When I try to login to the iTunes store here in the USA, I get a message telling me that my Apple ID is only valid for purchases from the Ireland iTunes store. What moron put in a restriction like that? Apple is now telling me that although I can legally move from one country to another and take up residence, I can not travel globally with my Apple ID? What use is having an Apple ID then as I can travel and buy globally with Amazon?
Do NOT create another ID. Change the country of your present ID.
App Store Frequently Asked Questions (FAQ) - http://support.apple.com/kb/HT2001 when using iTunes --> "To change countries, scroll to the end of the iTunes Store home page and click the flag indicating the current country. To choose a different country, click the appropriate flag."
iOS: Changing the signed-in iTunes Store account - http://support.apple.com/kb/HT1311 - Change your iTunes Store country: "Sign in to the account for the iTunes Store region you'd like to use. Tap Settings > iTunes & App Stores > Apple ID: > View Apple ID > Country/Region."
You will, of course, need to change your address and enter valid credit card information after you have changed the settings.
iTunes Store: Changing Account Information - http://support.apple.com/kb/HT1918
Further tips on changing country - https://discussions.apple.com/message/20029737 - problems you encounter when changing iTunes country
Realize, however, just as you can no longer visit your old public library in Ireland you also no longer have access to the store or your purchases made there. You can continue to use them as they are on your computer now but that makes it all the more important you maintain backups in case of loss. If you upgrade an app I think you will have to pay for it again since you no longer have access to the Irish Store. -
I moved from Japan to Australia. I need to change from Japan App Store to the Australian App Store. I get the following message every time I try using My MacID which was set up in Japan: "This Apple ID is only valid for purchases in the Japanese iTunes Store. You will be switched to that Store." At one point... by which path I do not remember... I was instructed to created a new ID. I fill out the new ID forms, but the address is rejected each time... quite confusing. Does it want a new name? But it says I cannot use an apple domain (tag?) even though I guess it has to be an apple address... ? So I have iTunes crdit cards purchansed in Australia, can't spend in AUstralian iTunes Store, get directed back to Japan each time, and can't open a new ID... What am I doing wrong? Thank you in advance. John. Australia.
You must have a separate Apple ID registered in the other store along with a valid bank-issued charge card in the other country, and a legal billing address in the other country.
Sorry... But... You cannot use other countries itunes stores.
You must be within the Country with a Valid Billing Address and Credit Card for that Country to use the iTunes Store of that Country..
iTunes Store Terms of Service
http://www.apple.com/legal/itunes/us/terms.html#SERVICE -
"This Apple ID is only valid for purchase in the US store" and I'm in the PH?
Hi! So originally my Billing Info was set in the US and today I wanted to upgrade my MBP to OS ML. I'm in the PH now so I changed my Billing Info and set it to my address here in the Philippines, but everytime I hit that "Buy App" button in the App Store and log in, I'm always taken to my Billing Info and even though I already changed my account info, the address that's displayed there is still the US one. I tried to change the country numerous times and set it to PH, but I always get the message saying my Apple ID is only valid for purchase in the US. I'm taken to the US store afterwards, and after I hit "Buy App" the same thing happens over and over again.
I've been trying to figure this out for over an hour now. What else can I do?Try contacting the App Store support folks - http://www.apple.com/support/mac/app-store/.
I sort of understand what's going on, but not sure why you weren't able to rectify the problem. Maybe the support folks can help.
Clinton -
Code is only valid for users of store
Help....
Ive just gifted an app to my son as I often do and when he tries to redeem it it says "This code is only valid for customers of the Store".
Ive looked this up and normally it will involve someone from one country trying to gift an app to someone in another country but with me this is not the case.
My son lives in the same country, the same address everything.
The app was called Kick the buddy: Second kick
Can anyone please help
Thank youThanks to James, I have just had a reply saying that they do not know why this error has occured but they have refunded my purchase costs.
Good luck to anyone who has the same problem -
I get this error message when redeeming an app from the apple "Aproved" website "Appexchanger" which is when you check out free apps and get credits to get paid apps, but i am in canada and everytime i go to redeem one i get "This code is only valid for customers of the USA Store." i think this is unfair because ive done what theve asked and theres nothing on the site that says "US ONLY" and the people who made it wont even contact me back! Please help i just want some apps!
Just FYI, Appexchanger is not "approved" by Apple in any way that I can detect. Apple does not appear to have any connection of any sort with that company other than as a customer.
This company looks to me to be nothing more than a way to harvest email addresses and other content information to sell to other companies, getting you onto all sorts of spam lists. I don't for one minute believe their claim that they won't sell your information (and if they don't, it's s good bet at least one if nor more of the developers will). But in any case, as Jay said, any problems or issues you may have with that company will have to be taken up with them. This is not an Apple issue.
Regards. -
Apple ID only valid for purchases in Turkish Store
Folks,
I recently decide to move USA, for starting on right food applied for a software bootcamp and accepted. Bootcamp send me some preperation material just for being ready until the course but those books send via Amazon and I need to download Kindle app for reading them and this is where my problem starts.
App store do not let me download the Amazon Kindle app by giving the error "This Apple ID only valid for purchases in the Turkish iTunes store, so I understand the free Kindle app is not downloadable from my country then I updated my Apple contact as my course address and phone and change the Apple country inside iTunes but still getting same country related error.
Restart my Macbook with the hope of making the address change effective but it is not being effective. So is there any way available for me to download that Kindle app.
Thank you in advance,Hey,
Yes, Apple support offered me a solution but this solution involving backing up all my iTunes purchases(they won't be available after country change) and needs a US credit card or at least a gift card for changing the country. So I decide not to change country until moving there completely. By the way all those country restrictions do not make sense for me.
One world, one flag, one language that's what I want -
"This code is only valid for customers of the store." - LOTR digital download
I have the codes to download the LOTR trilogy for digital copies, and the first and third movies download fine, but whenever I input the code for the second movie, iTunes keeps saying "This code is only valid for customers of the store." What is the problem?
And I am in the United States, downloading for myself.Just FYI, Appexchanger is not "approved" by Apple in any way that I can detect. Apple does not appear to have any connection of any sort with that company other than as a customer.
This company looks to me to be nothing more than a way to harvest email addresses and other content information to sell to other companies, getting you onto all sorts of spam lists. I don't for one minute believe their claim that they won't sell your information (and if they don't, it's s good bet at least one if nor more of the developers will). But in any case, as Jay said, any problems or issues you may have with that company will have to be taken up with them. This is not an Apple issue.
Regards. -
"this code is only valid for customers of the store"
i sent code of gift apps but he can not redeem
It error "this code is only valid for customers of the store"
My country of apple id is Thailand and his Thailand too.Just FYI, Appexchanger is not "approved" by Apple in any way that I can detect. Apple does not appear to have any connection of any sort with that company other than as a customer.
This company looks to me to be nothing more than a way to harvest email addresses and other content information to sell to other companies, getting you onto all sorts of spam lists. I don't for one minute believe their claim that they won't sell your information (and if they don't, it's s good bet at least one if nor more of the developers will). But in any case, as Jay said, any problems or issues you may have with that company will have to be taken up with them. This is not an Apple issue.
Regards. -
I have a Belgian Apple ID, but want to use the UK i-tunes store. I get a dialogue box saying "This Apple ID is only valid for purchases in the Belgian itune store". Is there any way around this? Thanks, Jackie and Manuel
When you move to Portugal (very nice, I've just come back from visiting Cascais/Sintra/Sines ) I think you'll just get re-directed to Portuguese iTunes. When I moved to France from the UK I got re-directed to the French store.
To view UK programmes in France I used to subscribe to a VPN server through https://www.my-private-network.co.uk/ (there are others, but very pleased with their service). The catch-up channels (iPlayer, etc) think you're in the UK so you can watch the programmes online. Wouldn't work with iTunes UK store though . -
"This Apple ID is only valid for use in the Canadian Store." - but I'm in Canada!
I just restored my iPad, and am using a new Apple ID on it, that I just created.
When I try to download apps from the App Store, I get the following notice: "This Apple ID is only valid for use in the Canadian Store."... but I live in Canada!
I checked in Settings > General > International > Region Format, and it does indeed say Canada. I also checked my region from within my Apple ID account, and it also says Canada.
I'm at a loss here guys, can anyone shed some light on how to rectify this situation?
Thanks!
PS: I also should mention that before I restored my iPad, I didn't have this problem. Only with the new Apple ID.
Message was edited by: JTousignantYou do have a credit card with a Canadian billing address registered to the new account do you not? In other words, you are not trying to use a credit card with a U.S. billing address are you?
-
This apple id is only valid for purchases in the australian itunes store. I'M BRITISH!
PLEASE READ
So my mum just bought a phone today, she's not really a techy person so she bought a cheap iPhone 3GS and she asked me to set it up for her.
I made a new email address for her and made an Apple ID for her. I just verified the email for her with Apple and it opened my iTunes and a message popped up and it said "This apple id is only valid for purchases in the australian itunes store. You will be switched to that store".
I don't know why this has happened, i've used mine for my iPhone for ages and that's had no problems.
We live in the UK and we always have, so why's it saying this?
Any help please?
Thank you.WOW, OK. I just changed my country to UK. And now i'm entering my mums bank stuff, and the address already there is someone in australia. Earlier on it said that my mums email (that i made 10 mins before) already exists. So i reset the password. So how can there be 2 email addresses that are the same? I'm lost!
I'm just gonna make a whole new email with a whole new apple id! No more hotmail for me. -
"only valid for customers of the U.S. store"...but I AM in the US
I have been unable to redeem iTunes Starbucks "Pick of the Week" cards due to error message above. I think this started since I took a weekend trip to Canada and used my Canadian friend's wireless connection. But even with AirPort tuned off (I have a wired connection at home here in the US), I still get this error when I try to redeem at the iTunes Store (error: "only valid for customers of the U.S. store".) The only other recent change to my Mac is upgrading to Snow Leopard.
Is there a iTunes prefs I can delete or something?Do you have the *US iTunes Store* selected at the bottom of the main iTunes Store screen?
Maybe you are looking for
-
How to increase number of rows displayed in Essbase drill-through report?
Hi By default, the maximum number of rows per Essbase drill-through report (via Integration Services) is set to 1000. Could anyone tell me how to change this limit please? Regards Chandra
-
Unknown devices on Windows 8.1 on HP ENVY TouchSmart 15-j078ca
Hi, my HP ENVY TouchSmart 15-j078ca is showing 5 device errors under other devices. I will copy the hardware id for the 5 devices and if someone could tell me where I can download the device drivers for these 5 devices that would be greatly apprecia
-
Verizon telephone system for Mac OS X version 10.4.3
Hello, I have an iMac, OS X, version 10.4.3 I'm thinking about getting a Verizon, high-speed telephone system (whatever that means). The system would consist of two separate telephone lines. One line for the iMac computer and residential telephone; t
-
Dear All I want to generate Monthly performance report for the QM activity.. as per the below table. Please suggest the right way to create this query. Inspection description Accepted Rejected Rejected % Under te
-
Need help with Cluster of Buttons displaying a message to which button is being pressed.
Create a VI with a cluster of six buttons labeled Option1-Option6. When executing, the VI should wait for the user to press one of the buttons. When a button is pressed, use the Display Message To User Express VI to indicate which option was selected