Error Re-opening Self-Signed Extensions on OS X

Similar Messages

• Issue with self-signed Extensions

  I am packaging my extension with self signed cert that is created with the ZXPSignCmd executable.
  It functions correctly and the -verify command confirms the ZXP is good to go.
  When a user install the extension, however, it only functions once the first time they open Illustrator after installing it. Every time after that, when Illustrator is opened, the panel is completely blank.
  This issue can be resolved by enabling PlayerDebugMode on the end-user's .plist file (as outlined for developers in the blog) but obviously this is something I do not want the end user doing. Does anyone have insight as to why the extension panel only loads once, and then breaks? Enabling PlayerDebugMode addresses the issue, but I can't figure out why. I assume is has something to do with the the way it is signed, but I would like confirmation/clarification if anyone knows what is going on.

  Ok, I've validated my html and I'm getting a few errors related to Angular. They're all one of two types of errors
  Error 1:
  <div ng-controller="ExampleController">
  Gets the following error:
  Attribute ng-controller not allowed on element div at this point.
  Error 2:
  <my-directive></my-directive>
  Gets the following error:
  Element my-directive not allowed as child of element div in this context. (Suppressing further errors from this subtree.)
  Error 1 is for any Angular related thing...ng-click, ng-controller, ng-show, etc.
  Error 2 appears where all my custom directives are.
  I did a comparison between the not-working extension and a working one that also uses Angular (without any custom elements). When I validated the working extension, it returned a bunch of Error 1's but no Error 2's (this is expected, seeing as there are no custom elements).
  To your question about dynamic HTML - there is none. All of the files are static after they're installed. I double checked this by running a diff-merge between the extension before and after it has been run once. They are exactly the same, so no files are changing.
  There are known issues with custom directives in older browsers like IE8 - http://www.befundoo.com/blog/angularjs-directives-in-ie8/
  Out of curiosity, I tried adding elements in the head, as described in the above blog, inside my extension. This did not have any effect, and the extension still fails.
  I'm considering rewriting my directives as attributes instead of elements, and seeing if that does it. That would take some time though, so if the above info helps narrow down the problem or raises other questions of yours, I'm all ears! Thanks again for all the replies!

• Self signed Extension not visible in Indesign CC although installed in Extension manager CC

  I have a HTML Extensions which I self signed (by creating a self signed certificate) using ZxpSignCmd. I exported my Extension in ZXP format
  and it got installed under Indesign CC 32 bit.
  But when i open indesign and check for my extension, I cannot find it under Extensions Tab.
  Pleas note that when I copy the ZXP contents in the "C:\Users\CS47\AppData\Roaming\Adobe\CEPServiceManager4\extensions", It appear in Indesign CC.
  But i need to install it using Extension manager.
  I can't find another thread with a similar issue so please let me know how to deal with this.

  I have a HTML Extensions which I self signed (by creating a self signed certificate) using ZxpSignCmd. I exported my Extension in ZXP format
  and it got installed under Indesign CC 32 bit.
  But when i open indesign and check for my extension, I cannot find it under Extensions Tab.
  Pleas note that when I copy the ZXP contents in the "C:\Users\CS47\AppData\Roaming\Adobe\CEPServiceManager4\extensions", It appear in Indesign CC.
  But i need to install it using Extension manager.
  I can't find another thread with a similar issue so please let me know how to deal with this.

• I have Java 7 update 51 and cannot open - self signed applications cannot be opened?? Tried everything, I think? Help

  I have tried several times to open Java 7 update 51 on safari and firefox and continue to get this message "your security settings have blocked a self- signed application from running" I tried enabling under my system preferences, safari preferences, firefox preferences. No luck. Please help!

  Then, check System Preferences->Java and its various tabs. I've both installed.
  For Java 7,
  /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java -version shows:
  java version "1.7.0_51"
  Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
  Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
  for Java 6, java -version shows:
  java version "1.6.0_65"
  Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-10M4609)
  Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-462, mixed mode)

• 6280 - opening an IMAP SSL (self-signed) email box

  I'm trying to set up my my Nokia to open my email box, and it fails with a generic "checking failed" message.
  According to my sever logs, it disconnects at "TLS handshake"
  My SSL certificate is self-signed - would this be the problem? Can I do anything to get my Nokia to accept it?

  I can tell you it was a PITA to get working - I first tested sans ssl, then had to reset the iPhone before it would completely forget the old mail config (due to my playing w/ :port# tacked onto the hostname). Plus the iPhone docs need a small amount of work, I think.
  Is courier listening on port 993 for imaps? That's what the iPhone will use when you turn on 'secure incoming'.
  Setting the :port# in the server field only works for the outgoing server. Don't explicitely set it for incoming, else you'll go through the same aggravation I did (and eventually reset and enter it from scratch).

• Error when trying to import self signed server certificate

  Hello,
  When trying to load a self signed server certificate into the key store (NW2004s SPS11), I get the following exception. Here is the certificate's subject:
  "/C=DE/ST=Bavaria/L=Munich/O=Nokia Siemens Networks GmbH & Co KG/OU=CDO IT MSS OMA AS1 DE/CN=carrier-mhhb3u3c.extranet.nokiasiemensnetworks.com/emailAddress=elmar.sternathatnsn.com"
  caused by -
  com.sap.engine.services.keystore.exceptions.BaseRemoteException: Remote call errored
       at com.sap.engine.services.keystore.impl.KeystoreManagerManagementImpl.writeEntry(KeystoreManagerManagementImpl.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)
       at com.sap.pj.jmx.mbeaninfo.AdditionalInfoProviderMBean.invoke(AdditionalInfoProviderMBean.java:289)
       at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)
       at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)
       at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)
       at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)
       at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)
       at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)
       at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)
       at com.sap.engine.services.jmx.MBeanServerSecurityWrapper.invoke(MBeanServerSecurityWrapper.java:287)
       at com.sap.engine.services.jmx.MBeanServerInvoker.invokeMbs(MBeanServerInvoker.java:131)
       at com.sap.engine.services.jmx.ClusterInterceptor.invokeMbs(ClusterInterceptor.java:212)
       at com.sap.engine.services.jmx.ClusterInterceptor.invoke(ClusterInterceptor.java:766)
       at com.sap.engine.services.jmx.MBeanServerInterceptorInvoker.invokeMbs(MBeanServerInterceptorInvoker.java:102)
       at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImpl.invokeMbs(P4ConnectorServerImpl.java:61)
       at com.sap.engine.services.jmx.connector.p4.P4ConnectorServerImplp4_Skel.dispatch(P4ConnectorServerImplp4_Skel.java:64)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:319)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:200)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:136)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
  Caused by: com.sap.engine.services.keystore.exceptions.BaseParameterException: Cannot perform operation - character [' '] cannot be part of view or entry alias.
       at com.sap.engine.services.keystore.impl.ParameterChecker.checkEntryName(ParameterChecker.java:251)
       at com.sap.engine.services.keystore.impl.ParameterChecker.writeEntry(ParameterChecker.java:125)
       at com.sap.engine.services.keystore.impl.KeystoreManagerManagementImpl.writeEntry(KeystoreManagerManagementImpl.java:125)
       ... 29 more

  Figured it out by myself. There have been dots in the certificate's file name.
  Thank you for your help,
  Elmar

• Certificate error with self signed test certficiate

  When I go to my test instance via IE I get "Invalid Certificate - Certificate cannot be trusted up to a valid Certificate Authority".
  I've followed all steps I believe are necessary and there are no errors in the logs. These were my steps:
  java -cp weblogic.jar utils.CertGen maximo mycert mykey -cn mytest.local// convert CertGenCA cert to PEM format
  java utils.der2pem CertGenCA.der// on windows concatenate my test certificate and CA cert
  copy mycert.pem+CertGenCA.pem newcerts.pem// import it
  java -cp weblogic.jar utils.ImportPrivateKey mykeystore mypasswd mykey password newcerts.pem mykey.pemI have then updated the weblogic server instance to use mykeystore as the Custom Identity Keystore and Custom Trust Keystore. They import successfully and if I check what's in them I can see both the key and CA certificate.
  What am I doing wrong?
  Thanks,
  Matt

  The issue is that IE does not trust the CA that signed your SSL certificate. If you are trying to eliminate the certificate warning in IE when navigating to your site via HTTPS then you need to add your CA certificate as a trusted authority in IE so that IE can validate the chain of trust that built your self-signed cert. You can import your CA cert into the IE trusted list by simply putting the CA cert on your desktop and double clicking it. This will launch a window allowing you to install the certificate. You will need to restart IE after you have successfully installed your CA cert. Don't forget to install any intermediate certs as well (if you happened to create any)

• Export extension to ZXP with self-signed certificate

  Hello,
       I am having this issue with Extension Manager not allowing the install of an extension exported from Extension Builder with a self-signed certificate. It always says that the signature is invalid, even with the sample projects exported packages. I am on Mac OS Snow Leopard. Anyone else experiencing this ?
  Regards.

  Hello,
       I am having this issue with Extension Manager not allowing the install of an extension exported from Extension Builder with a self-signed certificate. It always says that the signature is invalid, even with the sample projects exported packages. I am on Mac OS Snow Leopard. Anyone else experiencing this ?
  Regards.

• SCCM 2007 - task sequence - prestaged media - self-signed certificates - error message 'Certificate has expired for this media'

  Hi there
  Quick scenario.
  We have created a task sequence prestaged media .wim file (SCCM 2007, client OS is Windows XP).
  Recently some of these swap-out machinses, on delivery and start up, have started showing this message:
  'Certificate has expired for this media'.
  This is because the self-signed certificate created during the prestaged media creation process has expired.
  My question is: is it possible to mount the image using dism or imagex and then inject an updated sertificate?
  Best regards
  John

  the disk that has the prestaged media applied must be the boot partition.
  create a task sequence to stage the prestaged media. In this task run a format and partition step which configures both the system disk and the os disk, though make the os disk the active boot partition. Then apply the prestage wim.
  On your deploy task, somewhere after the OS has applied create a group that runs only if the media is OEM (from memory  _SMSTSMedia =
  OEMMedia)
  in this group run the command bcdboot C:\Windows /s F: /f ALL where f: is the drive letter assigned to the system disk, then run another step that removes the drive letter and reboots. The deploy task will now continue and you will be booting to the system
  partition.
  So I wanted to get back to working on this issue.  I noticed that when I said it Worked that it was actually still booting from C drive instead of the reserved partition.  For the past few days I have been trying to get the prestaged to work like
  a network deploy but fail every time.  I cannot get the prestaged to boot from any other partition other then the partition where windows was imaged too.
  So where I am at today.  When I do as suggest above the D drive (The reserved Boot volume) return on reboot. it will not stay hidden.  also the OS is till booting from C and does not change to the D drive or no drive letter drive with the above
  commands.  I think there is some other command missing that tells it to boot from a new location that is not bcdboot.
  Has anyone seen any guides for how to use prestaged and bitlocker enabled task sequence?  I think that would help me figure out my current issues as with bitlocker you must have this other partition.

• Ssl_error_internal_error_alert error in firefox when connecting to an internal website with self signed certificate.

  Firefox 26.0 . The website is running on tomcat 7 server . Using java key store .java version "1.6.0_29"
  Can test the site with openssl s_client and response seem ok.
  SSL handshake has read 2335 bytes and written 303 bytes
  New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
  Server public key is 4096 bit
  Secure Renegotiation IS supported
  SSL-Session:
  Protocol : TLSv1
  Cipher : EDH-RSA-DES-CBC3-SHA
  Session-ID: 52B896D8E3B7D0B1A03C5D2E5FF8B594D6AA74E94CB193E24685A041C5BEBF3A
  Session-ID-ctx:
  Master-Key: 1063AB71B3389D139FD7DD490FE3DF2188FA24B5E090390D2A899B32E2895B1D7A093590BE8D6FCDEFD22ACF10D94544
  Key-Arg : None
  Start Time: 1387828953
  Timeout : 300 (sec)
  Verify return code: 18 (self signed certificate)
  closed

  Hello,
  Can you please confirm what the issue is? Are you not able to setup a SSL connection to the internal website running on Tomcat. If so, have you tried installing the root CA certificate into Firefox? You can do that by going to Firefox -> Preferences -> Advanced -> View Certificates -> Certificate Authorities and then importing the root CA certificate.
  Please check this and let us know if this helps in resolving the connectivity issue. Though, I am a bit surprised that the connection is not getting established. Typically, Firefox would warn you if you would like to continue with the connection. Are you not seeing this warning?
  Thank you

• Cannot upload self signed certificate on EZ Media

  The problem I have is on my Lenovo Iomega EZ Media & Backup Center 3TB, version 4.1.108.32627
  Using openssl I created the following self signed certificates in both .pem and .der format:
  -CA.cert.pem( this is the CA that I used to sign the server certificate that I intend to upload to the Iomega EZ; I installed this in my browser, works ok )
  -server.cert.pem ( this is the certificate that I want to install on server )
  -server.key.pem ( this is the key that I used to make the certificate signing request that I used to generate server.cert.pem ).
  From the security menu ( https://<personal_cloud_url>/manage/security.html ) I try to install server.cert.pem ( and also in .der format ).
  The problem is that I receive this error:
  "Failed to validate the uploaded certificate"
  Same error is seen when I try to upload CA.cert.pem/.crt.
  I red the help file for this particular security page, but I could not find anything about the required format of the certificate.
  Does anyone have any idea how to install a self signed certificate?
  Thank you.
  Solved!
  Go to Solution.

  Hello zupermann
  Iomega/LenovoEMC Lifeline devices only support x.509 certificates with one private key and pem extension.  
  This should be the format used to create an open ssl cert for use with a lifeline device 
  " # openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout newCertificate.pem -out newCertificate.pem "
  Hope that helps!
  LenovoEMC Contact Information is region specific. Please select the correct link then access the Contact Us at the top right:
  US and Canada: https://lenovo-na-en.custhelp.com/
  Latin America and Mexico: https://lenovo-la-es.custhelp.com/
  EU: https://lenovo-eu-en.custhelp.com/
  India/Asia Pacific: https://lenovo-ap-en.custhelp.com/
  http://support.lenovoemc.com/

• Problem with importing and creating self signed SSL certificate

  Mac Pro, 10.7.2 Server.  Attempting to import or create a self signed certificate for use as ichat.domain.com to encrypt iChat service.  Server is acutally called server.domain.com but has an alias of ichat.domain.com.  I understand that this is probably not best practice but I would like to keep things this way since we have one server, run multiple services on it, but want to continue to connect to each service at SERVICE.domain.com.  We have been using this type of mismatched certificate with success since 10.4 or so.
  I am working through setup of 10.7 Server to replace our 10.6 server. 
  Tried upgrade of 10.6 to 10.7 installation.  The installation made a mess of some services and our Open Directory, but did move the certificate over and allowed iChat service to function properly.
  Clean install and setup of 10.7 Server.  Exported self signed certificate, private key, and encryption password from 10.6 Server and functioning 10.7 upgraded Server.
  On import or manual creation of certificate get the following error:
  Error
  Check your server's logs for more information.  The error (code 5001) was: Expected SecKeychainItemImport to return a SecIdentityRef, but it did not
  Log shows:
  Dec 29 17:56:55 server servermgrd[498]: -[CertsRequestHandler(HelperAdditions) importP12Data:passphrase:error:]: importedItems = (
                "<SecCertificate 0x7fcf6ed43c00 [0x7fff78d96f40]>"
  I have tried importing and manually creating other certificates with a variety of names with success.  I assume that there is something buried somewhere that is causing this particular one to be a problem.  Other than manually removing any remnants of the certificate from /etc/certficates I do not have any ideas what to try.  I am essentially ready to move this server to 10.7 except for this problem and would like to avoid a reinstall.
  Suggestions?
  -Erich

  Take a look here.
  https://bbs.archlinux.org/viewtopic.php?id=146649
  Maybe it's a problem with your network.

• Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER]

  SCCM 2012 has been successfully installed on the server:
  SRVSCCM.
  The database is on SQL Server 2008 R2 SP1 CU6 Failover Cluster (CLS-SQL4\MSSQLSERVER04)
  Cluster nodes: SQL01 and SQL01. On all nodes made necessary the Security Setup of SCCM. No errors and warning on SCCM Monitoring.
  The cluster service is running on the account: sqlclusteruser
  The account has the appropriate SPN are registered:
  setspn -L domain\sqlclusteruser
  Registered ServicePrincipalNames for CN=SQL Cluster,OU=SQL,OU=Users special,OU=MAIN,DC=domain,DC=local:
  MSSQLSvc/CLS-SQL4
  MSSQLSvc/CLS-SQL4.domain.local
  MSSQLSvc/CLS-SQL4:11434
  MSSQLSvc/CLS-SQL4.domain.local:11434
  After some time on the cluster hosts every day started appearing new folders with files inside:
  srvboot.exe
  srvboot.ini
  srvboot.log
  srvboot.log contains the following information:
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER started.
  Microsoft System Center 2012 Configuration Manager v5.00 (Build 7711)
  Copyright (C) 2011 Microsoft Corp.
  Command line: "SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER CAS K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8 /importcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER".
  Set current directory to K:\SMS_SRVSCCM.domain.local_SMS_SQL_SERVER8.
  Site server: SRVSCCM.domain.local_SMS_SQL_SERVER.
  Importing machine self-signed certificate for site role [SMS_SQL_SERVER] on Server [SQL01]...
  Failed to retrieve SQL Server service account.
  Bootstrap operation failed: Failed to create machine self-signed certificate for site role [SMS_SQL_SERVER].
  Disconnecting from Site Server.
  SMS_SERVER_BOOTSTRAP_SRVSCCM.domain.local_SMS_SQL_SERVER stopped.

  The site server is trying to install the sms_backup agent on the SQL Server Cluster nodes.
  Without successfull bootstrap the siteserver backup is not able to run successfully.
  Try grant everyone the read permisson on
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS on the SQL server nodes.
  This worked for me.
  After that a Folder named "SMS_<SITESERVER-FQDN>" appeared on C: on the SQL Cluster nodes, and a "SMS_SITE_SQL_BACKUP_FQDN" Service should be installed.
  After the new Folder is created and the new Service is installed, you can safely remove the bootstrap Service by opening a command prompt and enter:
  sc delete "SMS_SERVER_BOOTSTRAP_FQDN-of-SiteServer_SMS_SQL_SERVER"

• Steps to create your own self signed certificate with java plugin working

  You need two tools that comes with your jdk which are keytool and jarsigner.
  Steps explain below in detail. Don't use netscape signtool, it will NEVER work!
  * keytool -genkey -keyalg rsa -alias tstkey -keypass 2br2h2m -dname "cn=Test Object Signing Certificate, o=AI Khalil, ou=Java Products, c=AU"
  cn = Certificate name
  o = organistation
  ou = organistation unit
  c = country (first two letters)
  If don't put the -dname, you can fill it line by line.
  The -keypass has to be verify at the end, and you have to wait for it to create the rsa signing keys.
  On NT by default it will put the alias information at D:\WINNT\Profiles\Administrator (if log in as administrator) with the default file called ".keystore". Windows 98 etc, don't know, search for .keystore
  file. When you update it, check for the timestamp change and you know if you at the right spot.
  You can store your alias information via the -storepass option to your current directory you work on, if you don't want to update the default .keystore file?
  The .keystore contains a list of alias so you don't have to do this process again and again.
  Another tip if you want your certificate encryption validity to be more than the default one month is simply
  add the -validity <valDays>, after the -genkey option, to make your certificate usage for encryption to last much longer.
  Note: You MUST use the -keyalg rsa because for starters the rsa encyption alogorthim is supported on ALL browsers instead of the default DSA and the other one SHA. Java plugins must work with the RSA algorthim when signing applets, else you will get all sorts of weird errors :)
  Do not use signtool because thats a browser dependant solution!! Java plugin is supposed to work via running it owns jre instead of the browser JVM. So if you going to use netscape signtool, it starts to become a mess! ie certificate will install, but applet won't start and give you funny security exception errors :)
  * keytool -export -alias tstkey -file MyTestCert.crt
  It will read the alias information in the .keystore information picking up the rsa private/public keys info and
  create your self sign certificate. You can double click this certificate to install it? But don't think this step is needed but maybe for IE? Someone else can check that part.
  If you make a mistake with the alias, simply keytool -delete -v -alias <your alias key>
  If not in default .keystore file, then simply keytool -delete -v -alias <your alias key> -keystore <your keystore filename>
  * Put your classes in your jar file, my example is tst.jar.
  * jarsigner tst.jar tstkey
  Sign your testing jar file with your alias key that supports the RSA encryption alogorthim.
  * jarsigner -verify -verbose -certs tst.jar
  Check that its been verified.
  The last step is the most tricky one. Its to do with having your own CA (Certified Authority) so you don't
  have to fork out money straight away to buy a Verisign or Twarte certificate. The CA listing as you see in
  netscape browsers under security/signers, is NOT where the plugin looks at. The plugin looks at a file called
  CACERTS. Another confusion is that the cacerts file is stored in your jre/lib/security AND also at your
  JavaSoft/Jre/<Java version>/lib/security. When you install the Java plugin for the first time in uses your
  JavaSoft folder and its the cacerts file that has to be updated you add your own CA, because thats where
  the plugin look at, NOT THE BROWSER. Everything about plugin is never to do with the browser!! :)
  * keytool -import -file MyTestCert.crt -alias tstkey -keystore "D:\Program Files\JavaSoft\JRE\1.3.1\lib\security/cacerts"
  Off course point to your own cacerts file destination.
  Password to change it, is "changeit"
  Before you do this step make a copy of it in its own directory in case you do something silly.
  This example will add a CA with alias of my key called "tstkey" and store to my example destination.
  * keytool -list -v -keystore "E:/jdk/jdk1.3/jre/lib/security/cacerts"
  List to see if another CA is added with your alias key.
  Your html, using Netscape embed and Internet explorer object tags to point to the java plugin,
  your own self sign applet certificate should work
  Cheers
  Abraham Khalil

  I follow Signed Applet in Plugin, and it's working on
  my computer. Thanks
  But When I open my applet from another computer on
  network, why it does not work ..?
  How to make this applet working at another computer
  without change the policy file ..?
  thanks in advance,
  AnomYou must install the certificate on that computers plugin. Can this be done from the web? can anyone suggest a batch file or otherwise that could do this for end users?
  I want a way for end users to accept my cert as Root or at least trust my cert so I dont have to buy one. I am not worried about my users refusing to accept my cert. just how do I make it easy for them? IE you can just click the cert from a link, but that installs for IE, and not the plugin where it needs to be.

• How to use self-signed Certificate or No-Check-Certificate in Browser ?

  Folks,
  Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
  [user@localhost bin]$ ./emctl start dbconsole
  The command returns the output:
  https://localhost.localdomain:1158/em/console/aboutApplication
  Starting Oracle Enterprise Manager 11g Database Control ... ...
  I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
  The connection to localhost.localdomain: 1158 cannot be established.
  [user@localhost bin]$ ./emctl status dbconsole
  The command returns this message: not running.
  [user@localhost bin]$ wget https://localhost.localdomain:1158/em
  The command returns the output:
  10:48:08 https://localhost.localdomain:1158/em
  Resolving localhost.localdomain... 127.0.0.1
  Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
  ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
  Self-signed certificate encountered.
  To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
  Unable to establish SSL connection.
  A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
  Website certified by an Unknown Authority. Examine Certificate...
  I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
  But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
  My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
  Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
  In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
  In Authorities tab, there are a few names as indicated in the above output of wget.
  My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
  Thanks.

  Neither problem nor solution do involve Oracle DB
  root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
  This thread is OFF TOPIC for this forum.