Error generating certificate request in JES DSEE 6.0

Similar Messages

• Can't run wallet manager to generate certificate request

  Hi!
  I'm having some trouble running the wallet manager to generate a security certificate on a live application server box.
  No matter what I do from the GUI I can't set the display variable correctly. I have tried EVERYTHING. It won't be set. And I can't restart or turn off the box as its a production machine and it's currently heavily in use.
  If I try to use mkwallet logged in as oracle I just get 2 "Failed to create a certificate request" messages after:
  1. running:
  mkwallet -e pwd wrl
  to generate an empty wallet
  and 2. running:
  mkwallet -r pwd wrl CN=domain.com, O=Business Name, L=Suburb, ST=State, C=AU 1024 certReqLoc
  and if I try to run mkwallet as root I just get:
  error while loading shared libraries: libclntsh.so.10.1: cannot open shared object file: No such file or directory
  Advice greatly appreciated!!

  You must repeatedly tap the F11 key at boot to get to the recovery manager.
  Did you make recovery disks when you got the computer?
  If not you may order them.  If you live in the USA/Canada, call this number...  1-800-334-5144.
  If you do not live in the USA/Canada, call the HP business PC support number for the country you live in.
  http://h50146.www5.hp.com/lib/doc/manual/desktop/b​usiness_desktops/6005us_332630_007.pdf
  Please mark my post as SOLVED if it has resolved your problem. It helps others with similar situations.

• Error while accesing the certificate request service

  Hi,
  I am trying to use certification request available in sicf
      default_host| bc | bsp | sap | certreq .
  I am getting the following error
  Error: Incorrect certificate request (CertReq)
  One of the following reason can cause this error:
  - You call this service without CertReq
  - Your CertReq is not valid or the signature is incorrect
  - Your RA is not registered yet
  - You apply for certificate within incorrect naming space
  Please contact your system administrator.
  Any idea how can i rectify the problem.  Do i need to have any certficate installed in my browser before calling this?
  Regards,
  Dhana

  Hello,
  This is not security related,please ask basis consultant to fix this
  Thanks,
  Prasant

• How to generate a PKCS#10 certificate request

  Hi:
  does OWM generates certificate requests in PKCS#10 format?
  TIA

  Do you have tried with the command line "certutil" ?
  #<SERVER-ROOT>/bin/https/admin/bin/certutil

• Problem Generating a certificate request

  I have a couple of Windows 2003 R2 SP2 servers hosting several instances of ADAM.  I am using certreq to generate the certificate requests for these servers so I can use SSL in connecting to ADAM but I am getting an error.  This is the request.inf I am using (pretty much straight from an MS article...) to generate the request...
  ;----------------- request.inf -----------------
  [Version]
  Signature="$Windows NT$
  [NewRequest]
  Subject = "CN=servername.childdomain.rootdomain.com" ; replace with the FQDN of the DC
  KeySpec = 1
  KeyLength = 1024
  ; Can be 1024, 2048, 4096, 8192, or 16384.
  ; Larger key sizes are more secure, but have
  ; a greater impact on performance.
  Exportable = TRUE
  MachineKeySet = TRUE
  SMIME = False
  PrivateKeyArchive = FALSE
  UserProtected = FALSE
  UseExistingKeySet = FALSE
  ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
  ProviderType = 12
  RequestType = PKCS10
  KeyUsage = 0xa0
  [EnhancedKeyUsageExtension]
  OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
  I am using this command....  certreq -new request.inf request.req
  After hitting enter, it sits there for about 10 seconds and gives me this error back...
  Certificate Request Processor: Access is denied.  0x80070005 (WIN32: 5)
  [RequestAttributes]
  I have searched on this error and have not found much of anything on it.  This process seems to work fine on other servers that I have, but these two servers both generate this error.  Both servers are clean builds and only have ADAM installed on them.  I am a local admin on both servers so it doesn't appear that there should be any permission issues as implied by the error message. 
  Anyone have any ideas?
  Thanks!

  Hello Bryan,
  First of all, please make sure that the CA certificate is added into the Trusted Root certificate store on the servers. If the certificate web enrollment is enabled, please check how a certificate request works on that two server generate the error.
  Meanwhile, please verify the security permission on the MachineKeys directory:
  1.    Open Windows Explorer, and find the MachineKeys directory in the following location:
  Drive:\Documents and Settings\all users\Application Data\Microsoft\Crypto\RSA\MachineKeys
  2.    Right-click the directory, and click Properties.
  3.    Click the Security tab, and ensure that the full control permission for the Administrators
  How to: Change the Security Permissions for the MachineKeys Directory
  http://msdn.microsoft.com/en-us/library/bb909654.aspx
  Hope it helps.

• WLS70 SSL encrypted keys and Certificate Request Generator

  Hi,
  we are trying to certificate our WLS 7.0. We use the Certificate Request Generator
  webapp for generating the request. The generator forces the user to give in a
  private key password. But in the server's SSL config tab the field "Use encrypted
  Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Is this a bug
  in WLS7.0?

  Hi Alain,
  thanks for your workaround. We will check it out ... although I've been instructed
  on the BEA admin trainee to never change config.xml manually :)
  "Alain Hsiung" <[email protected]> wrote:
  Hi Joern
  consider it a bug or not, you can go to the file config.xml and edit
  the
  XML attribute "KeyEncrypted" of the XML element "SSL" to "true".
  Hope this helps.
  Regards
  Alain Hsiung, Ideartis Inc.
  "Joern Wohlrab" <[email protected]> wrote in message
  news:[email protected]..
  Hi,
  we are trying to certificate our WLS 7.0. We use the Certificate RequestGenerator
  webapp for generating the request. The generator forces the user togive
  in a
  private key password. But in the server's SSL config tab the field"Use
  encrypted
  Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Isthis a
  bug
  in WLS7.0?

• Is there any FM to generate spool request for error log of a background job

  Hi,
      I am going to create a program to create deliveries and do PGI. This program will be assigned to periodic background job.Now whatever  errors are generated in program i have to send the error log to spool request.Is there any FM for generating spool request with this error log  or how can this be done? Kindly provide sample code if possible.
  Thanks.
  Nimish Dongare.

  Hi Nimish,
  How are you doing, This is Shreekant working as ABAP developer, I sow your post in sdn forum, I have a similar requirement like I am changing the delivery taking some data from a flat file which is coming from other system and do PGI. If any error occurs during this process I need to capture it and present it as a report or create log file.. whichever is easier.
  Please can u help me how did u achieved this functionality for your requirement?.. pls. can u share some details.
  If u don mind, can u give me ur email id to communicate.
  Thanks,
  Shreekant

• COM error while submitting certificate request

  Hello there
  I have created a group and assigned Read, Issue and Manage Certtificate, Manage CA & Request Certificate permission on the CA.When any member of this group try to sign a certificate request,
  the following error accours.
  Your request failed. An error occurred while the server was processing your request.
  Contact your administrator for further assistance.
  " type=button
  Request Mode: newreq - New Request
  Dis"font-size:9pt;">(never set)
  Disposition message: (none)
  Result: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
  COM Error Info: CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
  LastStatus: The operation completed successfully. 0x0 (WIN32: 0)
  Suggested Cause: This error can occur if the Certification Authority Service has not been started.
  During this time event ID 10016 is logged on the eventlog
  The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
  {D99E6E73-FC88-11D0-B498-00A0C90312F3}
  and APPID
  {D99E6E74-FC88-11D0-B498-00A0C90312F3}
  to the user <Domain>\<Username> SID (<SID>) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
  I have assigned the required permissions to the group on
  CertSrv Request. Also verified the membership of
  Certificate Service DCOM Access.
  Can you please help me to resolve this?
  Thanks
  Ranjith

  Hi Ranjith,
  I suggest you restart the certificate services and try to enroll certificates to test if the Certification Authority is functioning.
  In addition, please make sure that ports in the blogs below are open:
  Firewall Rules for Active Directory Certificate Services
  http://blogs.technet.com/b/pki/archive/2010/06/25/firewall-roles-for-active-directory-certificate-services.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• How to generate a certificate request with more than one OU?

  We're using Sun Java System Web Server 6.1 SP4. The Corp. has it's own CA and organize their certificates in a hierarchical rule with more then one organization unit (OU) in a chain.
  So what we need is generate a certificate requeste with more than one OU, but the Web Server wizard has only one text field for it. We've already tried to fill in this field the complete chain of OUs like "ou=orgX, ou=deptY, ou=secZ" and didn't work either.
  Thank's in advance,
  Jeff!

  Do you have tried with the command line "certutil" ?
  #<SERVER-ROOT>/bin/https/admin/bin/certutil

• Generate a certificate request with API (CSR, PKCS#10)

  Hi everybody,
  I want to request for a certificate using a PKCS10 File.
  I generate this file with this code :
  package test;
  import sun.security.pkcs.*;
  import sun.security.x509.*;
  import java.security.*;
  import cryptage2.RSACryptor;
  import org.bouncycastle.jce.provider.BouncyCastleProvider;
  import com.sun.crypto.provider.SunJCE;
  import java.io.*;
  public class TestPKCS10
  public static void main(String argv[]){
            try{
       // provider
                 SunJCE jce = new SunJCE();
  Security.addProvider(new BouncyCastleProvider());
  Security.addProvider(jce);
                 // generate KeyPair
       KeyPair pair = RSACryptor.generateKeyPair();
       // get Instance of signature with MD5 algorithm
       Signature dsa = Signature.getInstance("MD5withRSA");
                 // get Private Key
                 PrivateKey priv = pair.getPrivate();
            // init Signature with private Key
                 dsa.initSign(priv);
       // sign
  byte[] sig = dsa.sign();
                 // info for X509 are in X500Name Object
                 X500Name x500name = new X500Name(
  "Nicolas LEFEUVRE","IN","InTech","Schifflange","Luxembourg","Luxembourg");
                 // signer : bind Signature and X500Name
                 X500Signer signer = new X500Signer(dsa,x500name);
                 // get public Key
                 PublicKey publicKey = pair.getPublic();
                 // create PKCS10 with public key
                 PKCS10 pk = new PKCS10(publicKey);
                 // sign and encode the PKCS10
                 pk.encodeAndSign(signer);
                 // save in file PKCS10_2
  PrintStream out =
  new PrintStream(new FileOutputStream("c:/temp/pkcs10_2"));
  catch(Exception e){e.printStackTrace();}
  The PKCS10 look like this :
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIIBuTCCASICAQAweTETMBEGA1UEBhMKTHV4ZW1ib3VyZzETMBEGA1UECBMKTHV4ZW1ib3VyZzEUMBIGA1UEBxMLU2NoaWZmbGFuZ2UxDzANBgNVBAoTBkluVGVjaDELMAkGA1UECxMCSU4xGTAXBgNVBAMTEE5pY29sYXMgTEVGRVVWUkUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzTrStPIyUyygFTU5p6QjGyLfAXncUvwA/i+sK2wY1S6EFYGGd7luGXI3NekVvEEzwIZ+eQ+STB7J7XVik8REubJl6gXlZTcrOdVzg6JJtHwbDoTpZnB09hGGZUzdyKsnGVIwZ4Un54Z44BZBm5qeOqYMKLK50YCC6ACqdfu/rpAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQBViesKVPfgkGSB2MYIln6yWPGmOjbLsdGdzSr/EWbtIAuT75ROZpeKKHzpfuHDC1xpbs0iZYvRACujyqeqRHIzomHu6NW7v2+B5CkoP5YsxXswr25fBMRawRckqnzMuZz79G1bi3CtQbh+MbdwvDvvs7DucPgsI7Cn8Fbg214C9Q==
  -----END NEW CERTIFICATE REQUEST-----
  I use Microsoft Certificate Server (a service of Microsoft NT2000 server) to generate certificate, I have this message :
  �The request subject name is invalid or too long. 0x80094001 (-2146877439)C�
  Any idea ?

  Nicolas, i'm not sure but can you try it anyway?
  replace Nicolas LEFEUVRE
  with Nicolas_LEFEUVRE
  There is something about blanks in the Common Name
  I'm not sure how or what, but just give it a try!

• Error trying to generate a request code

  I received the CS6 production suite and am trying to deploy it on a number of off-line machines. According to what I can make out of the instructions for the Provisioning Toolkit, I need to open the Provisioning Tool on the off-line machine and then type in:
  adobe_prtk --tool=Type1Exception accept --serial=
  and then the serial number I received from Adobe in order to receive a request code for activation, but when I do that, I get a "command not found" message in the terminal. I have copy/pasted the command line directly from the document. I can breifly turn the off-line machine's wireless on (although I hate to do it as it destabilizes our system) but I suspect if I do that and enter the serial number that way, then that will be the only machine I can install the package on. Any help would be appreciated.

  In Creative Suite 6, users needs to be online for serialization to be successful. However if there are client
  machines that are not connected to the internet, the following process, called the Type1Exception process,
  can be followed to serialize a package.
  This process requires generation of a keycode on the offline client machine. The keycode is then used to
  generate a response code from an online machine. The response code generated using the online
  machine is then used to serialize the package on the offline client machine.
  This process can be used for both Retail and Volume customers.
  1.On the offline client machine, generate a request code for activation by running the following command:
  adobe_prtk --tool=Type1Exception --generate --serial=serialNum
  where serialNum is the serial number
  This command returns a 44-character request code.
  2.Using an online machine. visit the AOES website:
  http://www.adobe.com/go/getactivated
  3.At the AOES website, log in with the Adobe ID.
  4.Once authenticated, enter the Adobe serial number and the request code that was generated in step 1. Once the activation service successfully activates it, the response code is displayed.
  5.Note down the response code
  6.On the offline client machine, run the following command to activate the package
  adobe_prtk --tool=Type1Exception accept --serial=serialNum --responsecode=responseCode --leid=LEID

• How to generate PKCS#10 ECDSA Certificate Requests?

  Hi all,
  Can any body please let me know how can I create ECDSA/RSA/DSA PKCS#10 certificate requests in Java using non-SUN providers?
  I've looked at the Java API docs and couldn't find any class for this purpose. Is there any open-source Classes/Tools which can be used?
  I've tried keytool with my provider which supports RSA and ECDSA, it works with RSA but not ECDSA.
  I'd appreciate your help.
  Joe

  Hi all,
  Can any body please let me know how can I create ECDSA/RSA/DSA PKCS#10 certificate requests in Java using non-SUN providers?
  I've looked at the Java API docs and couldn't find any class for this purpose. Is there any open-source Classes/Tools which can be used?
  I've tried keytool with my provider which supports RSA and ECDSA, it works with RSA but not ECDSA.
  I'd appreciate your help.
  Joe

• Certificate request not working with web server v2 template on windows 2012 R2

  I have tried to generate a certificate request on my domain joined Windows 2012 R2. I have tried both online and offline requests. I am using the web server v2 template.
  Both Method fails with error message that the cryptographic algorithm is unknown. I am using these settings apart from the template:
  This is the error Message in online request:
  The error Message in the offline request is somewhat similar.
  An event error is also appearing in the application log:
  The CSPs from the template:
  I am wondering if a cryptographic service provider or several of them are missing? They are installed With Windows update are they not? The strange thing is that this supposedly have worked before with another user. Could it be that I do not have the
  correct permissions to request a certificate with this template, or has something happened with the server? 

  Hey dag 
  Thanks for posting ,
  If You try duplicate the web template for using it in version 4 - can You see any difference? 
  Also check the link below for certificate templates versions:
  http://social.technet.microsoft.com/wiki/contents/articles/13303.windows-server-2012-certificate-template-versions-and-options.aspx#Version_4_Certificate_Templates
  In previous operating system versions the configuration of CSPs and KSPs were on different tabs in the certificate properties. For version 2 certificate templates, CSPs were configured on the Request Handling tab. For version 3 certificate templates,
  KSPs were configured on the Cryptography tab. Starting in Windows Server 2012, the configuration of the providers is consolidated on the Cryptography tab. To learn more about the cryptographic provider options present in previous operating systems
  Notice later.
  I'd be glad to answer any question

• Cisco ISE 1.2 - BYOD Guest Access Error with Certificate

  Hi all !
  I'm running on Cisco ISE 1.2. I'm trying to setup BYOD (dual SSID).
  Here's a walkthrough of what's happening:
  1. I connect to open SSID, enter username/password and register MAC 
  2. I download WinSPwizard, get trust root CA but WinSPwizard error
  This is spwprofilelog 
  [Wed Oct 01 11:27:17 2014] Installed [pvgas-DC-CA, hash: d0 ad c2 1e 19 b0 8b 61  8a 2d 81 88 da 8a a2 ca
  da d3 ab e8
  ] as rootCA
  [Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:17 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:17 2014] HttpWrapper::SendScepRequest - Retrying: [1] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:21 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:21 2014] HttpWrapper::SendScepRequest - Retrying: [2] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:25 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:25 2014] HttpWrapper::SendScepRequest - Retrying: [3] time, after: [4] secs , Error: [2]
  [Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] InternetOpen() failed with code: [12038]
  [Wed Oct 01 11:27:29 2014] Warning - [HTTPConnection] Abort the HTTP connection due to invalid certificate CN
  [Wed Oct 01 11:27:29 2014] Failed to get certificate from server - Error: [2]
  [Wed Oct 01 11:27:29 2014]  Failed to generate scep request. Error code:
  [Wed Oct 01 11:27:29 2014] ApplyCert - End...
  [Wed Oct 01 11:27:29 2014] Failed to configure the device.
  [Wed Oct 01 11:27:29 2014] ApplyProfile - End...
  [Wed Oct 01 11:27:32 2014] Cleaning up profile xml:  success 
  This is SCEP RA profiles
  Other Cert
  ACL On WLC
  and policy
  Please help me fix error.
  Thanks.

  you could create an ISE local user with a GUEST membership and provided you have your ISE password policy set so that it doesn't expire accounts, etc it would be a "permanent" guest account. we do something similiar. sponsors make temporary accounts while long-term or test guest accounts are created in the ise local identity store as guests and are processed the same way. you just have to ensure that the internal user store is part of your guest identity source sequence.

• Error in WB Request while Transporting on STMS

  Hi all,
  I have a WB transport Request for my Report, where the Request contains Data Elements, Programs, SE11 Table, TMG, Screens, Tcode related to my development. Now, while moving the request from DEVELOPMENT  to QUALITY system on STMS, it ended with ERROR 8.How can I know, in which object there is an Error while transporting.
  My error is shown as..
  Generation of Programs and Screens  --- (8) Ended with errors

  Dear Sekhar,
  I think some object or component is missing in transport request, like function group, screen parameters or any one in your program. Activate all  objects and resend dev to qas. If again same issue, you delete the request and generate new request.
  Best of luck.
  Regards,
  Abbas.