Fi certificate

hello gurus
im applying for the FI-2005 certificate&i have some queries
1)what preparations do i have to do before the exam
2)are all the 80 questions multiple choice or does it include fill in the blanks questions?
3)can i know the exact value of the certificate?
thx for ur cooperation
hisham

1) You have study through SAP Book. Read theory and do pratical exercice.
2) No, doesn't. Just multiple choice are available in the test. Can be more then one answer.
3) Depend of the your country. Here, in Brazil, is + - US$ 500,00. If you do the test through an partner company you can pay US$ 95,00.
*Don't forget reward points to contributors.
Best regards.

Similar Messages

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

When I login to my equipment it ask for a certificate. How do I delete these certificates?

We just recently upgraded our equipment and now I don't get the whole screen parts are missing. So I figured if I delete certificates or renew them it might work. So I need to know How to delete them or renew them.

Among other things iTunes uses your credit card to confirm that you are a resident of the same country as the store you are using. Occasionally it may ask for you to confirm the details and "prove" the card by putting on a holding charge which it later releases. If you have credit in the store that should be applied to any purchases first, even if iTunes asks you to confirm your details. Your listed credit in the window can become out of date if you use more than one computer or device to make purchases. Signing out of your account, then back in, should refresh the balance.
tt2

How to use one certificate for two directory servers?

Hi,
running Sun DSEE 6.3.1 on two servers, server 1 has name ds1.example.com, server 2 has name ds2.example.com. There is a round robin DNS record ds.example.com, which alternates between:
ds1.example.com
ds2.example.com
and
ds2.example.com
ds1.example.com
An LDAP client connects to one of the servers over SSL using the name ds.example.com. We want to generate a certificate using the name ds.example.com and use it on both directory servers.
If we generate a CSR using DSCC on server 1 and get back a signed certificate, the certificate can be installed correctly on server 1. However, if we use the same signed certificate on server 2 it fails with error:
Unable to find private key for this certificate.
Failed to add the certificate.
Error executing the operation. The error code is 11.
What is the correct way to generate one CSR, have it signed by a CA and then implement this signed certificate on multiple servers?
/rolf

From one Directory Server (ds1) generate CSR with the name ds.example.com in the request. Once you get the signed cert import it into the same server you generated CSR with. Then from ds1.example.com :
scp -p <slapd install/instance path>/alias/* <account>@ds2.example.com:<slapd install/instance path>/alias/
to copy the contents of the alias path to the same location on the other Directory Server. Make sure file permissions are the same.

Asking specific client certificate (not certificates trusted by authority)

As I understand from what I read so far, during the handshake negotiation for two way ssl, the server sends the client a list of trusted certificate authorities and say to the client: "hey, those are the authorities I trust. send me a certificate that can be verified by one of them".
I also read how you can customize SSLSocketFactory to, on the client side, look for a specific certificate alias (http://www.ibm.com/developerworks/java/library/j-customssl/). I would like to move this idea further and ask for specific certificates depending on what resources the user is trying to access.
For example:
Let's suppose I have two resources on my server called "bobPrivateStuff" and "alicePrivateStuff". I also have a certificate authority who can validate both Bob and Alice certificates on a custom trust keystore. In a regular scenario, the server will ask for a client certificate and will accept either Alice or Bob certificate, as both can be verified by the custom trust.
But what if Alice can't access "bobPrivateStuff"? What if when trying to open a connection, to say http://myserver.com/services/bobPrivateStuff, the server asks specifically for Bob's certificate? Can I setup the handshake in a way it will actually ask for Bob's certificate instead of only just "any certificated trusted by this CA"?
And what piece of information could be used to distinguish one certificate from another? Is the serial number unique between multiple certificates? Is this pushing the envelop too much and trying to use SSL for more than what it is intended for?

I agree 100%. It's just that we want to use certificates to validate the client's identity (instead of relying on username/password).Fine, that's exactly what SSL & PKI will do for you.
It might not be elegantBut it is!
See my point?Of course I see your point. SSL already does that. I said that. You agreed. I agree. What it doesn't do is the authorization part. Because it can't. It isn't meant to. You are supposed to do that.
Instead of the server asking for a specific certificate, it justs checks if the certificate sent by the client has access to the resource.Not quite. It should check if the identity represented by the client certificate (Certificate.getSubjectX500Principal(), or SSLSocket.getSession().getPeerPrincipal()) has access to the resource.
This way, we can leave the server untouchedNo you can't. The server has to get hold of the client principal after the handshake and authorize it against the resource.
if Bob wants to access some resources, Bob has to prove he is who he says he is.You're still confused. That's authentication, and SSL already does that for you. SSLSocket.getSession().getPeerPrincipal() returns you the authenticated identity of the peer. The server then has to check that that identity can access that resource. This is 'authorization'. You can't automate it via keystores and truststores. That's not what they do and it's not what they're for.
So I think it is perfectly plausible to do this kind of verification on the server side (i.e. "hijack" a certificate sent to validate the ssl handshake to also verify if the user has the correct privileges).There's no 'hijacking' about it, but you're concentrating on the certificate instead of the identity it represents. A client could have a large number of certificates that all authenticate the same identity. You need to think in terms of authorizing Principals to access resources.

How can I Import CA Certificate into a new user profile when it's created

I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work.
Is there a way to get firefox to create new profiles with preconfigured Certificates?
Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).

Update... For anyone looking for a similar solution:
I ended up adding more to my logon script I have it check for a user's mozilla profile first and if not found it will use command line "firefox.exe -createprofile default" to make one. After that I just copy a working cert8.db to that new profile. Then when the user opens firefox for first time, it will detect this new profile, and it will load it along with the correct CA Certs intact...
Also, for existing profiles my script just uses nss certutil to add my proxy CA Certificate to the users profile cert8db.

Certificate error while calling a webservices from application deployed in

Hi,
When we are trying to invoke a web service from a client application which was deployed in weblogic server we are getting the certificate error. We are using go daddy certificate. Here is the log file
Anyone Please advice.
FileName
weblogic.log
FileComment
<Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
<Apr 25, 2011 1:51:15 PM EDT> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=*.wvu.edu,OU=Domain Control Validated,O=*.wvu.edu". The loading of the trusted certificate list raised a certificate parsing exception Could not set value for ASN.1 string object..>
javax.xml.ws.WebServiceException: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:322)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at wvudatacollection.wsproxy.scheduler.TimeClockScheduler_Service.<init>(TimeClockScheduler_Service.java:71)
at wvudatacollection.wsproxy.scheduler.TimeClockSchedulerServiceWrapper.getStatus(TimeClockSchedulerServiceWrapper.java:96)
at wvudatacollection.wsproxy.scheduler.GetSchedulerStatusWrapper.getStatusCode(GetSchedulerStatusWrapper.java:10)
at sun.reflect.GeneratedMethodAccessor185.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.adf.model.binding.DCInvokeMethod.invokeMethod(DCInvokeMethod.java:561)
at oracle.adf.model.binding.DCDataControl.invokeMethod(DCDataControl.java:2113)
at oracle.adf.model.bc4j.DCJboDataControl.invokeMethod(DCJboDataControl.java:3009)
at oracle.adf.model.bean.DCBeanDataControl.invokeMethod(DCBeanDataControl.java:436)
at oracle.adf.model.binding.DCInvokeMethod.callMethod(DCInvokeMethod.java:256)
at oracle.jbo.uicli.binding.JUCtrlActionBinding.doIt(JUCtrlActionBinding.java:1437)
at oracle.adf.model.binding.DCDataControl.invokeOperation(DCDataControl.java:2120)
at oracle.adf.model.bean.DCBeanDataControl.invokeOperation(DCBeanDataControl.java:464)
at oracle.adf.model.adapter.AdapterDCService.invokeOperation(AdapterDCService.java:307)
at oracle.jbo.uicli.binding.JUCtrlActionBinding.invoke(JUCtrlActionBinding.java:693)
at oracle.adf.model.binding.DCInvokeAction.refreshInternal(DCInvokeAction.java:47)
at oracle.adf.model.binding.DCInvokeAction.refresh(DCInvokeAction.java:33)
at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3107)
at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
at oracle.adf.controller.internal.binding.TaskFlowRegionController.refreshRegion(TaskFlowRegionController.java:145)
at oracle.adf.model.binding.DCBindingContainer.internalRefreshControl(DCBindingContainer.java:3038)
at oracle.adf.model.binding.DCBindingContainer.refresh(DCBindingContainer.java:2759)
at oracle.adf.controller.v2.lifecycle.PageLifecycleImpl.prepareRender(PageLifecycleImpl.java:548)
at oracle.adf.controller.v2.lifecycle.Lifecycle$9.execute(Lifecycle.java:224)
at oracle.adfinternal.controller.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:192)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.mav$executePhase(ADFPhaseListener.java:21)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener$5.before(ADFPhaseListener.java:395)
at oracle.adfinternal.controller.faces.lifecycle.ADFPhaseListener.beforePhase(ADFPhaseListener.java:60)
at oracle.adfinternal.controller.faces.lifecycle.ADFLifecyclePhaseListener.beforePhase(ADFLifecyclePhaseListener.java:44)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:246)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:193)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:266)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:96)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.wls.util.JpsWlsUtil.runJaasMode(JpsWlsUtil.java:146)
at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:140)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:313)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:312)
... 70 more
Caused by: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:103)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
... 72 more
Thanks,
Sajja
Edited by: user13514455 on Jun 13, 2011 8:35 AM

We resolved this problem for the same version of JDeveloper in the WebLogic Console. In the Domain Structure / Evironment / Servers / Settings for Default Server, click the Configuration and SSL tabs. Then change Hostname Verification to None and check the Use JSSE SSL box at the bottom.

'Error while signing data-Private key or certificate of signer not availabl

Hello All,
In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
when I have tested using Test tab of message mapping it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
' Error while signing data - Private key or certificate of signer not availableu2019.
Appreciate your expert help to resolve this issue urgently please.
Regards,
Shivkumar

Hi Shivkuar,
Could you please let me know how you were trying to achieve the XML signature.
We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
<Signature>
     <SignedInfo>
         <CanonicalizationMethod />
         <SignatureMethod />
         <Reference>
                 <Transforms>
                 <DigestMethod>
                 <DigestValue>
         </Reference>
    <Reference /> etc.
</SignedInfo>
<SignatureValue />
<KeyInfo />
<Object>ACTUAL PAYLOAD</Object>
</Signature>
I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
Thanks and Regards,
Sami.

Error in creation of TDS Certificate.

Hi
I am facing one problem in creation of TDS Certificate after successful creation of Remittance challan
(j1inchln) and Bank challan updation(j1inbank). The error msg is as follows:
"Please maintain entries in layout customizing:"
When I an went see in the customising setting - Form has assigned to Company Code.
Please guide me accordingly. Thanks & Regards
Narayana

Hi,
From the message it seems either you are using wrong company code in Organisation data of the PO or the company code need to be assigned to country in spro-enterprise structure-Financial accounting-edit copy check company code.
Please check this.
Dhruba

ISE 1.2 and iPEP Certificate Requirements

Hi,
For 1.1.x version of ISE, there are some constraints regarding the certificates used for iPEP and Admin:
Both EKU attributes should be disabled, if both EKU attributes are disabled in the Inline Posture certificate, or both EKU attributes should be enabled, if the server attribute is enabled in the Inline Postur certificate.
[http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bea904.shtml]
Does the same thing applies for iPEP in ISE 1.2? The User Guide for ISE 1.2 and Hardware Installation Guide doesn't mention anything about EKU and specific certificate attributes..
Any thoughts?
Thank you,
Octavian

The EKU validation has been removed in version 1.2
"If you configure ISE for services such as Inline Policy Enforcement Point (iPEP), the template used in order to generate the ISE server identity certificate should contain both client and server authentication attributes if you use ISE Version 1.1.x or earlier. This allows the admin and inline nodes to mutually authenticate each other. The EKU validation for iPEP was removed in ISE Version 1.2, which makes this requirement less relevant."
Source:
http://www.cisco.com/en/US/products/ps11640/products_tech_note09186a0080bff108.shtml

How to install and use certificates on client?

Hello everyone, and first of all sorry for my poor, italian-accented english.
I have some questions about SSL and certificates. I'm developing a java desktop application, which should connect to a https server, authenticate with a previously downloaded certificate and then gain access. Some specs: I work on a Windows Xp Pro machine with Netbeans 6.1 and jdk 1.6.0_07.
Now, I'm using HttpUnit libraries to connect the first time, login with basic authentication and download the certificate, but after i get it I'm not sure how to install the certificate (using java, it has to be an automated procedure) on the client machine and then how to use it to connect to the server. I've tried to use the code I've found here and after using it I can see the certificate inside Control Panel > Java > Securiy > Certificates > System, but I'm not sure I'm installing it in the correct way and/or in the correct path.
Everytime I try to connect to the server I get back a HTTP 403 forbidden exception. Does someone know any tutorials/howtos/example codes to suggest to me? Or could tell me what's the right installation procedure using java? Any help would be very appreciated.
Thanks in advance
K.

After banging my head on my keyboard for a lot of hours, I've got it!
I was trying to install a *.pfx certificate, and that was bad. I tried to convert it in *.p12 or *.cer but that workaround didn't work. Finally I've found a small code to use a *.pfx certificate without installing it and... it works! No more 403 errors now, I can get that damn page. :)
Here is the class I've used (I've found it somewhere googling around but I've lost the link, sorry. Anyway, I've modified it a little)
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.net.*;
import java.security.KeyStore;
import javax.net.*;
import javax.net.ssl.*;
public class ConnectWithPfx {
   static final int HTTPS_PORT = 443;
   public static void main(String argv[]) throws Exception {
      // Get a Socket factory
      SocketFactory factory = SSLSocketFactory.getDefault();
      SSLSocketFactory socketFactory = null;
      try {
            KeyStore keyStoreKeys;
            KeyManagerFactory keyMgrFactory;
            SSLContext sslContext;
            keyStoreKeys = KeyStore.getInstance("PKCS12");
            keyStoreKeys.load(new FileInputStream("mycertificate.pfx"),"certpassword".toCharArray());
            keyMgrFactory = KeyManagerFactory.getInstance("SunX509");
            keyMgrFactory.init(keyStoreKeys, "certpassword".toCharArray());
            sslContext = SSLContext.getInstance("SSL");
            sslContext.init(keyMgrFactory.getKeyManagers(), null, null);
            socketFactory = sslContext.getSocketFactory();
            Socket socket2 = factory.createSocket("www.my.host", HTTPS_PORT);
      } catch (Exception e) {
            e.printStackTrace();
        URL url = new URL("https://www.my.host/mypage");
        // Open a HTTP connection to the URL assigning the SocketFactory we created before
        HttpsURLConnection conn = null;
        conn.setDefaultSSLSocketFactory(socketFactory);
        conn = (HttpsURLConnection) url.openConnection();
        // Allow Inputs
        conn.setDoInput(true);
        // Allow Outputs
        conn.setDoOutput(true);
        // Don't use a cached copy.
        conn.setUseCaches(false);
        conn.setRequestProperty("Connection", "Keep-Alive");
        BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));
        String line;
        String response = "";
        while ((line = in.readLine()) != null) {
            response += line+"\n";
        System.out.println(response);
}Hope this could be useful for someone else. Thanks to everyone who read or replied to my thread. :)

Trying to create a certificate file using keytool -help!

Hi, I've followed a series of instructions using Terminal to create a certificate. Terminal produced a file and when i open it using Text Edit its about 20 lines long worth of code. I was hoping it would provide a certificate I could use. Maybe it has, I just don't know what I'm looking for!
Im working in Viewer Builder and I'm in the Provisioning tab trying to enter the "Application ID"
I'm totally stuck here. Please help!

I'm using DPS pro. My app is for Android but won't be going as far as Google Play or Amazon. It's for internal use so I want to create an APK file to distribute via email. These are the set of instructions I'm following. I'm struggling to get this to work. What should I see when this has worked? Also what do I need to enter for the Application ID?
Thanks or your help
(Mac OS) Create a certificate file using Keytool
Open Terminal, which is located in the Applications > Utilities folder.
Type (or paste) the following line (replace “myname.key.p12” with the actual name of your certificate):
1
keytool -genkey -v -keystore myname.key.p12 -alias alias_name -keyalg RSA -keysize 2048 -storetype pkcs12 -validity 10000
Specifying “10000” sets the expiration date after 22 October 2033.
Enter and reenter a password. Until the Viewer Builder supports the creation of custom Android apps, it's necessary to share this password with Adobe. Create a password that you can share.
Follow the prompts to specify the certificate information.
When prompted to confirm choices, enter yes, and then press Return to use the same password.
A certificate is created in your prompt location, such as your user name folder. Copy this certificate file to a known location. Write down the password as well.

Can't find certificate that appears on Chrome

Hi all, I have a problem and need some help. When I try to connect to Gmail, I get the following error
Cannot connect to the real mail.google.com
Something is currently interfering with your secure connection to mail.google.com.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit mail.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real mail.google.com.
LessReload
What does this mean?
mail.google.com normally uses encryption (SSL) to protect your information. When Chrome tried to connect to mail.google.com this time, mail.google.com returned unusual and incorrect credentials. Either an attacker is trying to pretend to be mail.google.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
Network errors and attacks are usually temporary, so this page will probably work later. You can also try switching to another network.
Technical details
mail.google.com has asked Chrome to block any certificates with errors, but the certificate that Chrome received during this connection attempt has an error.
Error type: HSTS failure
Subject: FG600B3908600560
Issuer: FG600B3908600560
Public key hashes: sha1/7vClZj4lhFuMwxiKhsgl6Jnbj4o= sha256/tqGQy3D+ueVGfY9YXbprcdbS+K/W5n6Bi1BDuxf70j8=
When I click on the https link i get the following info for the certificate:
If I click on certificate information I get:
As you see, the certificate belongs to Fortinet. We use that at the office for security purpose. As soon as I get online, it asks me for a password.
But, for some reason, that certificate got 'stuck' on the gmail page.
I went to keychain and tried to find that certificate to delete it, but could not find it anywhere.
Any ideas on how to fix this problem?

Ok, oddly enough it just updated and the music is back on the list...go figure =)

Not able to view certificate in QC55

Hi All,
I am trying to do a GR from an inbound delivery. The storage location is HU managed. After doing the GR i go to QC55 to view the certificate i dont see it.
The certificate is put "YES" in inbound delivery. Material master is maintained with control key and certificate type. Qi inforecord is generated. The "enhanced cert processing" is active in customization.

check in qcc0> define certificate type> Certificate for each po item , certificate for each gr item in activated. if yes then check status in qc55.
don't put any status in first screen and check

Certificate error connecting to VPN, can not validate server

Used the configuration utility to configure a profile for VPN using certificate as authentication. Keep getting error, can not validate server. When I export the cert to my desktop, I see the CRL information in it. When I view the details of the cert after installing on the iPad, I don't see any CRL information. I'm guessing this may be the problem only not sure how to resolve it.

solved the problem by adding an additional attribute in the certificate request to the VPN server (cisco router) and first enable the server SubjectAltName CA
In CA server:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
certutil -setreg policy\SubjectAltName enabled
certutil -setreg policy\SubjectAltName2 enabled
net stop certsvc
net start certsvc
In certificate request for VPN server:
In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:
san:dns=dns.name[&dns=dns.name]/san:ipaddress=x.x.x.x
(external dns/ip)
http://support.microsoft.com/kb/931351

"Can not get a key" error when assigning the OAuthTokenIssuer certificate

I am migrating from Lync Server 2010 to 2013. When deploying the 2013 server, it fails when assigning the OAuthTokenIssuer certificate. With the KeyException error below.
I've tried "re-keying" the cert and confirmed that the key is exportable. Does anyone have any insight on how to resolve this?
=============
<?xml version="1.0" encoding="UTF-8"?>
-<CsMgmtLog Name="Set-CSCertificate">
<Info Time="2014-04-21 19:00:53Z" Title="Connection">Data Source=servername.domain.com;Initial Catalog=xds;Integrated Security=True</Info>
-<Action Name="Set Certificate" Time="2014-04-21 19:00:53Z">
-<Exception Time="2014-04-21 19:00:54Z" Message="Can not get a key." Type="KeyException">
<StackTrace Time="2014-04-21 19:00:54Z"> at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.GetCurrentKeyAndUpdate(KeyPolicy& keyPolicy) at Microsoft.Incubation.Crypto.GroupKeys.DKMBase.Protect(MemoryStream plaintext) at Microsoft.Rtc.Management.Internal.KeyManagement.GroupKeyWrapper.Encode(Byte[]
inBytes) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor scope, X509Certificate2 foundCert, X509Certificate2Collection certs, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Core.Certificate.SetCMSCertificate(IScopeAnchor
scope, String thumbprint, Nullable`1 effectiveTime, Boolean isRoll) at Microsoft.Rtc.Management.Deployment.Tasks.SetCertificateTask.Action() at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)</StackTrace>
</Exception>
<Complete Time="2014-04-21 19:00:54Z"/>
</Action>
<Error Time="2014-04-21 19:00:54Z" Title="Error">An error occurred: "Microsoft.Incubation.Crypto.GroupKeys.KeyException" "Can not get a key."</Error>
</CsMgmtLog>
=============
Regards,
Yai

Please try to assign the certificate with Lync Server Management Shell.
Run the following command:
Set-CSCertificate -Identity Global -Type OAuthTokenIssuer –Thumbprint <string>.
Check if you can assign default certificate to Lync Front End Server.
Check the Root Certificate Authority certificate is not expired.
Lisa Zheng
TechNet Community Support

Fi certificate

Similar Messages

Maybe you are looking for