Generate an X509 certificate from scratch

Similar Messages

• X509 Certificate Generation from a URL

  Hi All,
  I can easily create a X509 Certificate from a text file using the CertificateFactory class and display all the fields in the generated certificate.
  Now, I wish to do same thing but using an url instead of a text file. I would like to know the followings:
  1. whether a X509 Certificate (or any other type) is associated with a server represented by the given URL. For instance, say url is http://www.xyz.com, so I wish to know whether this site has a X509 Certificate associated with it.
  2. if yes, I would like to download the certificate and read the certificate contents.
  How to do these two things?
  Can someone throw some light in this connection? Your help will be highly appreciated.
  Regards,
  ~Mohan

  I saw your posting.. I don't have an answer for you, but I need to create some X509 certificates, and I'd really apprectiate it if you could share how you created them from a file..
  thanks,
  Jim

• Mapping X509 certificate to User

  Hello Everybody,
  I am accessing SAP R/3 Function module from the outside(JAVA Application) using JCO connections.
  I got sucess doing this using Basic authentication.
  I have passed fix username and password to connect to the SAP R/3 from my JAVA program.
  But, now i want to pass X509 certificate from my Java application to SAP R/3 for authentication. I have completed my work from JAVA side. But at SAP R/3 side i don't know where to add this X509 certificate and how to map this certificate to perticular user in SAP R/3.
  If anyone knows then please help.
  Its urgent, so if anybody has some idea then please help.
  Thanks in advance,
  Bhavik
  Message was edited by: Bhavik Devisha

  Through the T-Code : PFCG you have to create the Authorization group .
  the authorization group should contain the object:
  Z:PO_APPROVER_00 ( Authorization group name).
  Add manually the object.
  First select the object  MM_E (Materials Management: Purchasing)
  Under that select M_EINK_FRG
  Assign values properly to the
  Release code: FRGCO
  Release group :FRGGR
  After that use the T-Code : SU01 to provide the rights to the user XYZ.
  By
  Subrahmanian

• Assign/Map X509 certificate to the SAP User

  Hello Everybody,
  I am accessing SAP R/3 Function module from the outside(JAVA Application) using JCO connections.
  I got sucess doing this using Basic authentication.
  I have passed fix username and password to connect to the SAP R/3 from my JAVA program.
  But, now i want to pass X509 certificate from my Java application to SAP R/3 for authentication. I have completed my work from JAVA side. But at SAP R/3 side i don't know where to add this X509 certificate and how to map this certificate to perticular user in SAP R/3.
  If anyone knows then please help.
  Thanks in advance,
  Bhavik

  Hi Sanjeev,
  Thanks for your reply.
  I will do that. and let you know shortly.
  Regards,
  Bhavik

• How can I retrieve/compute an X509 certificate's thumbprint in Python and then use it for accessing Service Management APIs from Python SDK?

  Hello,
  I am using Azure Python SDK to perform calls to ServiceManagement APIs.
  I have a .publishsettings file generated for my account which includes an encoded version of my X509 certificate and all of my subscription IDs.
  How can I retrieve/compute an X509 certificate's thumbprint in Python?
  Following is the code snippet that helps us do it in .Net.
  Is there a similar approach to do it in Python?
  var publishSettingsFile = @"C:\temp\CORP DPE Account-11-16-2011-credentials.publishsettings";
  XDocument xdoc = XDocument.Load(publishSettingsFile);
  var managementCertbase64string = xdoc.Descendants("PublishProfile").Single().Attribute("ManagementCertificate").Value;
  var importedCert = new X509Certificate2(Convert.FromBase64String(managementCertbase64string));
  thumbprint = importedCert.Thumbprint;
  Once I have the thumbprint, how can I use that thumbprint to access Service Management APIs from Python SDK?
  Thank you in Advance!
  Regards,
  Vaibhav Kale

  Hi,
  Please have check on the below article and check if it helps.
  http://azure.microsoft.com/en-in/documentation/articles/cloud-services-python-how-to-use-service-management/
  Regards,
  Mekh.

• Can't simulate GTH wrapper generated from scratch

  Hi,
  I need to use some GTH transceivers of the Virtex-6 FPGA (ML630 eval board) to communicate with a high speed digital-to-analog converter (DAC). I am firstly trying to simulate the wrapper of the GTH transceiver I created, in order to understand the signals assertion flow. However, in simulation the serial pins for transmission are always '1' (both p and n pins).
  The wrapper is created using core generator with option "from scratch" to operate in 9.92 Gbps with no line coding. The simulation uses the example design and testbench generated with the wrapper.
  However, If I generate the wrapper with a pre-defined template (e.g. 10GBASE-R), the simulation works fine.
  Does anybody know how can I solve this problem or some tip the could help me?
  Additional information:
  - ISE version 14.7
  - GTH transceiver wizard version: 1.11
  - FPGA: xc6vhx565t-2ff1924 (ML630)
  Thanks in advance.

  I solved the problem. It seems to be a problem with GTH transceiver wizard, because, even setting in wizard the option "full rate", it generates an example design for "full rate", but init.vhd file is parameterized with "full rate" disabled, and the core never starts.

• Extract ' Issued to ' from x509 certificate - Is it possible

  HI All,
  Can anyone tell me how can I extract 'Issued to' from X509 Certificate.
  I know the Issued by i.e. getIssuerDN().getName(). Please let me is it possibel to extract Issued to Information...
  Best Regards
  San

  You can use getSubjectDN() .getName() or getSubjectX500Principal().getName()
  If you need more information, please drop me an email [email protected]

• Why do v need 2 generate new smartform from scratch when v have a standard

  hi experts
  why do v need 2 generate new smartform from scratch when v have so many standard smartforms can any one explain in detail the scenario where v have 2 do that
  thanks
  bhanu

  Hello Bhanu,
  Standard smartforms are for standard SAP applications.
  Every client will customise standard SAP to suit their own requirements. So if there is a requirement specific to the cleint, they can ask us to develop a custom Smartform.
  Award points if found useful.
  Regards
  Indrajit.

• OBTM Extract consumer info from X509 certificate

  All,
  Currently working with OBTM Release 12.1.0.3.6: build 26660. We try to set up segmentation based on the certificate used for signature.
  In previous release of OBTM ( Amberpoint ), it was possible to extract the CN from it. Anyone experience with that in the current release? When we extract the certificate from the message, it get even truncated so it's not usable.
  Any help, welcome!
  Tyia,
  Cheers!
  AR

  You can use getSubjectDN() .getName() or getSubjectX500Principal().getName()
  If you need more information, please drop me an email [email protected]

• Applet does not get client certificate from browser (Firefox, IE7)

  I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
  Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
  All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
  Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
  I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
  I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
  So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
  1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
  2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
  BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
  Thanks all.

  My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
  This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
  it is not relevant to your issue.
  due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
  I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
  Applet database to function. Surprise!
  Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
  I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
  If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
  Further it opens up a complete NIO server ands starts listening for connections on a random port
  (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
  This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
  There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
  etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
  which I like the best ATM as it (X fingers it stays so) always has worked.
  Sadly that tidbit doesn't help you either I am afraid.
  What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
  SSLCACertificateFile D:/Certificates/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
  Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
  automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
  On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
  The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
  So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
  (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
  I am thinking maybe there is another method of doing this I do not know.
  Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
  Maybe someone else has other ideas; did you try the security forum??
  Sorry but I am afraid that is not much help.
  I did snarf this tidbit which may have some relevance
  The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
  In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
  -Djavax.net.ssl.keyStore=<name and path to client keystore file>
  -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
  If it is a PKCS12 format keystore, specify:
  -Djavax.net.ssl.keyStoreType=PKCS12
  In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
  Dennis
  Posted Date : 2005-07-28 19:55:50.0Good Luck!
  Sincerely:
  (T)
  Edited by: tswain on 23-Jul-2008 10:07 AM

• Accessing X509 certificate info

  We are authenticating by using a certificate for the web server. We need to authorize users for a web service by using the CN or DN shown on the certificate. For the web services, how can I pull the CN or DN off the certificate used for a web service transaction?

  I cant help you much with Oracle Apps. But my 2 cents.
  If your App server/ web server is validating the client X509 Certificates, once authentication is successful, some identifier should be passed on to your application. You should be able to leverage that to get the user CN or DN.
  When you access a web server from within your application, you can then control who can access the web service and still pass the user CN or DN or other user identifier in the SOAP Header, which the Web Service can validate. Your web service has to perform the authorization check even if you perform this at the client side.
  When the service is going to validate the User CN or DN, it is going to rely on SOAP message eitehr as body or as custom header. In this case you have to generate the SOAP message from the client with appropriate values which your application should have mapped it.
  I answered a similar question in Microsoft Platform at LinkedIn.
  http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/70725-1147608?browseIdx=4&sik=1188955275463&goback=%2Eama
  Thanks
  Ram

• Scratch 22: Creating XML Publisher report from scratch in eBS

  Problem:
  How to build a XML Publisher (XMLP) report in eBS from scratch. Thus NOT adapting or converting an existing report.
  Context:
  I have an eBS R12 Vision instance up and running where I want to learn building XMLP reports.
  This is what all tutorials I can find tell me to do:
  Most reports apparently consist of a layout template e.g. TEST.rtf and a data template e.g. TEST.xml. Now in order to generate a new report layout I am supposed to take existing output in XML format and (using ‘Load Data’ function in Template Builder plugin in Word) specify in my layout template where and how I want the actual data to pop up. So far so good.
  But now I want to build the data template from scratch and use it combined with a layout template. So I build the data template but can’t use that for building the layout template. For that I need output, for which I need a layout template.....
  Sounds like Catch 22 to me. How do I break this?
  1. Can I generate an XML-output file from the XML Data Template alone?
  2. Can I build my (RTF) layout template directly based upon the XML Data Template?
  3. Or have I completely lost the plot?
  Oh yes, dunno the first thing about Java and do not have My Oracle Support..
  Edited by: rjvencken on Jul 5, 2012 10:39 AM
  Edited by: rjvencken on Jul 5, 2012 10:51 AM

  1. Can I generate an XML-output file from the XML Data Template alone?
  create data definition with your data template-> create concurrent -> output as xml -> run -> view output and your xml
  I thought the XDODTEXE engine would pick up the (Layout) Template through concurrent program definition CPD short name which in turn points to the Data Definition (and thus Data Template). So does your answer mean I can call straight from CPD to Data Definition? I tried registering my Data Template in the Template Tab but it will not take XML as a type.2. Can I build my (RTF) layout template directly based upon the XML Data Template?
  if you want to use xml publisher desktop then you need xml (with data, not definition)
  So that's not an option I understand. Weird cuz I'd expect this to be technically easier.btw you can create your layout (rtf) without xml (data) and without data template (xml with select statement)
  create filed and past tag definition
  Yes but in that case I'd have an empty report. How would that help me?bouble click on filed:
  "Text Form Field Options" -> "Add Help Text ..." -> "Status Bar" (tab) -> "Type your own:"
  if you use bi publisher desktop plugin
  bouble click on filed:
  "BI Publisher Properties" -> "Advanced" -> "Code"
  or switch to Word Properties
  "BI Publisher Properties" -> "Word Properties" and use above path
  3. Or have I completely lost the plot?
  may be ;)

• How to generate a SSL certificate for Adobe Connect?

  My organization uses adobe connect across the internet and we
  would like to enable SSL on the server. I have instructions for
  enabling SSL once a CSR is generated, but I do not know how to
  actually generate the CSR using Adobe Connect.
  Any info on how to generate a SSL CSR would be great,
  thanks.

  There is no 'built-in' method in Connect to do this. We used
  a open-source product called OpenSSL to generate our CSR file for
  Connect. Just Google OpenSSL and download/install it (it's free).
  Then use something like this command for creating a cert:
  openssl
  req -new -key <exisiting private key file> -out <csr
  file you want to make>
  Example:
  OpenSSL> req -new -key privatekey.pem -out connectcert.csr
  After you get the new certificate from the CA, put in
  d:\breeze directory. Then update the adaptor.xml file with the new
  cert name (make sure backup the existing file).
  Make sure you REBOOT the server to enable changes! Simply
  restarting services will not work.
  Hope this helps!

• Creating a report from scratch in java and getting invalidfield error

  hello
  I am trying to generate a report java.
  I am getting invalidfieldobject - the field was not found
  I checked the resultset and it does contain the column called trn
  package com.surecomp;
  import java.io.ByteArrayInputStream;
  import java.io.File;
  import java.io.FileOutputStream;
  import java.io.OutputStream;
  import com.crystaldecisions.sdk.occa.report.application.ReportClientDocument;
  import com.crystaldecisions.sdk.occa.report.data.DBField;
  import com.crystaldecisions.sdk.occa.report.data.FieldValueType;
  import com.crystaldecisions.sdk.occa.report.definition.FieldObject;
  import com.crystaldecisions.sdk.occa.report.definition.ISection;
  import com.crystaldecisions.sdk.occa.report.exportoptions.ReportExportFormat;
  import com.crystaldecisions.sdk.occa.report.lib.ReportSDKException;
  public class reporting  {
       public static void main(String[] args) {
            reporting x = new reporting();
            x.run();
       public void run() {
            try {
                 java.sql.ResultSet javaResultSet = null;
                 Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
                 java.sql.Connection connection = java.sql.DriverManager.getConnection("jdbc:sqlserver://ssi-allmatch:1433;databaseName=mrmdus33xxx;","sa", "sa12");
                 java.sql.Statement statement = connection.createStatement();
                 javaResultSet = statement.executeQuery("select * from trades");               
                 ReportClientDocument boReportClientDocument = new ReportClientDocument();
                 boReportClientDocument.newDocument();
                 boReportClientDocument.getDatabaseController().addDataSource(javaResultSet);
                 ISection boSectionToAddTo = boReportClientDocument.getReportDefController().getReportDefinition().getDetailArea().getSections().getSection(0);
                 // Create a new Database Field Object
                 DBField boDBField = new DBField();
                 boDBField.setName("trades.trn");
                 boDBField.setHeadingText("trn");
                 boDBField.setType(FieldValueType.stringField);
                 FieldObject boFieldObject = new FieldObject();
                 boFieldObject.setDataSourceName(boDBField.getFormulaForm());
                 boFieldObject.setFieldValueType(boDBField.getType());
                 boFieldObject.setLeft(9000);
                 boFieldObject.setTop(1);
                 boFieldObject.setWidth(1911);
                 boFieldObject.setHeight(226);
                 boReportClientDocument.getReportDefController().getReportObjectController().add(boFieldObject, boSectionToAddTo, -1);
                 ByteArrayInputStream byteArrayInputStream = null;
                 byteArrayInputStream = (ByteArrayInputStream) boReportClientDocument.getPrintOutputController().export(ReportExportFormat.PDF);
                 writeFileFromInputStream("c:/bob.pdf",byteArrayInputStream);
            catch(ReportSDKException ex) {     
                 System.out.println(ex);
            catch(Exception ex) {
                 System.out.println(ex);               
      private void writeFileFromInputStream(String sfile, ByteArrayInputStream inputStream)  {
           try {
                File file = new File(sfile);
                OutputStream outputStream = new FileOutputStream(file);  
                int bytesRead = 0;  
                byte [] buffer = new byte[32768];  
                while ((bytesRead = inputStream.read(buffer, 0, 32768)) != -1) {  
                          outputStream.write(buffer, 0, bytesRead);  
                outputStream.close();    
                inputStream.close();     
           } catch (Throwable th) {

  Hi,
  I have the same problem, did you get this resolved? I am new to the Crystal Report Java SDK and want to create reports from scratch but I can't find any good resources on the internet or the website.

• While logon to lync it gives error " there was a problem verifying the certificate from the server "

  i already go through all threads related to my question. but not even one thread is satisfying my question  ok my problem is again the same it gives me error as i mentioned in title. client OS is XP. actually can somebody tell  me which certificate
  i should import in which name of certificate group.
  N ya why error has occur. help me 
  thanks in advance 
  jayesh rohit

  You'll want the CS root certificate in the trusted root certificate authorities area of the machine store (vs the user store).  If there are any subordinate CAs with intermediate certificates, put them in the intermediate certification authorities area. 
  Verify that the certificate has the correct SANs for you server.  Did you generate the certificate from the deployment wizard, did you check the box for the sip domains as you went through the wizard?  Is the certificate internally signed by your
  certificate authority?  Are you attempting to connect internally or externally when you see the issue? 
  Can you confirm that your SRV records for _sipinternaltls._tcp.domain.com have the correct port and hostname and that the hostname is also resolvable?  Can you do the same for _sip._tls.domain.com?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications