Exporting auto-created SSL Certificate using Keychain Access

Similar Messages

• Create an ssl certificate using openssl +windows

  hi friends this is chaitu i need code to create an ssl certificate using openssl (windows o.s)
  so anybody plz help meeeeeeee

  This is a Java forum.
  If you are talking about C or C++ code using the openssl library you are asking in the wrong place.
  If you are asking how to use the openssl utility you are equally asking in the wrong place.

• Using "Keychain Access" as a Password Manager

  Hello All,
  While searching for a secure, trustworthy password manager I started wondering why I couldn't just use Keychain Access built into the Mac OS.
  I've tried others and they're all nice in their own way but why not use what's already there?
  Any suggestions, concerns or gotchas are welcomed.
  Thanks in advance for your time.
  IAV

  You can also change the security settings on your keychain and/or create additional keychains. So you might have one keychain with especially secure settings for certain items and another with less secure settings for others. Moreover, you can adjust some settings for each item within a keychain, as well.
  Or you can do what I do which is set up several keychains and then render the whole system entirely pointless by saving the passwords in your original keychain because you are terrified you'll forget them otherwise... (I don't actually know why I set them up this way...)
  My login password is not my keychain password and my keychain locks after a minute, I require a password to wake from sleep/screensaver (though this does not always work properly) and sensitive items require re-entry of the keychain password anyway. So you can set things up so your keychain is more secure if you want to, at the price of some increased inconvenience.
  - cfr

• Creating SSL certificate and configuring it with JBOSS 4.0.1

  I have to post some data to a secured site from my application.
  For this, I am creating connection to that site using URLConnection and to send data I create OutputStream using the connection.
  But, while creating the stream it is showing SSLException and message is No trusted certificate found.
  For this, I need to create SSL certificate (mostly using keytool command) and configure it with my application server which is JBOSS 4.0.1
  Now, my problem is that I don't know the exact steps to create a certificate and configure it with JBOSS. Please provide the steps in detail.

  I think you have this back to front. Unless this exception came from the server, in which case it is misconfigured, you don't have to create a certificate, you have to import the server's certificate, or that of one of its signers, into the client's truststore, and tell Java where the truststore is if it's in a non-standard location.
  See http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html. You'll have to ask about the JBoss part in a JBoss forum.

• Adding Keychain issue using Keychain Access - 10.3.9/eMac

  I recently crashed and had to erase my 10.3.9 volume.
  I'm trying to add a Keychain in a new system I installed, from a 10.3.9 library that I had backed up on a DVD, using Keychain Access. When I navigate to the Keychain folder on the DVD in the "add Keychain" dialog box, the Keychain in the folder is greyed out. The icon for that file on the DVD looks different too...it's a landscape orientation rectangle that says "exec" on it. The current Keychain has a generic document icon.
  Thanks for any help
  pauly B ;D
  eMac Mac OS X (10.3.9) 700 MHz / 384 MB / 40gig / CDR internal

  Hi
  Did you export your key chain when you had the old system, or just backed it up?
  I haven't tried this but what if you tried to copy the entire backed up copy of keychain over to its natural location on the new disk. It is owned by system, so you will be asked for password confirmation, but i think it is possible to do it in this rough way than through adding to the existing key chain (which it doesn't want to do)
  And you will need to remove the existing one first as it may resist being overwritten.
  This is speculative, but if you are brave it may successful.
  regards roam

• Trying to delete wifi certificate in Keychain Access; continually crashes

  Every time I try to delete my wifi certificate in Keychain Access, it continually crashes.  Tried it in safe mode, still crashes. I cannot get my Airport extreme 5th gen to pass along an IP address to my Mac even though mac is connected to AE (seen via Network Utility). Thought that deleting keychain password would help.
  OSX 10.10.1
  retina Macbook Pro 13

  Launch the Console application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
  Step 1
  For this step, the title of the Console window should be All Messages. If it isn't, select
            SYSTEM LOG QUERIES ▹ All Messages
  from the log list on the left. If you don't see that list, select
            View ▹ Show Log List
  from the menu bar at the top of the screen.
  In the top right corner of the Console window, there's a search box labeled Filter. Initially the words "String Matching" are shown in that box. Enter the name of the crashed application or process. For example, if Safari crashed, you would enter "Safari" (without the quotes.)
  Each message in the log begins with the date and time when it was entered. Select the messages from the time of the last crash, if any. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
  ☞ The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. A few dozen lines are almost always more than enough.
  Please don't indiscriminately dump thousands of lines from the log into this discussion.
  Please don't post screenshots of log messages—post the text.
  ☞ Some private information, such as your name, may appear in the log. Anonymize before posting.
  Step 2
  In the Console window, select
            DIAGNOSTIC AND USAGE INFORMATION ▹ User Diagnostic Reports
  (not Diagnostic and Usage Messages) from the log list on the left. There is a disclosure triangle to the left of the list item. If the triangle is pointing to the right, click it so that it points down. You'll see a list of crash reports. The name of each report starts with the name of the process, and ends with ".crash". Select the most recent report related to the process in question. The contents of the report will appear on the right. Use copy and paste to post the entire contents—the text, not a screenshot.
  I know the report is long, maybe several hundred lines. Please post all of it anyway.
  If you don't see any reports listed, but you know there was a crash, you may have chosen Diagnostic and Usage Messages from the log list. Choose DIAGNOSTIC AND USAGE INFORMATION instead.
  In the interest of privacy, I suggest that, before posting, you edit out the “Anonymous UUID,” a long string of letters, numbers, and dashes in the header of the report, if it’s present (it may not be.)
  Please don’t post other kinds of diagnostic report—they're very long and rarely helpful.

• Mail automatically adds certificates to Keychain Access. How to disable?

  Is there a way to tell Mail not to automatically store certificates from digitally signed emails (in this case, using Verisign) in Keychain Access?
  The problem is this:
  When the old certificate expires from someone else, I create a new one, and have them send a signed email to my address. Mail then automatically adds the new certificate to my Keychain Access. I then go into Keychain Access and delete the old certificate, so that I can send secure and encrypted messages to them. However, if I go back to one of their saved OLD emails, it automatically adds the old certificate back to my Keychain Access. And when I go to create a new email to them, it often will use that old certificate, which no longer works for them.
  I am looking for a way to better manage this or find out what others are doing out there with the same problem.
  Keychain should have an "archive" section to put old certificates into. These then can be referenced to open old secure and encrypted messages, but not allowed to be used for sending new email.

  Additionally, lets say something happens to your certificate and you need to download it again. In this case, from Verisign. A problem I have run into is when I go to Verisign, I am presented with the option of re-downloading my certificate. If I do this, there is no way on the Mac system that you specify this re-downloaded is your certificate. So I have to download a new certificate and then re-add my certificate to the rest of the employees and get theirs.
  There needs to be an option to select "This is my certificate". Very much like in AddressBook, how you can specify different VCards as your own.

• How to Create SSL certificate for HTTPS Connection in SAP PI

  Hi,
            I have Proxy to HTTPS scenario. I need to provide my SSL certificate( SAP PI SSL Certificate) to the vendor.
            How to generate SAP PI SSL certificate. I have already imported vendor certificate using STRUST T-code.
           I am not sure from where to generate SAP PI SSL certificate that need to be shared with vendor.
           Please help me on this issue.
  Thanks,
  Siva

  Hi,
  Check if it helps:
  http://help.sap.com/saphelp_nwpi711/helpdata/en/49/26af8339242583e10000000a421937/frameset.htm
  But as mentioned for the colleague above, you can create that on Visual Administrator Tool -> Keystore
  Regards,
  Caio Cagnani

• How to create a certificate using keytool / terminal?

  I have problems with creating certificates using the terminal. I use the instructions below and typed in all the required information. When it asks me to type "yes" and confirm, the whole process just starts from the beginning over and over and I have to type in the same things. What do I do wrong? How do I confirm the information I typed in?
  I am trying to create a certificate to sign apps for GooglePlay and Amazon. I am using DPS Professional.
  Thanks for help!
  Instructions:
  (Mac OS) Create a certificate file using Keytool
  Open Terminal, which is located in the Applications > Utilities folder.
  Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
  1
  keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
  Specifying “10000” sets the expiration date after 22 October 2033.
  Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
  Follow the prompts to specify the certificate information.
  When prompted to confirm choices, enter yes, and then press Return to use the same password.
  A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well.

  It could be access/rights issue. Enable root user and try again.

• Using Keychain Access - enable ocsp protocol

  I would like to enable OCSP.
  In keychain Access -> preferences -> certificaes I can enable the CRL or OCSP functionality.
  The options available are:
  - Off: No revocation checking will be performed.
  - Best Attempt: The certificate passes unless an indication of a bad certificate is
  returned from the server.
  - Require if Cert Indicates: If the URL to the revocation server is provided in the
  certificate, this setting requires a successful connection to a revocation server and no
  indication of a bad certificate.
  - Require for All Certs: This setting requires successful validation of all certificates. It is
  most useful in a tightly controlled environment that guarantees the presence of a
  CRL server or OCSP responder.
  - Priority: Determines which method (OCSP or CRL) is attempted first. If the first
  method chosen returns a successful validation, the second method is not attempted.
  The problem is that the "Require if Cert Indicates" and "Require for All Certs" options are disabled and I do not know how to enable them.
  Howto can I enable this options on keychain access?
  Regards
  Giovanni.

  In tiger OSX, the Require if Cert Indicates and Require for All Certs options in keychain Acces are available.
  But I have not found how enable this options in keychain Access of Leopard 10.5.6.
  Giovanni

• Jcontrol.exe not starting after creating ssl certificate

  hi,
  Iu00B4ve got a netweaver AS Java (only) 640 SP19. I tried to create a SSL certificate (Test) with visual admin and after importing "getCert" i wanted to restart the SAP-System. The problem is that jcontrol.exe has not been started and stayed grey (status: stopped).
  Hereu00B4s a part of the dev-trace:
  [Thr 3796] Thu Nov 20 16:17:36 2008
  [Thr 3796] *** ERROR => invalid return code of process [bootstrap_ID103537200] (exitcode=-2) [jstartxx.c   1465]
  [Thr 3796] JControlExecuteBootstrap: error executing bootstrap node [bootstrap_ID103537200] (rc=-2)
  [Thr 3796] JControlExecuteBootstrap: execute bootstrap process [bootstrap_ID103537250]
  [Thr 3796] INFO: Unknown property [JLaunchParameters=]
  [Thr 3796] [Node: server0 bootstrap] java home is set by profile parameter
       Java Home: D:\apps\j2sdk1.4.2_17-x64
  dev_bootstrap:
  trc file: "D:\usr\sap\CCM\JC10\work\dev_bootstrap", trc level: 1, release: "640"
  node name   : bootstrap
  pid         : 1992
  system name : CCM
  system nr.  : 10
  started at  : Thu Nov 20 16:17:32 2008
  arguments   :
      arg[00] : D:\usr\sap\CCM\JC10/j2ee/os_libs/jlaunch.exe
      arg[01] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
      arg[02] : -DSAPINFO=CCM_10_bootstrap
      arg[03] : pf=D:\usr\sap\CCM\SYS\profile\CCM_JC10_iswdmz5
  [Thr 3736] Thu Nov 20 16:17:32 2008
  [Thr 3736] INFO: Unknown property [box.number=CCMJC10iswdmz5]
  [Thr 3736] INFO: Unknown property [ms.host=iswdmz5]
  [Thr 3736] INFO: Unknown property [ms.port=3611]
  [Thr 3736] INFO: Unknown property [system.id=10]
  JStartupReadInstanceProperties: read instance properties [D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties]
  -> ms host    : iswdmz5
  -> ms port    : 3611
  -> OS libs    : D:\usr\sap\CCM\JC10\j2ee\os_libs
  -> Admin URL  :
  -> run mode   : NORMAL
  -> run action : NONE
  -> enabled    : yes
  Used property files
  -> files [00] : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  Instance properties
  -> ms host    : iswdmz5
  -> ms port    : 3611
  -> os libs    : D:\usr\sap\CCM\JC10\j2ee\os_libs
  -> admin URL  :
  -> run mode   : NORMAL
  -> run action : NONE
  -> enabled    : yes
  Bootstrap nodes
  -> [00] bootstrap            : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  -> [01] bootstrap_ID10353720 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  -> [02] bootstrap_ID10353725 : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  Worker nodes
  -> [00] ID103537200          : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  -> [01] ID103537250          : D:\usr\sap\CCM\JC10\j2ee\cluster\instance.properties
  [Thr 3736] JLaunchRequestQueueInit: create named pipe for ipc
  [Thr 3736] JLaunchRequestQueueInit: create pipe listener thread
  [Thr 3564] JLaunchRequestFunc: Thread 3564 started as listener thread for np messages.
  [Thr 3732] WaitSyncSemThread: Thread 3732 started as semaphore monitor thread.
  [Thr 3736] NiInit2: NI already initialized; param 'maxHandles' ignored
  [Thr 3736] [Node: bootstrap] java home is set by profile parameter
       Java Home: D:\apps\j2sdk1.4.2_17-x64
  JStartupIReadSection: read node properties [bootstrap]
  -> node name       : bootstrap
  -> node type       : bootstrap
  -> node execute    : yes
  -> java path       : D:\apps\j2sdk1.4.2_17-x64
  -> java parameters : -Djco.jarm=1 -Djco.jarm=1
  -> java vm version : 1.4.2_17-b06
  -> java vm vendor  : Java HotSpot(TM) 64-Bit Server VM (Sun Microsystems Inc.)
  -> java vm type    : server
  -> java vm cpu     : amd64
  -> heap size       : 128M
  -> root path       : D:\usr\sap\CCM\JC10\j2ee\cluster
  -> class path      : .\bootstrap\launcher.jar
  -> OS libs path    : D:\usr\sap\CCM\JC10\j2ee\os_libs
  -> main class      : com.sap.engine.offline.OfflineToolStart
  -> framework class : com.sap.bc.proj.jstartup.JStartupFramework
  -> registr. class  : com.sap.bc.proj.jstartup.JStartupNatives
  -> framework path  : D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar
  -> parameters      : com.sap.engine.bootstrap.Bootstrap ./bootstrap ID1035372
  -> debuggable      : yes
  -> debug mode      : no
  -> debug port      : 60000
  -> shutdown timeout: 120000
  [Thr 3704] JLaunchIStartFunc: Thread 3704 started as Java VM thread.
  JHVM_LoadJavaVM: VM Arguments of node [bootstrap]
  -> stack   : 2097152 Bytes
  -> arg[  0]: exit
  -> arg[  1]: abort
  -> arg[  2]: -Denv.class.path=d:\apps\SAPJCo\sapjco.jar
  -> arg[  3]: -Djco.jarm=1
  -> arg[  4]: -Djco.jarm=1
  -> arg[  5]: -Dsys.global.dir=D:\usr\sap\CCM\SYS\global
  -> arg[  6]: -Dapplication.home=D:\usr\sap\CCM\JC10\j2ee\os_libs
  -> arg[  7]: -Djava.class.path=D:\usr\sap\CCM\JC10\j2ee\os_libs\jstartup.jar;.\bootstrap\launcher.jar
  -> arg[  8]: -Djava.library.path=D:\apps\j2sdk1.4.2_17-x64\jre\bin\server;D:\apps\j2sdk1.4.2_17-x64\jre\bin;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\j2ee\os_libs;D:\usr\sap\Python\.;d:\sapdb\programs\bin;d:\sapdb\programs\pgm;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\CA\SharedComponents\ScanEngine;C:\Program Files\CA\SharedComponents\CAUpdate\;C:\Program Files\CA\SharedComponents\ThirdParty\;C:\Program Files\CA\SharedComponents\SubscriptionLicense\;C:\Program Files\CA\eTrustITM;D:\apps\SAPJCo;D:\apps\j2sdk1.4.2_17-x64\bin;D:\usr\sap\CCM\JC10\exe;D:\usr\sap\CCM\SYS\exe\run
  -> arg[  9]: -Dmemory.manager=128M
  -> arg[ 10]: -Xmx128M
  -> arg[ 11]: -DLoadBalanceRestricted=no
  -> arg[ 12]: -Djstartup.mode=BOOTSTRAP
  -> arg[ 13]: -Djstartup.ownProcessId=1992
  -> arg[ 14]: -Djstartup.ownHardwareId=D2128917885
  -> arg[ 15]: -Djstartup.whoami=bootstrap
  -> arg[ 16]: -Djstartup.debuggable=yes
  -> arg[ 17]: -DSAPINFO=CCM_10_bootstrap
  -> arg[ 18]: -DSAPSTARTUP=1
  -> arg[ 19]: -DSAPSYSTEM=10
  -> arg[ 20]: -DSAPSYSTEMNAME=CCM
  -> arg[ 21]: -DSAPMYNAME=iswdmz5_CCM_10
  -> arg[ 22]: -DSAPDBHOST=
  -> arg[ 23]: -Dj2ee.dbhost=iswdmz5
  [Thr 3704] JHVM_LoadJavaVM: Java VM created OK.
  JHVM_BuildArgumentList: main method arguments of node [bootstrap]
  -> arg[  0]: com.sap.engine.bootstrap.Bootstrap
  -> arg[  1]: ./bootstrap
  -> arg[  2]: ID1035372
  [Thr 3708] Thu Nov 20 16:17:34 2008
  [Thr 3708] JLaunchIExitJava: exit hook is called (rc=0)
  [Thr 3708] JLaunchCloseProgram: good bye (exitcode=0)
  and the jvm_bootstrap.out:
  Bootstrap MODE:
  <INSTANCE GLOBALS>
  determined by parameter [ID1035372].
  Missing RunningMode property - runningin NORMAL mode.
  Instance [ID1035372] will run in [NORMAL] mode, performing action [NONE]
  Discovered property [instance.en.port] with value [3211] !
  Discovered property [instance.en.host] with value [iswdmz5] !
  Synchronizing file [.\.hotspot_compiler].
  ...Synched ok!
  Synchronizing file [..\..\SDM\program\.hotspot_compiler].
  ...Synched ok!
  Synch time: 922 ms
  I hope this is enough information. Before importing the certificate from the SAP Support Portal the AS Java runned perfectly.
  regards
  Tobias Nagel

  Additional information:
  When I deactivate SSL by switching from automatic starting to manual starting in the configtool the jcontrol.exe process starts without any errors.

• Deleting certificates in Keychain Access???

  I noticed in my Keychain Acess that I have a slew of certificates which (1) I'm not sure what their purpose really serves and (2) there's a ton of them with names I don't recognize and draws my suspicion.
  What purpose do these certificates serve and what would happen if I deleted them?
  And just to clarify: I'm not talking about my passwords, etc. in Keychain Access. I'm specifically referring to Certificates which I find by clicking on: System Roots and Certificates.
  Thanks for any help.

  If you delete a certificate, the source that gave you the certificate will just offer another one when you authenticate. Certificates are just a way for encrypted connections to establish identity between a client and server. The server will digitally sign a certificate that contains a public key as well as some personal information that's used by the service you're connecting to. Certificates are provided by the service, and can have expiration dates and such.
  Cookies are similar in ways, but they arent as versatile and secure. They're generally used to let your browser keep track of when you last visited a site, perhaps contain a password for the site, and other user settings for a site. Certificates are mainly used for authorizing access to a service.

• Certificate in keychain access problem

  I have obtained three certificates I have to use to access my corporate exchange server and imported them into the login keychain as directed. They do show up in the "certificates" category of the login keychain but not in the "my certificates" category. This is the category that Entourage looks for when allowing me to select a certificate. As a result, I can't select the certificate I need. Any ideas?

  hi,
  you must import the /system/library/keychain/x509anchors first to your keychain app.
  then use #sudo certtool i zetifikat.cer v k=/System/Library/Keychains/X509Anchors to import it to .../x509anchors. (zertifikat.cer ist your certifikate name) import your certificate (in pem-format) to your keychain. if not in pem-format convert it with ms cert manager (in the office folder of the office app). apply alway trust to the certifikate in keychain.
  cheers
  jens

• What if EXPORT ITEMS if grayed out in keychain access?

  Model Name: MacBook Pro
    Model Identifier: MacBookPro6,2
    Processor Name: Intel Core i5
    Processor Speed: 2.53 GHz
    Number of Processors: 1
    Total Number of Cores: 2
    L2 Cache (per Core): 256 KB
    L3 Cache: 3 MB
    Memory: 4 GB
    Processor Interconnect Speed: 4.8 GT/s
    Boot ROM Version: MBP61.0057.B0F
    Available: 258.98 GB (258,979,909,632 bytes)
  Capacity: 499.25 GB (499,248,103,424 bytes)
  Software  OS X 10.9.5 (13F34)
  Keychain Access Version 9.0 (55153)
  I attempted to export about 10 keychain items following the procedure in Keychain Access Help. After selecting the items
  I found that Export Items was greyed out. I then selected the items one-at-a-time and found that Export Items was grayed
  out for each item. What is the problem? I am the administrator of this computer. Help offers no further help about why
  items cannot be exported.
  (Also, why is text in this box offscreen when left justified?)

  Good evening from Hamburg,
  sadly, "some keychain items" seems to be the understatement of the year. I have not found any exportable items yet. And I have no idea why it should be impossible to export a simple Internet password, e.g., or a secure note.
  In other words: "Some keychain items can not be exported." – I already read that in the help text. So please elaborate. Which ones cannot be exported (for example). What are possible reasons? Is there anything I can do about the "non-exportability" of an item? And which ones actually can be exported (for example)?
  Regards,
  I.T.W.

• Using Keychain Access for applications other than Safari

  I am trying to decide what browser I want to use. There are several things to take into consideration - bookmarks kept in sync between the browers and passwords. So far I have stayed with Safari because it works with Keychain. I tried to open Keychain and add Firefox to a web form password but it doesnt appear to work. As for the bookmark issue, I downloaded "Bookdog" and it looks nice - the latest version is supposed to sync the bookmarks between the two browsers but I dont see a setting or option for that (emailed for support on that issue).
  So, is there a way I can use Keychain for all of my browsers?

  The following blueprint (http://www.sun.com/blueprints/0406/819-6320.pdf) describes what you want, but its not wise to put user-applications on well known ports. It wouldn't be the first time that an application crashes when a networkscanner is hammering on well known ports to find known problems. Also most of the time people are trying to bind there application on a well known port to bypass firewalls for example. So if you're going to do this, then please configure IPF for example to limit the amount of IPs that can access that port.