Coldfusion secure FTP & digital certificates

Similar Messages

• WS Security digital certificate question

  I have a BPEL process which I have secured using OWSM. I am using digital certificates which I have generated using the keytool command.
  Say I have two clients A and B and both have their certificates and send the messages. The request contains a field called sender. A should specify this field as A, and B should specify this as B. How do I verify that A send the message in which the the sender is specified as A.
  I want to validate against the digital certificate belongs to sender A. He does not fool me by providing the certificate of A but in the message sends the sender as B.
  Is this scenario valid? If yes how to resolve if not why not?
  Thanks in advance for your help.
  Regards,
  Sash

  this is not really a certificate issue. Its more of your application / process and where you want to handle this validation. (either at OWSM or else where).
  When Sender A is digitally signing the message it is coming only from A (unless the private key / cert is stolen, etc). It A itself sends wrong value for sender field, they are not sending message as per your schema.
  To answer your question, yes you can validate if the sender field matches with one of the fields in your cert such as Organization Name or you can map to your database. You have to write a custom step in OWSM to match the certificate information with the sender field.
  Thanks
  Ram

• Message level security: difference digital signature and certificate

  Hi everybody,
  could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
  Thans
  Regards Mario

  Mario,
  A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
  A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
  where as
  A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
  hope it helps u.
  --Archana

• Can XML Publisher add a digital certificate (cert.pfx) via the xdo.cfg file or do I need to upgrade and use BI Publisher instead?

  Hi Guys
  I need to add a digital certificate to a clients customer statements and invoices. XML Publisher 5.6.3 has been used originally to design the templates as RTF. I have the following questions please...
  1. Can an RTF template be used or do I need to convert it to a pdf template?
  2. Can XML publisher even be used or do I need to get the DBAs to install BI Publisher. XML Publisher doesn't even have the signature properties in the admin screens that BI Publisher has.
  Below is a copy of the xdo.cfg file which currently does not add the pfx file...
  <config version="1.0.0"  xmlns="http://xmlns.oracle.com/oxp/config/">
  <properties>
     <property name="system-temp-dir">/tmp</property>
     <property name="pdf-security">false</property>
     <property name="pdf-open-password">testpass</property>
     <property name="pdf-permissions-password">testpass</property>
     <property name="pdf-encryption-level">1</property>
     <property name="pdf-no-printing">true</property>
     <property name="pdf-no-changing-the-document">true</property>
     <property name="signature-enable">true</property>
     <property name="signature-pkcs12-path">/app/oracle/product/appldev/apps/apps_st/appl/xdo/12.0.0/resource/digcert.pfx</property>
     <property name="signature-pkcs12-password">testpass</property>
     <property name="signature-field-location">top-left</property>
     <property name="signature-reason">taxreasons</property>
     <property name="signature-signed-at">Cape Town</property>
     <property name="signature-display-style">detailed</property>
  </properties>
  </config>
  Any help will be greatly appreciated.

  thanks for the summary of the many posts and threads describing all of these steps.

• Need CCA Digital Certificate

  HI,
  I am working on one project POC, where i need to use CCA webservices, but when i run java program i am getting error "sun.security.validator.ValidatorException: No trusted certificate found".
  I think, I need to install digital certificate of CCA, but I don't know from where i can get this. I am having account in CCA.
  Regards,
  Deepak

  Hello
  I dont think you can delete the certificates in the QC51. You can only store or archive the certificate attached to each certificate numbers
  Regards
  Gajesh

• Digital Certificate of SAP AG from VeriSign expired on 26.02.2005 ?

  Hi,
  When we open BEx, Security Warning screen of office 2003 appears. Although SAP note says that "click 'Always trust macros from this publisher'", this check is grayed out.It is because Validity of Digital Certificate is 26.02.2005.
  Question is ;
  is there a newer version of *.xla with new Digital certificate? or any other comment which we don't encounter this screen everytime we start BEx without lowering the security settings?
  Thanks &B Regards

  Sinan,
    We are experiencing the same exact problem. How did you fix this issue??
  Regards,
  Vinay

• CIDX Adopter Digital Certificates

  Guys,
  Here is the scenario..
  We are getting the HTTPS message from external system to XI.
  We are using CIDX Adopter to read external message and validate the digital certificates and map to ORDERS05 Idoc. As soon I trigger the message from external system (HTTPS message), I am seeing message in XI RWB adopter engine, when CIDX adopter is trying the validate the digital signatures somehow it is pointing to J2EE_GUSET user. And it is giving error as below mention.
  <b>ERROR</b>
  "Signature verification failed, alerted;Error when accessing keystore:service_ssl
  Signature verification failed, alerted
  Unexpected error while packing the CIDX message -
  null
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Error encountered while receiving inbound action; See nested exception for detailed error message -
  Message Processing caused Failure. -
  Message Processing caused Failure. -
  BTD handler indicated processing error
  Delivery of the message to the application using connection CIDXAdapter failed, due to: Error encountered while receiving inbound action; See nested exception for detailed error message. "
  <b>Regarding Digital Certificates</b>
        We got the digital certificates from my external party and installed and
         created the Key stores in XI Visual Administration tool.
         We configured in sender agreement by selecting those key stores..
  Can any one help me on how to resolve the issue, is there any problem in Visual Admin Toll, while installing the certificates..
  Thanks
  Murali
  Message was edited by:
          Murali Babu Pallabothula

  HI,
  See the below links
  HTTP* Errors /people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  also see the below links may be useful..
  See the below links
  /people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
  SAP Java Cryptographic Toolkit
  http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
  http://help.sap.com/saphelp_nw04/helpdata/en/fb/322f41d606ef23e10000000a155106/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/45/341a2176b74002e10000000a155369/frameset.htm
  Also see the below threads.
  how to deal with digital signatures when converting messages?
  Certificates Vs Digital Signatures
  Security Issues: SSL on SOAP Adapter and Digital Signature in BPM
  message level security: difference digital signature and certificate
  Loading Invoice XML IDoc with digital signature via XI into R/3
  Regards
  CHilla

• Secure PDF using certificate

  Hi All,
  I'm developing a secure PDF using certificate.
  When I open the PDF I get acrobat security saying " A digital ID was used to encrypt this document but no digital ID is present to decrypt it.Make sure your digital ID is properly installed or contact the document author. "
  Any help in resolving this issue is appreciated?

  I have the exact same problem with the following exception:
  I encrypted a portfolio with a public key for a committee, including myself, using our public keys to allow just us to be able to open the portfolio. This worked as it should with Acrobat 9.4.1 and Reader 9.4.1.
  When I updated to Adobe Reader X, I got the infamous
  "Acrobat Security
  A digital ID was used to encrypt this document but no digital ID is present to decrypt it. Make sure your digital ID is properly installed or contact the document author" message.
  On this same computer I can open the portfolio with Acrobat 9.4.1 and it doesn't prompt me for a password. When I open the same portfolio with Adobe Reader X, it asks for the password and gives the message.
  When I upgraded to Reader X, I completely  removed Reader 9 prior to loading Reader X. After a successful upgrade, I set my preferences to match what I had with Reader 9. Next, I re-established my security settings as follows:
  1) Edit>Protection>Security Settings - then set the same private key as before, and
  2) Edit>Protection>Manage Trusted Identities - then set the same public keys as before.
  It should have worked, right?

• A site is telling me that i have no digital certificate installed....

  Hi. Trying to access a page on the Spanish version of the IRS, to file a tax document here. I can't get access to the page (or any of their secure pages), and I get this message, which has been Google translated:
  ''The error "403 byrule" is a mistaken identity. Occurs when you try to access an option that requires electronic certificate and the browser does not detect that one is installed or not properly selected. If the choice of the certificate you get a page that says "page can not be displayed" or similar error is possible that the certificate is damaged, changes or problems in the operating system or other causes. If possible, you should try to reinstall a valid copy of your certificate.
  This error in Firefox indicates that there is no digital certificate installed. Go to "Tools" "Options" ("Firefox", "Preferences" Mac "Edit" "Preferences" in Linux), "Advanced" and select the "Encryption". Click on the "View Certificates" and verify that your certificate is installed correctly. If no certificate on the tab "Your Certificates" will have to import a valid copy of the browser. If necessary, also refer to the instructions on importing certificates from our "Help" and the links that we propose below. Once the certificate is installed also make sure that Mozilla Firefox is configured correctly. This may refer to the "Installation, configuration and management of electronic certificates for Mozilla Firefox.''
  Under "view certificates" in preferences/encryption, "Your Certificates" is blank. And I don't see anything in "Authorities" that seems to relate to this website. In 'Servers" there were some exceptions I created (reluctantly) when the site asked for it. I deleted them, still not working."
  I've tried with both "Select one automatically" and "Ask me every time"
  Click on the page below, click on any of the links with a lock to see the resulting error.
  Thanks in advance.

  Thanks. You are very much on the right track, and I can't thank you enough. The page you sent me to is has the right link. But I can't just download the certificate, as you proposed. It's actually part of a significant security system. I went to the webpage that accompanied the link. I have to fill out a form, from that get a code... then go to a local gov't office, show my ID, get another code, then come back, input that, and get my personalized certificate. I'll let you know how it goes. But without you I have no idea how I'd even have gotten onto the right path. Thanks again.

• Asa ssh/vnc plugins digital certificates expired

  Hi,
  we've got our new asa set up now (more or less). But what gets us is that the Cisco ssh/vnc plugins and the java applet for port forwarding all come up with "digital certificate expired". Now this is not going to instill confidence in our users.
  We are running 8.0(4)3 and asdm 6.1(3) and the plugins are the latest available from Cisco's software download page
  (ssh-plugin.08030, vnc-plugin.080130).
  Are newer ones available?
  Thanks
  Dorothea

  BTW this could be of help:
  http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/asarn80.html#wp241924
  You probably want to install a code signer certificate.
  While this seems to be what you're looking for, I have never managed to generate a bundle such that Java doesn't complain at all anymore...

• Exporting Digital Certificates in Yosemite

  I just freshly installed Yosemite and my apps on my MBP, along with digital certificates for secured emailing. I'm trying to export these certificates from the Keychain for safekeeping but for some reason I can no longer export them as Personal Information Exchange Files (.p12). I get several other options but I'm not sure which option to choose, or if I should use any of those options. Any information will be greatly appreciated.

  It appears that this problem was related to the same problem in my other discussion, which you were kind enough to respond to, as well:
  Password Needed For Sending Emails - EVERYTIME
  After I reseted the keychain I was able to export as a .p12 file just fine.
  Correct me if I'm wrong, but it seems that only the .p12 format exports certificates with a paraphrase attached for security.

• What is the cost of a digital certificate?

  Is it free, or is there a cost to get a digital certificate?
  I am planning to distribute my application using Webstart JAWS.
  thanks,
  Anil

  thanks for the detailed info! I am checking out CACert. Verisign is $695/yr and Thawte is $150/yr.
  Anil
  As others have told you can create one yourself, but
  I believe if you buy one from Verisign or Thawte
  Webstart doesn't pop-up the dialog to accept the
  certificate and does it automatically. At least
  that's what I understood but I might be mistaken.
  Anyway, some links:
  - Verisign:
  http://www.verisign.com/products-services/security-ser
  vices/code-signing/digital-ids-code-signing/index.html
  - Thawte:
  http://www.thawte.com/ssl-digital-certificates/code-si
  gning/index.html
  - CACert: http://www.cacert.org/ They have free
  certificates but I'm not sure they're trusted
  automatically by JWS.
  N.

• "Choose a digital certificate" pop up when save Excel spreadsheet in IE

  One reporting page in our SSL application will generate an Excel spreadsheet. User will be prompted to either Save it to harddrive or Open it within the IE.
  If user chooses to Open it inside IE, then go "File --> Save as", this "Choose a digital certificate" dialog box will pop up, but there's nothing to choose. User has to click on OK/Cancel for about 12 times before it actually allows user the save...
  to create this spread sheet from jsp page i haved used
  <%@ page language="java" contentType="application/vnd.ms-excel; charset=ISO-8859-1"
       pageEncoding="ISO-8859-1" %>

  I don't think this has nothing to do with Excel.
  Go to Tools - Internet Options - Security Tab and click on the "Custom Level" button. Then find the option: "Don't prompt for client certificate selection when no certificate or only one certificate exists" and set it to "enable"

• Secure FTP using FTPS (SSL/TLS) - need help!

  I am trying to use an FTP Sender Channel using Secure FTP.  I am currently getting a "java.net.ConnectException: Connection timed out: connect" error.
  I am on XI 3.0 with SP13. 
  Settings are FTPS (FTP Using SSL/TLS for Control and Data)
  Command Order Auth TLS, USER, PASS, PBSZ, PROT.
  I am able to connect from my pc using WSFTP Pro which looks to be using the same command order.  I made sure WSFTP Pro was set for passive connections as XI only supports this until SP15.
  I have asked our Basis support to make sure the proper ports are open that are used for the connection and file transfer.  They have deployed the Java Cryptographic Toolkit on XID, and changed the startup mode for SSL runtime from 'manual' to 'always'.  The site I will connect to uses a certificate from Equifax which was added to the TrustedCAs keystore view.  After still not being able to get a file, I also added the certificate of the site, which I was able to export from WSFTP Pro and import onto XI with STRUST.
  I have increased the J2EE trace for com.sap.aii.adapter.file to Debug, but I haven't been able to get much out of the log.  I see entries, such as some SSL activity and the timeout, but nothing that points me to an answer.  Of course, I really don't know what to look for.
  I have tried to connect to the remote server by name or ip with the same connection timeout. 
  I currently don't have it set to use X.509 certificate for Client Auth, but I did try a few of those options with no luck.
  Any pointers would be appreciated.
  Thanks,
  Eric Peterson

  Eric,
  Did you ever solve the problem ? I am having the same issue.
  Cheers
  Jon

• Fraudulent digital certificates issued for high-value websites, iOS patch ?

  http://www.zdnet.com/blog/security/microsoft-warns-fraudulent-digital-certificat es-issued-for-high-value-websites/8488?tag=nl.e589
  http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developer s-to-update-1213358.html
  this obviously means that iOS could be vulnerable. Mozilla has patched Firefox (all versions), MS just pushed an update, Google patched Chrome already a few days ago, how about Safari and iOS?
  edit: does iOS use OSCP validation?

  I see Safari desktop supports OCSP checking - if manually activated - but does Safari mobile too? as there's hardly any setting available for Safari on idevices it's hard to know...