CSS11501 Certificates & rsakey files

Can somebody please clear this up for me as I don't really understand the documentation.
I am trying to Import a VeriSign certificate to my CSS.
I Export the certificate from the Windows IIS server and it generates a .pfx file. I assume this includes the certificate & privtae rsakey.?
However, the CSS documentation shows the 'import' & 'associate' cet / rsakey as separate files but the IIS server just generates the one .pfx file..?
Do I associate bo the cert & rsakey with the same cert file - e.g.
ssl associate rsakey key1 cert1
ssl associate cert cert1 cert1.pfx
Is the above correct or is there something I'm missing.?
Thanks...John

Giles,
As ever - many thanks... This worked and got it sorted..Thanks
Just on another note - I'm also having a problem with the 'urlrewrite' finction within the SSL-Proxy-List,
The documentation says just add the 'urlrewrite www.mydomain.com' and any normal HTTP sessions that try and access the SSL module will be re-written but with HTTPS - this is what I want.
Unfortunately, this doesn't seem to work - when I try and access teh CSS from a browser just using //http://mydomain.com/... the page just times-out. It seems the SSL module just isn't picking it up.
I'm using standard Port 443 for the HTTPS sessions and this works fine. Is there something else that needs to be configured to get the urlrewrite function working..?
Thanks for all your help so far.
Cheers...John

Similar Messages

How to get the Server Certificate Chain File?

Hi all,
I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
documentation:
Generate a private key file, then submit to Verisign, get the certificate
file.
Because I have only one WebLogic server. I clear the "Server Certificate
Chain File" field.
But I get error message after reboot WebLogic. Following is the error
message:
<2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
figuration, java.lang.Exception: Required file server-certchain.pem which is
spe
cified by ServerCertificateChainFileName, was not found>
java.lang.Exception: Required file server-certchain.pem which is specified
by Se
rverCertificateChainFileName, was not found
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
enThread.java:152)
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
stenThread.java:180)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
My question is: Should I input the rootCA certificate into the Server
Certificate Chain File field? If yes, where can I get the rootCA certificate
file?
Thanks

[sorry, deleted irrelevant wrong answer]

Certificate Chain File

Hello,
I have certificates from two different CAs. How can I integrate them both in a root certificate chain file, so that the WLS accepts them both?
thnaks for zour help
hannele

What version of WLS? Are the CA's i PEM or DER format?
PaulF
Hannele <[email protected]> wrote in
news:3d6e2971$[email protected]:
Hello,
I have certificates from two different CAs. How can I integrate them
both in a root certificate chain file, so that the WLS accepts them
both? thnaks for zour help
hannele

Adding an SSL digial certificate ".cer" file using STRUST

Dears,
Could someome please guide to the steps of adding an SSL digital certificate (a file with extension ".cer") using transaction STRUST
Thanks
Reda

Dear Agasthuri,
Thank you for your reply.
The point is : whenever the https is installed on a SAP system, after issuing transaction STRUST, we find in the left pane three main nodes / folders : System PSE, SSL server Standard, SSL client SSL Client (Standar.
We also find a cuboid shaped icon named : File.
Whenever we right click on any of the three mentioned nodes / folders we get a pull down menu containing either two or three options : Replace, Delete or Change, Replace , Delete.
Whenever we right click on the cuboid shaped icon named : File, we get a pull down menu containing only one option : Create.
None of the above - mentioned options lead to creating a new main node / folder in the left pane.
Kindly advise.
Thanks.
Reda

Verisign certificate & Chain File Name

Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)

OK. Found out what it was.
The Server Certificate Chain File name is what Verisign calls the
Intermediate Certificate. So what you need to do is grab that cert off the
Verisign site, paste it into a new file on your server and put that file
name in as the path to the Chain File name.
New question: Why the 2 names for the same thing ? The documentation could
be a bit clearer here, as it's a very simple process that seems more
complicated than it needs to be (IMHO).
Brian Hall wrote:
Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)

How do I automate the import of a certificate (.cer) file within a silent install of FireFox 9.0.1?

I have created an msi package for FireFox v9.0.1 and I need to include registration of a security certificate (.cer file) in the install. I am deploying the msi via an installation vbScript with SCCM. This will allow me to either include the certificate registration in the msi or as a post-install task in the vbScript. Any assistance would be greatly appreciated.

See:
*http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
*http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/README

SSL for Weblogic 6.0: Server Certificate Chain File & Verisign

http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
Thanks for tips!

Unfortunately this is a missleading exception you are getting.
Here is a suggested workaround (at-least to get SSL working )
https://www.verisign.com/server/prg/browser/root.html
I have been meet same question as you.
The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
Jason Pettiss <[email protected]> wrote:
http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for.
I still don't understand why this is so difficult. Where do I get
this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using
a utility from OpenSSL. The format on that page is NOT .pem, what is
it? Which utility do I use, and HOW do I convert the root server
CA on that page to .der format?
Thanks for tips!

Generating certificates pem file

Hi,
I am new to configuring client side ssl, I understand
the client (which will actually run inside WLS 8.1) needs to specify programatically or by a system property a .pem file containing trusted servers certificates. So if I understand correctly, I might have a couple of certificates, each from a different server I will be communicating with, so how should I "merge" them into one .pem file? Shouldn't there be some command line tool available? Or should they simply be inserted manually into the same file with the
"-----BEGIN CERTIFICATE-----"
"-----END CERTIFICATE-----"
header/footer to seperate them?
Any help would be apreciated,
Thanks,
Uri.

That's also what I thought.
I am actually using BEA's JRockit but I suppose they have a keytool similar to the one sun provides.
I know how to import a CA certificate to a truststore,
The thing is I need to invoke a web service via ssl, and as I was reading through the docs I encountered this section, regarding the configuration of ssl client in WebLogic:
To configure basic SSL support for your client application, follow these steps:
Set the filename of the file containing trusted Certificate Authority (CA) certificates. Do this by either:
Setting the System property weblogic.webservice.client.ssl.trustedcertfile to the name of the file that contains a collection of PEM-encoded certificates.
Executing the BaseWLSSLAdapter.setTrustedCertificatesFile(String ca_filename) method in your client application.
(http://e-docs.bea.com/wls/docs81/webserv/security.html#1053203)
Maybe I missunderstood the text and PEM is simply the default encoding? that is, the encoding used for any JKS?

Installing certificate (.crt ) file through mobile safari browser

Hi,
I have requirement I need to download and install my server certificate through mobile safari browser.
I tried it it is able to downlaod it but it is not installing automatically. It is asking for manual click to install that certificate.
Is this iOS browser feature? is this happen with all server certificates ?
Is there a way by which I can make it automatic install. NO manual click should be required.
Thanks in advance.
Regards
iSPT

That crash is caused by a bug. The easiest way to recover from it seems to be to install Safari 6; however, Software Update won't find it and there's no official download link. Unofficially, you can download the update from here:
http://swcdn.apple.com/content/downloads/37/23/041-5058/lr5tynbldi18zcrqo8a8uq88 rnjushqliu/Safari6Lion.pkg
If you don't have a working web browser and can't download the file on another device, proceed as below. You should have received a notification of this message in email. Retrieve that notification in Mail. If you don't get email notifications, mail a copy of this message to yourself.
Launch the Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the page that opens.
In your mail client, triple-click the line below to select it, then drag or copy into the Terminal window — do not type — and press return:
cd Desktop; curl -O http://swcdn.apple.com/content/downloads/37/23/041-5058/lr5tynbldi18zcrqo8a8uq88 rnjushqliu/Safari6Lion.pkg
The update package will download to your Desktop. When the download is complete, a new line ending in a dollar sign ("$") will appear below what you entered. Quit Terminal and double-click the package file.

Adobe Director Xtra SDK Certificate File

Hello guys
I need help about Adobe Director Xtra Sdk.
I will programming xtra for Director, but SDK is very poor of instruction.
I cannot have my certificate ID file to package my xtra. The link in documentation is bad.
Any idea how to proceed to have certificate file ?
Tk
Maxime Ferron
Field Eng.
[email protected]

Sean,
Thanks for confirming what I suspected. And as it turns out one of my teammates did have the file I was missing.
Thanks,
Don Halsted

Load Security Certificate file ??

How I can load the Security Certificate (*.cer) file in java ??
Thanks

See the [CertificateFactory |http://java.sun.com/javase/6/docs/api/java/security/cert/CertificateFactory.html] class.

CSS 11503 - SSl - Unable to clear/delete rsakey

Hi,
We have recently configured an ssl redirect service on the CSS11503. This works great.
The css was then cleared of all configuration including all ssl cert/key associations inorder to test recovery.
The problem we are experiencing is that there is a rsakey file that is shown as existing but cannot be used or deleted.
Can anyone explain this?
Also when the generated digital certificates have been authenticated by Verisign. When trying to download to cisco a vendor code is required which we do not have?
Has anyone had similar problems?

Ravi,
There are multiple types supported by the CSS SSL Module and WebNS.
If you select apache, you will get a PEM certificate.
WIN2000 IIS 5 uses PKCS12, and NT IIS4 uses DER
PEM, DER, and PKCS12 is supported by the CSS.
This info can be found at
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a0080157875.html#1063169
I generally tell people to select apache, but the others should work. I agree, Cisco should be listed at the Apache website.

How Can i use the key file Generated by RSACryptoServiceProvider to encrypt with php?

I need to be able to encrypt data in PHP using a public key generate by .NET(RSACryptoServiceProvider). I will then decrypt the data later in C# using the private key.
Code Snippet
<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==<Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>
As you see this code snippet is a xml format private key. at .net platform,which can use encrypt or dencrypt.
i have try the Extension Crypt RSA ( http://pear.php.net/reference/Crypt_RSA-1.0.0/elementindex_Crypt_RSA.html ) to help me encrypt data by php.but it haven't return a currect result. the data encrypted by php cann't dencrypt by c#.
does the RSA algorithm provider by Crypt_RSA can give a stand result as c#?
BTW :i just use the xmlkeystring like this.
Code Snippet
<?php
require_once("Crypt/RSA.php");
require_once("includes/Utils.class.php");
 $public_key_string = simplexml_load_string("<RSAKeyValue><Modulus>xU5JyaPNDKXI/h/uo5Vk89wZSz3zsB1+c+1IMYIQa+mCmuRCRPuoBI7ODSV2ndP6grfhdrWEzhpZtkI3SThbBh/3t+tfZ2PF8Iyv9ECN07V64nPCiJGhAnfENE+J9UD9Kw5czXHgZcBbpM5N0VfXmLSleaS65DDoNPtoStVy7ss=</Modulus><Exponent>AQAB</Exponent>4ScAjVrPZii/6lICAP2yDQiNEmNL74+5AcxNVDI0IombfDPIygrqEWmuDu0pngApQak7XnEnLbaDChILFiHPZQ==<Q>4FaYlse+cjrlPD/jk+GsTJeuP7yuQx8ztjVnQWVh6GKQP+uk1dAl6kcZOfLNR6LWwE3CSygt8PthTEw96Zbabw==</Q><DP>XvXtNLE9UjATqYeHEtXtV7Pok/3PVC3A8PIzFzTJaluxeXP51sU9rbRt1hvO9rXIsMnooU+GH7Cfmgq8JEyERQ==</DP><DQ>HXkC/vwq9xLpvuqd2XXSjxV2XQVK16Knxo5pjFvnawJX9S3eMADymj7Q/534firUj9snZXxX3MsJ015I3AFnnQ==</DQ><InverseQ>AM0fVCE3n2FKf2zb3CcDEge1Ko35VvMEL+LXgR87QwO2HScZSuLevGLi2SSAkB1vu8RSNzB028SZReeOZWnq4Q==</InverseQ><D>fI+GKdRNOTTYhQZnw8Im74T+OvArjf2wvUMJlqfD8jyDBYIhDCfL1MTK9KW4Er+moSuxHR5Pb0ZXaKa4/HKlk0aJ1jB2C+jg7zTSuPRNuS16BpVHaJYsQurCwZwElXMum+GxeXK/h3wXWq5HwebjqZr0aLUMZKRcweDPRoVFiRE=</D></RSAKeyValue>");
 $key =new Crypt_RSA_Key(base64_decode($public_key_string->Modulus),base64_decode($public_key_string->Exponent),"public");
 echo "<pre>";
 print_r($key);
 echo "</pre>";
 $rsa_obj = new Crypt_RSA();
 //try encrypt data
 echo "encrypted result is: ".$rsa_obj->encrypt("this is a smple text.",$key)
 ?>
but the encrypted data cann't decrypt by c#?where is the problem?what should i do with php codes?

thank you for your reply, i also found this article by google.but this does not meet scene, thank you all the same.
i have already solved the problem now,i'd like to post the Solution .infact it's so easy to use rsakey file generated by .net .
-------------rsa.class.php-------------------
Code Snippet
<?php
* Some constants
define("BCCOMP_LARGER", 1);
class RSA
* PHP implementation of the RSA algorithm
* (C) Copyright 2004 Edsko de Vries, Ireland
* Licensed under the GNU Public License (GPL)
* This implementation has been verified against [3]
* (tested Java/PHP interoperability).
* References:
* [1] "Applied Cryptography", Bruce Schneier, John Wiley & Sons, 1996
* [2] "Prime Number Hide-and-Seek", Brian Raiter, Muppetlabs (online)
* [3] "The Bouncy Castle Crypto Package", Legion of the Bouncy Castle,
* (open source cryptography library for Java, online)
* [4] "PKCS #1: RSA Encryption Standard", RSA Laboratories Technical Note,
* version 1.5, revised November 1, 1993
* Functions that are meant to be used by the user of this PHP module.
* Notes:
* - $key and $modulus should be numbers in (decimal) string format
* - $message is expected to be binary data
* - $keylength should be a multiple of 8, and should be in bits
* - For rsa_encrypt/rsa_sign, the length of $message should not exceed
* ($keylength / 8) - 11 (as mandated by [4]).
* - rsa_encrypt and rsa_sign will automatically add padding to the message.
* For rsa_encrypt, this padding will consist of random values; for rsa_sign,
* padding will consist of the appropriate number of 0xFF values (see [4])
* - rsa_decrypt and rsa_verify will automatically remove message padding.
* - Blocks for decoding (rsa_decrypt, rsa_verify) should be exactly
* ($keylength / 8) bytes long.
* - rsa_encrypt and rsa_verify expect a public key; rsa_decrypt and rsa_sign
* expect a private key.
* rsa encrypt data
* @param binary string $message
* @param unknown_type $public_key
* @param numbers $modulus
* @param numbers $keylength
* @return binary data
function rsa_encrypt($message, $public_key, $modulus, $keylength)
 $padded = RSA::add_PKCS1_padding($message, true, $keylength / 8);
 $number = RSA::binary_to_number($padded);
 $encrypted = RSA::pow_mod($number, $public_key, $modulus);
 $result = RSA::number_to_binary($encrypted, $keylength / 8);
 return $result;
function rsa_decrypt($message, $private_key, $modulus, $keylength)
 $number = RSA::binary_to_number($message);
 $decrypted = RSA::pow_mod($number, $private_key, $modulus);
 $result = RSA::number_to_binary($decrypted, $keylength / 8);
 return RSA::remove_PKCS1_padding($result, $keylength / 8);
function rsa_sign($message, $private_key, $modulus, $keylength)
 $padded = RSA::add_PKCS1_padding($message, false, $keylength / 8);
 $number = RSA::binary_to_number($padded);
 $signed = RSA::pow_mod($number, $private_key, $modulus);
 $result = RSA::number_to_binary($signed, $keylength / 8);
 return $result;
function rsa_verify($message, $public_key, $modulus, $keylength)
 return RSA::rsa_decrypt($message, $public_key, $modulus, $keylength);
function rsa_kyp_verify($message, $public_key, $modulus, $keylength)
 $number = RSA::binary_to_number($message);
 $decrypted = RSA::pow_mod($number, $public_key, $modulus);
 $result = RSA::number_to_binary($decrypted, $keylength / 8);
 return RSA::remove_KYP_padding($result, $keylength / 8);
* The actual implementation.
* Requires BCMath support in PHP (compile with --enable-bcmath)
// Calculate (p ^ q) mod r
// We need some trickery to [2]:
// (a) Avoid calculating (p ^ q) before (p ^ q) mod r, because for typical RSA
// applications, (p ^ q) is going to be _WAY_ too large.
// (I mean, __WAY__ too large - won't fit in your computer's memory.)
// (b) Still be reasonably efficient.
// We assume p, q and r are all positive, and that r is non-zero.
// Note that the more simple algorithm of multiplying $p by itself $q times, and
// applying "mod $r" at every step is also valid, but is O($q), whereas this
// algorithm is O(log $q). Big difference.
// As far as I can see, the algorithm I use is optimal; there is no redundancy
// in the calculation of the partial results.
function pow_mod($p, $q, $r)
 // Extract powers of 2 from $q
 $factors = array();
 $div = $q;
 $power_of_two = 0;
 while(bccomp($div, "0") == BCCOMP_LARGER)
 $rem = bcmod($div, 2);
 $div = bcdiv($div, 2);
 if($rem) array_push($factors, $power_of_two);
 $power_of_two++;
 // Calculate partial results for each factor, using each partial result as a
 // starting point for the next. This depends of the factors of two being
 // generated in increasing order.
 $partial_results = array();
 $part_res = $p;
 $idx = 0;
 foreach($factors as $factor)
 while($idx < $factor)
 $part_res = bcpow($part_res, "2");
 $part_res = bcmod($part_res, $r);
 $idx++;
 array_push($partial_results, $part_res);
 // Calculate final result
 $result = "1";
 foreach($partial_results as $part_res)
 $result = bcmul($result, $part_res);
 $result = bcmod($result, $r);
 return $result;
// Function to add padding to a decrypted string
// We need to know if this is a private or a public key operation [4]
function add_PKCS1_padding($data, $isPublicKey, $blocksize)
 $pad_length = $blocksize - 3 - strlen($data);
 if($isPublicKey)
 $block_type = "\x02";
 $padding = "";
 for($i = 0; $i < $pad_length; $i++)
 $rnd = mt_rand(1, 255);
 $padding .= chr($rnd);
 else
 $block_type = "\x01";
 $padding = str_repeat("\xFF", $pad_length);
 return "\x00" . $block_type . $padding . "\x00" . $data;
// Remove padding from a decrypted string
// See [4] for more details.
function remove_PKCS1_padding($data, $blocksize)
 assert(strlen($data) == $blocksize);
 $data = substr($data, 1);
 // We cannot deal with block type 0
 if($data{0} == '\0')
 die("Block type 0 not implemented.");
 // Then the block type must be 1 or 2
 assert(($data{0} == "\x01") || ($data{0} == "\x02"));
 // Remove the padding
 $offset = strpos($data, "\0", 1);
 return substr($data, $offset + 1);
// Remove "kyp" padding
// (Non standard)
function remove_KYP_padding($data, $blocksize)
 assert(strlen($data) == $blocksize);
 $offset = strpos($data, "\0");
 return substr($data, 0, $offset);
// Convert binary data to a decimal number
function binary_to_number($data)
 $base = "256";
 $radix = "1";
 $result = "0";
 for($i = strlen($data) - 1; $i >= 0; $i--)
 $digit = ord($data{$i});
 $part_res = bcmul($digit, $radix);
 $result = bcadd($result, $part_res);
 $radix = bcmul($radix, $base);
 return $result;
// Convert a number back into binary form
function number_to_binary($number, $blocksize)
 $base = "256";
 $result = "";
 $div = $number;
 while($div > 0)
 $mod = bcmod($div, $base);
 $div = bcdiv($div, $base);
 $result = chr($mod) . $result;
 return str_pad($result, $blocksize, "\x00", STR_PAD_LEFT);
?>
-------------RSAProcessor.class.php------------------------
Code Snippet
<?php
require_once("rsa.class.php");
class RSAProcessor
private $public_key = null;
private $private_key = null;
private $modulus = null;
private $key_length = "1024";
public function __construct($xmlRsakey=null,$type=null)
 $xmlObj = null;
 if($xmlRsakey==null)
 $xmlObj = simplexml_load_file("xmlfile/RSAKey.xml");
 elseif($type==RSAKeyType::XMLFile)
 $xmlObj = simplexml_load_file($xmlRsakey);
 else
 $xmlObj = simplexml_load_string($xmlRsakey);
 $this->modulus = RSA::binary_to_number(base64_decode($xmlObj->Modulus));
 $this->public_key = RSA::binary_to_number(base64_decode($xmlObj->Exponent));
 $this->key_length = strlen(base64_decode($xmlObj->Modulus))*8;
* get public key
* @return string public key
public function getPublicKey()
 //return base64_encode(RSA::number_to_binary($this->public_key,($this->key_length)/8));
 return $this->public_key;
public function getPrivateKey()
 //return base64_encode(RSA::number_to_binary($this->private_key,($this->key_length)/8));
 return $this->private_key;
public function getKeyLength()
 return $this->key_length;
public function getModulus()
 return $this->modulus;
* encrypt data
* @param string $data
* @return base64 encoded binary string
public function encrypt($data)
 return base64_encode(RSA::rsa_encrypt($data,$this->public_key,$this->modulus,$this->key_length));
public function dencrypt($data)
 return RSA::rsa_decrypt($data,$this->private_key,$this->modulus,$this->key_length);
public function sign($data)
 return RSA::rsa_sign($data,$this->private_key,$this->modulus,$this->key_length);
public function verify($data)
 return RSA::rsa_verify($data,$this->public_key,$this->modulus,$this->key_length);
class RSAKeyType
const XMLFile = 0;
const XMLString = 1;
?>
-------------- encrypt data with public key-----------------
Code Snippet
<?php
require_once("RSAProcessor.class.php");
$processor = new RSAProcessor
("<RSAKeyValue><Modulus>m6ljoeWhmnd0oRnsVEH5iNw3B8+vKVu7v7CVfMyf6bnKEzHa62TRmT/baJiSevoI/vgm2ph/s1JrQQTaGiErHicigwSC
Aw7+i05WFbnz7tOyiiJJVMfsdd+v7Xan9Hiud05FzxoMbM8vpiMHPEIDbGJ1MiXyupTVkz2WcMHyBoJ4S189opktZ43pviUhy0PeuWkyoU7zR54akPmK
Yg+z5Zr1r7K8lUZ1a3TThfJGxTQR/uZMtZz/q8QF0AANVQ/eyahTv9icBzBoDuncS0Y5l3vqogW1C/ltJvhJpvSn/OgjbRjuixCAptOUmRd13sDWU95/
x0bMq+Lg68lj2OjJ1Q==</Modulus><Exponent>AQAB</Exponent>zfvdBsMLlmo+4PAUYLgSV2xyyVa7ZqFjkJaAE4EbYuH24EoZjrzeiJR++D
FUT/GUhjfZ5eZ/5e29dXwk0sKUw6nHzBdBtOPp5fr4t5SKLEcWY+J+zLUSOlhG9NUkohFf6+Miy2Y7BLpXVrcl6UwXV0ak8KkTPB2l/aIMwYj5dgc=<Q>wXV0sA3nDzoSDQA/4QSu/WIlBhkA3jZ7K7G9Z9rpP1A0vH+bZeyCIyo52u8ahGuYbubaizF1XMp+Xv3Mh2KmRbt7+UptwEwbFAUiiad2a312mqm
j7IJd7gRjGkyzKEm+6fpNeY3NFLNVNhccBqzhNkRoM22xnvQcImD10XVAakM=</Q><DP>wd1HdCLEWCfc0DYE59a2pINUMXyo2foRTDbpifHcRZ+ojAY
Rsc6+nsssCQnccXVMNVqBgSgEvfGYe+eAfMBX5SN5APPuioJrVGF2DsoFlZC+WPoGH0JYSoNlHO8yEDrMDaXzzH2GFHgQ1XOAged0nFbHzB1FFjJNVL5
cxRXWu6c=</DP><DQ>QDKuCk5SwubOXqoaiJ15RHRxPNjHRPZnYVSWOgSXKn9/QJ5H/0bA2NKGaHS4JAFgkEzjcRV0kNpRnUwztymxa6qPtWZRjWK0Ca
y6jVuZHIqB9UkeMLoCWZ3zFSMmwNPYGuUJGLFJwPjR6iU5E64C/nMs8QQR0WHIhFAQwvVZ7uk=</DQ><InverseQ>JckMSlJR10VZdnp83VPjrZ/Z+63
CGu3tWHm7f4DJ8IwjJWr8FlCpbSwiP6a4e9Upv6bUn/tOj2gY6MMq5G5yTKm2SCRvpUKRu4NCmWAt7vlFv0Z6pkXlTOpzvVjv3v16+dIZOA5Zn+v7+r1
xbdYdH20KRAbiBO3MfQP7s+VJJvM=</InverseQ><D>W1xrBr2hQOj1wgxWAgoK7IHbprEFrK+TnWmGA46SGPsbmHJ9fAVbY6fwHg7Wgmk4WHXLUCeLY
/Nu0eWIISfwh60Oe3ls2WC2k4qxyeSvQDBuLNb81U7WAUT9m9E1uK4QMCP3oxs1ybM80zTh7UMNgVK0WG+fbFUomVffcWTTqW+Fu12PEIO+UR/85oq+x
qVlTzYAEzt1OE9IhkYiRzi99ePXeH2gFltzJ/fb/7jLsDTkhM2eiYTGyOTZmBnen6c6a8b9LFTY4Bc0bGpk5ezHkub6F8p2ZgL/JgIOJMyRZICjDjs+9
k9PTmMTFsCF6xzHY15Fg25xIDYzIyx1rrRUjQ==</D></RSAKeyValue>",RSAKeyType::XMLString);
$rs = $processor->encrypt("Hello,It's Works.");
echo $rs;
?>
with the front codes.you can easy to encrypt data by public key generate by .net programe.

Getting error while installing the .p12 file in keychain access

Hi i am trying to install the certificate.p12 file in Keychain Access's Login section on my mac mini. For each .p12 file it showing "This certificate was signed by an unknown authority". But when i tried to install the same .p12 file on other machine, its got install and showing "This is a valid certificate" Before installing this .p12 file, i was able to install the .p12 file. But to install the new .p12 file, i had deleted all the .p12 files and provisioning profiles. After that i was not able to install any .p12 file on my machine. Can anybody help me on this?

Hi Gopi,
Are you trying to add the hosts to your OEM 12c, and then choosing "Deploy Agent"?
Please check this error message about the image file..
The image file C:\oracle\core\12.1.0.2.0\jdk\bin\java.exe is valid, but is for a
machine type other than the current machine.
"Validating OMS_HOST & EM_UPLOAD_PORT failed."
If the agents are deployed earlier from another OEM12c server, please undeploy them and then try.
Thanks,
Rajiv.

Convert the signed message into base64 code in file receiver adapter

Hi,
I have 2 sequence steps in my scenario.
Step1
I want to convert the message with signed certifcates and send the file with base 64 code format.
Solu:
1.I deployed the certificate in file adapter (The corresponding key/certificate pair must previously be saved in a keystore view of the J2EE server by using the Visual Administrator)
2.for to change the File type content to base 64 code format .
solu:
File type in receiver communication channel is Binary.
please suggest what value i need to provide below
anonymizer.encoding = ?(using the XMLAnonymizerBean in the module tab giving the value
Step2.
after that i wantt to pick up the file with base 64 code format (Which was created in step 1) and place the content to field with xsd type base64 Binary .
for this we can pick up using file adapte or we need to use any module in the sender file module tab of the communication channel?
Please suggest.

HI Hyma,
As Stefan specifyed already as per my knowledge we dont have any standard procedure for all the requirements you specified.....we need to go for module in the adapter.
Cheers!!!
Naveen.

CSS11501 Certificates & rsakey files

Similar Messages

Maybe you are looking for