Digital certificates and keystore
I have implemented the digital signature in my project.
For that i have to add all the certificates in jre/lib/security/cacerts.
Is it possible to store these certificates in database instead of keystore file (cacerts) ?
if yes how to implement ?
any code sample ??
Yes, you can implement your own KeyStore class and access the keys any way you like. I found it simplest to serialize the keys and store them in a binary field in the database (not very storage efficient but easy to handle).
Similar Messages
-
WebVPN-Problem with Digital Certificate and AAA
Hello everyone,
I have a problem during configuring WebVPN on ASA 5520 using AAA and digital certificate of Microsoft. (MSCEP)
Currently, The WebVPN service is enabled and it worked well with AAA (local or external) only,
But now, I want to use both AAA and Certificate for most secure-I mean that the users will be authenticated 2 times (firstly, it is checked by valid certificate then user/pass is second one).
Here are details:
I tried installation CA server (Microsoft CA service combined with SCEP) and register ASA with CA server (ASA work as subordinate CA)-->these steps is ok, asa has registed, then client use web-browser request CA and it's issued by CA administrator then it is installed on web-browser.
Testing:
The Client tried to test with access SSL VPN, the welcome WEBVPN message prompt user/pass but the message is "Logon Failed" before I give user and pass,
Does anyone know and advise ?
Thanks
KhanhHi all,
Here are attach files for my issuse,
Khanh -
Digital Certificates and Web Services with Oracle APEX
Hi people,
I am working to implement Web Service communication using Oracle Apex. I need to create an application that calls an external public Web Service in Apex. So far, so good, and i am able to work with a public WS without any problems.
However, this particular WS I'm calling has two peculiarities:
1) It is SSL-Secured (HTTPS). This means i have to communicate using SSL and Public/Private Certificates.
2) The message i pass (payload) must be digitally signed using XMLDsig Standard (www.w3.org/TR/xmldsig-core/)
The first requirement i am still testing, but it will probably work if i import the public and private keys using Oracle Wallet and point to this Wallet, just as PayPal sample in OTN samples does, don't you think? Should i have any problems with this?
The second one is more complicated, all APIs i have seen for XML Digital Signing are Java-based or .NET-based, i have found nothing based in PL/SQL packages or such. Can you point me some other options to sign this XML?
Please bear in mind that, since the WS has more than one method, i am using plain old UTL_HTTP to call it (just like the PayPal sample in OTN). PayPal requests that all communication be SSL-enabled, but has no mention whatsoever for Digital Signatures.
Can anybody help me out with this? any help is highly appreciated.
Regards
ThiagoThiago:
You are correct in that there should be no problem interacting with a Web service that has an HTTPS endpoint as long as you create a wallet and specify it when you make your UTL_HTTP calls, like the PayPal example.
I am not aware of a PL/SQL utility to create a XMLDsig Standard message, but if you find some Java source out there that does it, you may be able to follow a technique I used for a similar use case:
http://jastraub.blogspot.com/2009/07/hmacsha256-in-plsql.html
Regards,
Jason -
Digital Certificates and signing
i am developping a security application that needs to access the web client certificate store to enable him once he choose to submit his form to select which cetificate to sign with; i need to know how to access in java the certificate store on the cient machine.
thanksU store the certificate in u r hard disk,,,and try to read from fileinputstream..
Sample Code
InputStream is = new FileInputStream("/anand/Example_test/test.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert =(X509Certificate)cf.generateCertificate(is);
System.out.println("Certificate : algname = " + cert.getSigAlgName());
System.out.println("Certificate : User DN = " + cert.getSigAlgOID());
System.out.println("Certificate : After = " + cert.getNotAfter());
System.out.println("Certificate :Before = " + cert.getNotBefore());
System.out.println("Certificate : User DN = " + cert.getNotAfter());
System.out.println("Certificate : User DN = " + cert.getSubjectDN().getName());
Hope this will help
Rgds,
Anand -
We want to authenticate both a device (iPad) to our corporate WLAN, but after authenticating the device we would also like to authentiate the user in Active Directory if possible. Has anyone had any experience with this?
You need to make sure that the server sends the "GeoTrust DV SSL CA" intermediate certificate.
See:
* http://www.networking4all.com/en/support/tools/site+check/ (www.ucfs.net)
* https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO9557
* https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=AR1422 -
CIDX Adopter Digital Certificates
Guys,
Here is the scenario..
We are getting the HTTPS message from external system to XI.
We are using CIDX Adopter to read external message and validate the digital certificates and map to ORDERS05 Idoc. As soon I trigger the message from external system (HTTPS message), I am seeing message in XI RWB adopter engine, when CIDX adopter is trying the validate the digital signatures somehow it is pointing to J2EE_GUSET user. And it is giving error as below mention.
<b>ERROR</b>
"Signature verification failed, alerted;Error when accessing keystore:service_ssl
Signature verification failed, alerted
Unexpected error while packing the CIDX message -
null
Message Processing caused Failure. -
BTD handler indicated processing error
Error encountered while receiving inbound action; See nested exception for detailed error message -
Message Processing caused Failure. -
Message Processing caused Failure. -
BTD handler indicated processing error
Delivery of the message to the application using connection CIDXAdapter failed, due to: Error encountered while receiving inbound action; See nested exception for detailed error message. "
<b>Regarding Digital Certificates</b>
We got the digital certificates from my external party and installed and
created the Key stores in XI Visual Administration tool.
We configured in sender agreement by selecting those key stores..
Can any one help me on how to resolve the issue, is there any problem in Visual Admin Toll, while installing the certificates..
Thanks
Murali
Message was edited by:
Murali Babu PallabothulaHI,
See the below links
HTTP* Errors /people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
also see the below links may be useful..
See the below links
/people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
SAP Java Cryptographic Toolkit
http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/55ba9790-0201-0010-aa98-ce8f51ea93cd
http://help.sap.com/saphelp_nw04/helpdata/en/fb/322f41d606ef23e10000000a155106/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/45/341a2176b74002e10000000a155369/frameset.htm
Also see the below threads.
how to deal with digital signatures when converting messages?
Certificates Vs Digital Signatures
Security Issues: SSL on SOAP Adapter and Digital Signature in BPM
message level security: difference digital signature and certificate
Loading Invoice XML IDoc with digital signature via XI into R/3
Regards
CHilla -
Best practices for buying a digital certificate for Exchange 2013
Good dayfriends,
Could you indicateme which are the bestpractices when buying
a public digital certificatefor use onExchangeServer 2013.
I'd be interested in knowing your opinion about
using wildcardor SAN certificates.
Likewise what are the best recommendations
to include names and why they should or
should not include the internal FQDN
of my servers.
Currently I have an infrastructure that has two
MailBox servers,two CAS servers and an EDGE
2010 server, but I'm planning update it to Exchange 2013.
I searched what are the best
practices according to Microsoft but
have found little information.
I would appreciate
if you can post links like
Microsoft KBs and other technical documents that
discuss the above mentioned.
Thanking your
invaluable support.
Greetings.Hi,
Personal suggestion, we can use two namespaces for your Exchange 2013:
Autodiscover.domain.com (Used for autodiscover service)
Mail.domain.com (used for all Exchange services external and internal URLs)
Please pointed mail.domain.com and autodiscover.domain.com to your internet facing CAS 2013.
For more information about Digital Certificates and SSL in Exchange 2013, please refer to the
Digital Certificates Best Practices part in the following technet article:
http://technet.microsoft.com/en-us/library/dd351044%28v=exchg.141%29.aspx?lc=1033
Additionally, here are some other scenarios about certificate planning in Exchange 2013:
http://blogs.technet.com/b/exchange/archive/2014/03/19/certificate-planning-in-exchange-2013.aspx
Regards,
Winnie Liang
TechNet Community Support -
Adobe Dreamweaver + Air, Digital Certificate Missing?
I was trying to test out the Adobe Air plugin for Dreamweaver. I have the SDK and the plugin installed but when i fill out the Air Application Settings a popup window appeared saying "Please specify a digital certificate and the coresponding password. So i did some googleing and saw a screenshot of the same window but the digital certificate thing was at the bottom of the window. My Air Application Settings window does not have that at the bottom so i cannot finish the form and finish my Adobe Air application. Does anyone know how to fix this or am i missing something?
I don't know this error. I guess it is probably because
Dreamweaver could not create the certificate file. In that case,
you might change to another directory to output the certificate. -
Logging into BOA's CashPro form Firefox Home finds no digital certificate
I'm trying to wire transfer funds using BOA's CashPro application from my ipad. I can see the CashPro login from Firefox Home, but immediately after logging in, CashPro finds no Digital Certificate and aborts. I installed this digital certificate on the ipad, but the application doesn't see it. Will I be able to access and use BOA's application form Firefox Home on my iPad?
Sorry, I don't think Firefox Home is able to use client certificates. If the web site works in Safari, you can use the "Open in Safari" option in Firefox Home to browse this web site. Tap on the picture below for an illustration.
You can also turn on the [http://support.mozilla.com/en-US/questions/792360 Use Safari] option in the Firefox Home settings, if you want all web sites to open in Safari. -
Private key and digital certificate
I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
and i got,
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
Question :
I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
If so , what are private keys and digital certificate in the above contents ?
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_CitizenThe content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .
-
Could not access the digital certificate. could not load keystore file (password may be incorrect)
I am trying to create my IPA, I have gone through all the steps to create my certificates etc from Apple but keep getting the above error message when I try to publish my file. (I am using the Flash CS5 iphone packager, not the command line) Mac OSX
Here is the tutorial I am following: http://help.adobe.com/en_US/as3/iphone/WS789ea67d3e73a8b2-240138de1243a7725e7-7ffc.html
What are some things to try to troubleshoot?
Thanks!Hi All!
I’ve just finished an application but I’m having problems generating the .BAR file that I want to submit to the AppWorld. These are the commands I’m executing
First - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-keytool" -genkeypair -keystore bbDevCertificate.p12 -storepass myPass -dname "cn=Company" -alias " Company "
Second - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-airpackager" -package AppName_signed.bar AppName-app.xml blackberry-tablet.xml AppName.swf splash.png icons/icon128.png
Finally - "C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\sdks\blackberry-tablet-sdk-0.9.3\bin\blackberry-signer" -verbose -cskpass myCSKPass -keystore bbDevCertificate.p12 -storepass myPass AppName_signed.bar RDK
My blackberry-tablet.xml is:
<qnx>
<initialWindow>
<systemChrome>none</systemChrome>
<transparent>false</transparent>
</initialWindow>
<publisher>Company</publisher>
<category>core.games</category>
<icon>
<image>icons/icon128.png</image>
</icon>
<splashscreen>splash.png</splashscreen>
</qnx>
The problem comes at the first step. I'm using Flash Professional CS5. When I generate the p12 certificate and I try to export my app using that certificate and the password that I've set, it gaves me the next error:
"Error creating files.
Could not access the digital certificate. unable to retrieve key (password may be incorrect)" -
Hi Guys
I need to add a digital certificate to a clients customer statements and invoices. XML Publisher 5.6.3 has been used originally to design the templates as RTF. I have the following questions please...
1. Can an RTF template be used or do I need to convert it to a pdf template?
2. Can XML publisher even be used or do I need to get the DBAs to install BI Publisher. XML Publisher doesn't even have the signature properties in the admin screens that BI Publisher has.
Below is a copy of the xdo.cfg file which currently does not add the pfx file...
<config version="1.0.0" xmlns="http://xmlns.oracle.com/oxp/config/">
<properties>
<property name="system-temp-dir">/tmp</property>
<property name="pdf-security">false</property>
<property name="pdf-open-password">testpass</property>
<property name="pdf-permissions-password">testpass</property>
<property name="pdf-encryption-level">1</property>
<property name="pdf-no-printing">true</property>
<property name="pdf-no-changing-the-document">true</property>
<property name="signature-enable">true</property>
<property name="signature-pkcs12-path">/app/oracle/product/appldev/apps/apps_st/appl/xdo/12.0.0/resource/digcert.pfx</property>
<property name="signature-pkcs12-password">testpass</property>
<property name="signature-field-location">top-left</property>
<property name="signature-reason">taxreasons</property>
<property name="signature-signed-at">Cape Town</property>
<property name="signature-display-style">detailed</property>
</properties>
</config>
Any help will be greatly appreciated.thanks for the summary of the many posts and threads describing all of these steps.
-
A lot of NSS-related jargon is defined on mozilla.org, including the different PKCS standards:
http://mozilla.org/docs/jargon.html#PKCS5
To summarize (and simplify), PKCS #7 is a standard for digital certificates while PKCS #11 is a standard for communicating with cryptographic devices (e.g. SSL hardware accelerators). -
Digital signature and certificates on Mail
Hello All,
I'm new using mac and i have a token with my digital certificate. So i wanna know:
How can i use subscribe or use a digital signature on Mail. How can i use my certificate to sign the message.
Thanks,
Altemir PachecoAltemir ... It's important that the certificate has been created for the e-mail address you want to use as sender e-mail. Your certificate needs to be imported into keychain. Keychain only accepts certificates in a number of formats, among them .p12. You can import in a number of ways, you can for example drop your .p12 file (the certificate) on the keychain icon. Then open keychain and check whether the certificate is visible under "my certificates". It has to appear there and it has to show as "valid" and not as "expired". Control-click on the certificate and set-up a new preferred identity for your e-mail address (I am not sure whether this step actually does any difference but give it a try). Close mail.app and restart mail.app. When you now create a new e-mail and you choose as sender e-mail the e-mail address for which you have the certificate then you should see on the right side, just below the subject line a little symbol which you can click on for activating the signature for the e-mail your writing. Hope all this works.
-
Message level security: difference digital signature and certificate
Hi everybody,
could anybody please explain the difference between <b>digital signature</b> and <b>certificate</b>?
Thans
Regards MarioMario,
A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else, and can be automatically time-stamped. The ability to ensure that the original signed message arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. A digital certificate contains the digital signature of the certificate-issuing authority so that anyone can verify that the certificate is real.
where as
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
hope it helps u.
--Archana
Maybe you are looking for
-
First off i apoligize for the title length, a bit new to help forums and didnt realize thats what that was . Anyways; My iMac PowerPC has been having this issue for quite a few years, prompting me to flat out replace it. I recently had a friend come
-
So A few things occurred, I returned my Iphone 5 because of a defect in the sleep button last week, and then just got it back Monday. I went and got a new Sim Card activated at the AT&T store since the other was deactivated by rep on phone.(long stor
-
Problem with SSD disk in MacBook Pro
I have a very weird problem with my SSD drive 128 GB in a MacBook Pro (early 2011). The warranty has already expired, I don't have Apple Care. I had Mac OS Lion installed, and once when I opened the lid as usual to wake the system up, the system appe
-
Connect PC to TV - video, but no au
I just got a new Sony Bravia 26 inch LCD HDTV KDL-26S3000. I used a DVI to HDMI cable to connect and got video. But the problem is the audio. I bought a miniplug to miniplug audio cable and connected that from my Creative Labs Audigy 2 sound card (li
-
Logical Table source problem - Agg Tables
Hello, I need to know is there any possibility to make following scenario. - A "SalesAmount" column in the presentation layer. - Two aggregate tables; one of them is aggregation according to months and one of them is aggregation according to years. I