Generating certificates pem file
Hi,
I am new to configuring client side ssl, I understand
the client (which will actually run inside WLS 8.1) needs to specify programatically or by a system property a .pem file containing trusted servers certificates. So if I understand correctly, I might have a couple of certificates, each from a different server I will be communicating with, so how should I "merge" them into one .pem file? Shouldn't there be some command line tool available? Or should they simply be inserted manually into the same file with the
"-----BEGIN CERTIFICATE-----"
"-----END CERTIFICATE-----"
header/footer to seperate them?
Any help would be apreciated,
Thanks,
Uri.
That's also what I thought.
I am actually using BEA's JRockit but I suppose they have a keytool similar to the one sun provides.
I know how to import a CA certificate to a truststore,
The thing is I need to invoke a web service via ssl, and as I was reading through the docs I encountered this section, regarding the configuration of ssl client in WebLogic:
<i>To configure basic SSL support for your client application, follow these steps:
Set the filename of the file containing trusted Certificate Authority (CA) certificates. Do this by either:
Setting the System property weblogic.webservice.client.ssl.trustedcertfile to the name of the file that contains a collection of PEM-encoded certificates.
Executing the BaseWLSSLAdapter.setTrustedCertificatesFile(String ca_filename) method in your client application.</i>
(http://e-docs.bea.com/wls/docs81/webserv/security.html#1053203)
Maybe I missunderstood the text and PEM is simply the default encoding? that is, the encoding used for any JKS?
Similar Messages
-
Problem generating .pem file from certificate
Hello and happy New Year,
I am trying to generate a PEM file to upload to my Cisco 4402 Wireless LAN Controller. I have an unchained certificate from Verisign and have followed the instructions at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml using OpenSSL to generate the .PEM.
I get as far as generating the .p12 file but I cant get the final pem file to upload to the controller.
Does any one have any pointers as to what could be going wrong. OpenSSL is not throwing up any errors.
Thanks in advance,
BenFixed!! I was calling the final PEM file something other than final.pem and openssl didn't like it.
-
.key.pem file missing from /etc/certificates
Hi all
I purchased an authority certificate from one of the big names.
It's a wildcard cert for mail.domain, ical.domain etc that I want to setup.
I've downloaded the cert from the provider and imported it into Keychain via Server Admin. That side all looks great but the cert will not work with any services. They just hang.
Server log reports that cert.domain.verylongnumber.key.pem is missing from /etc/certificates.
I had a look and indeed it's not there.
.cert.pem and .chain.pem and .concat.pem are all present and correct. So where is .key.pem
Thing is, I was using a self signed cert before and that does have a .key.pem file in /etc/certificates and that works fine....
Cheers
RyanSolved.
Turns out that the Certificate supplier (Globalsign in my case) don't supply the private key in the right format for OS X Server to understand - which is probably standard practice.
10.6 Server requires the key in .pem format - mine was supplied as .pkcs12 (.pfx/.p12)
You need to use openssl in Terminal to convert it to .pem as follows
openssl pkcs12 -in mykey.pfx -out mykey.pem -nodes
Then it can be dropped into Certificate Manager in Server Admin -
Multiple Customers having Problems with .pem files -chain certificate
I have 2 different customers who recently started using weblogic. My Applications are ASP hosted web services and require digital certificates. For added security, our CSO uses a <b>chain certificate</b>. The private cert is signed by an intermediary verisign cert which is signed by the Root CA. <p><p>
Embaressingly, I just found out one Customer completed <b>side-stepped the BEA implementation for .pem files and implemented a non BEA class to work around</b> based on difficulty they had trying to get the .pem file for the intermediary verisign cert to work. I am stuck in that I don't want to advise the second client to do the same thing, but I can't find great support on what to do and some of the BLOGS are conflicting. From what I understand, this first client struggled on this for <b>2 weeks and gave up.</b> <p><p>What I am trying to ascertain is whether the <b>private</b> .pem file is suppossed to have <b>both the RSA PRIVATE KEY as well as the CERTIFICATE of the intermediate cert inside that one .pem file or not</b>. I can see their needs to be a .pem for the intermediary and a .pem for the private but not sure if any of the data should repeat.
<p><p>
Also, good samples of how these should look would help. The .pem files my client showed me looked incorrect.
<p><p>
Please note both these clients are top Investment Banks and I think it's in both Bea's interest and my interest to see this work on Weblogic without coding around the default Weblogic security implementation.Hi Patrick,
If you fixed the issue changing your PowerShell code, would you mind posting the working code here for reference for other people that might experience this problem?
Thanks in advance.
Nico Martens - MCTS, MCITP
SharePoint Infrastructure Consultant / Trainer -
How to get the Server Certificate Chain File?
Hi all,
I config the SSL for weblogic 6.0 on a Win2k Machine .I followed WebLogic
documentation:
Generate a private key file, then submit to Verisign, get the certificate
file.
Because I have only one WebLogic server. I clear the "Server Certificate
Chain File" field.
But I get error message after reboot WebLogic. Following is the error
message:
<2001-1-21 04:57:56 pm> <Alert> <WebLogicServer> <Inconsistent security con
figuration, java.lang.Exception: Required file server-certchain.pem which is
spe
cified by ServerCertificateChainFileName, was not found>
java.lang.Exception: Required file server-certchain.pem which is specified
by Se
rverCertificateChainFileName, was not found
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromLocalFile(SSLList
enThread.java:152)
at
weblogic.t3.srvr.SSLListenThread.resolvePropertyFromAdminServer(SSLLi
stenThread.java:180)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:425)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:939)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
My question is: Should I input the rootCA certificate into the Server
Certificate Chain File field? If yes, where can I get the rootCA certificate
file?
Thanks[sorry, deleted irrelevant wrong answer]
-
Can I test social sharing w/o generating an IPA file?
Is there a way that I can test social sharing behaviors without generating certificates for an IPA file? I would like to see how my articles are captured and how they look on social media before submitting the app to the apple store. I am hoping there is an easier way than creating an IPA file.
Thanks!Found it.
I am learning why the refernce for JavaScript is 745 some odd pages.
There are system functions for Number of total Fields (numFields)
Name of any particular field (getNthfieldName)
You can then use a loop to find the field that are marked as REQUIRED and that are EMPTY.
Works GREAT inside my "Build Summary" button. -
CSS11501 Certificates & rsakey files
Can somebody please clear this up for me as I don't really understand the documentation.
I am trying to Import a VeriSign certificate to my CSS.
I Export the certificate from the Windows IIS server and it generates a .pfx file. I assume this includes the certificate & privtae rsakey.?
However, the CSS documentation shows the 'import' & 'associate' cet / rsakey as separate files but the IIS server just generates the one .pfx file..?
Do I associate bo the cert & rsakey with the same cert file - e.g.
ssl associate rsakey key1 cert1
ssl associate cert cert1 cert1.pfx
Is the above correct or is there something I'm missing.?
Thanks...JohnGiles,
As ever - many thanks... This worked and got it sorted..Thanks
Just on another note - I'm also having a problem with the 'urlrewrite' finction within the SSL-Proxy-List,
The documentation says just add the 'urlrewrite www.mydomain.com' and any normal HTTP sessions that try and access the SSL module will be re-written but with HTTPS - this is what I want.
Unfortunately, this doesn't seem to work - when I try and access teh CSS from a browser just using //http://mydomain.com/... the page just times-out. It seems the SSL module just isn't picking it up.
I'm using standard Port 443 for the HTTPS sessions and this works fine. Is there something else that needs to be configured to get the urlrewrite function working..?
Thanks for all your help so far.
Cheers...John -
How to use "keytool" generated certificates in B2B
Hi,
I have generated few certificate stores(files containing private key and trust certificate) in ".jks" format and exported client certificate from them in ".der" format using "keytool" commands in java. Now I want to use them for SSL authentication.
Is there any possible way of doing this ?
I tried to open these keystores in Wallet Manager but it did not accept those keystores. Even I tried to create a keystore with name "ewallet.pk12" (in PKCS12 format) but wallet manager did not accept it's password.
Please provide a solution if it exists.
Thanks in advance.
Regards,
Anuj DwivediHi,
If you are generating key/certficates may be you could make the "keytool" to generate the keystore in PKCS12 format. This format can be opened using Oracle Wallet Manager. Here's the command,
keytool -genkey -keyalg "RSA" -keystore ewallet.p12 -storepass welcome1 -storetype PKCS12
The above command would create a wallet in the current directory and the same can be opened in the "Oracle wallet manager".
Other Approach:
If you want to export just certificates alone from "JKS" format keystore and add it to the ewallet.p12 as an trusted entry, you can very well do that.
One thing note here, make sure keys are generated using algorithm "RSA". Sample commands below,
1. keytool -genkey -keyalg RSA -keystore test.jks
2. keytool -export -file test.crt -keystore test.jks
3. You could import the certifcate "test.crt" created in the previous step to ewallet.p12 using "Oracle wallet manager".
Regards,
Sinkar
[From Ramesh Team] -
Hello,
I have certificates from two different CAs. How can I integrate them both in a root certificate chain file, so that the WLS accepts them both?
thnaks for zour help
hanneleWhat version of WLS? Are the CA's i PEM or DER format?
PaulF
Hannele <[email protected]> wrote in
news:3d6e2971$[email protected]:
Hello,
I have certificates from two different CAs. How can I integrate them
both in a root certificate chain file, so that the WLS accepts them
both? thnaks for zour help
hannele -
Im building a web site and i need to use a .pem file for a shopping cart. Does iWeb support .pems'. I know nothing about this stuff but i have made it a long way in just a day i love iWeb. If there is a different file i can use please let me know. I need to be able to sell things on my site.
ThanksA .pem file is used to create secure SSL certificates to encrypt traffic, which is typical in an ecommerce site.
.pem files and SSL are used by the actual web server, not web pages themselves, and are beyond the scope of iWeb. -
Can i generate certificates using java api
can i generate certificates signed by my private key using java API.
I found cetificatFactory must generate a certificate from a file,
but how can i generate this file?
Thanksvisit :
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/jarsigner.html
http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
u can create ur own certificate
Edward -
SSL for Weblogic 6.0: Server Certificate Chain File & Verisign
http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for. I still don't understand why this is so difficult. Where do I get this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using a utility from OpenSSL. The format on that page is NOT .pem, what is it? Which utility do I use, and HOW do I convert the root server CA on that page to .der format?
Thanks for tips!Unfortunately this is a missleading exception you are getting.
Here is a suggested workaround (at-least to get SSL working )
https://www.verisign.com/server/prg/browser/root.html
I have been meet same question as you.
The Server Certificate Chain File obtained from your Browser (such as IE5.5 )
Jason Pettiss <[email protected]> wrote:
http://www.bea.com/support/askbea/wls/S-07188.shtml
This issue attempts to explain what a "certificate chain file" is for.
I still don't understand why this is so difficult. Where do I get
this from?
At the end of the article it points me here:
http://www.verisign.com/repository/root.html
And vaguely tells me to convert the unspecified format on that page using
a utility from OpenSSL. The format on that page is NOT .pem, what is
it? Which utility do I use, and HOW do I convert the root server
CA on that page to .der format?
Thanks for tips! -
Store server's X509certificate in to .pem file
Hi,
I recieved server's X509 certificate during SSL handshake process. now what should i need to do store my X509 Certificate in to .PEM file
like USER.pem file
some sample code
URL url=new URL(add);
HttpsURLConnection urlc=(HttpsURLConnection)url.openConnection();
x509cert=urlc.getServerCertificateChain();
now i would like to store x509[0](first certificate in the Certificate chain)
in to some USER.pem file
Thanksgo to regional settings and there change the format which ever u want.
ex: 09/11/2007 or 9/11/2007 ok -
Generate xml source file for Oracle Order Capture Print Quote
Hi,
I am new to xml and need to work on creating templates for Print Quote.
I am trying to generate the xml source file for which I enabled the report in system administrator and set the output to XML and assigned to Quoting Reports responsiblity. I then assigned XML Report Publisher to the same responsiblity.
I ran the report (Print Quote) and then I am trying to run the XML Report Publisher but I cannot get the request id in the list of values.
I am able to generate xml source file for other reports like Printed Purchase Order etc.,
The view output for the (Print Quote) report is as follows:
<?xml version="1.0" ?>
- <!-- Generated by Oracle Reports version 6.0.8.26.0
-->
<ASOPQTER />
How do I get the xml source file? Or are there seeded templates that I can use to create more templates? Any help would be appreciated. Thanks RaviHi, I am in the same position - did this issue ever ger resolved by anyone. I have done a few XMLP reports successfully now using the Word add-in, but customising the Quote output differs from other standard reports.
If you look at the data definition for Quote it is a 'dummy' definition and has no XML file attached. Does anyone know how I can get the XML format for the report output?
Also the template uses XSL-FO ?!?!?! rather than RTF - not sure how to work with this, the Oracle docs are not very helpful in this regard either.
Has anyone successfully managed to customise the Quote print report? Many thanks,
Roger -
How to preserve a background color, when generating a PDF file
I am trying to create a PDF file from some application. Please note that the picture in this application has the black background. So I invoke a Print command and set a printer as "Adobe PDF". As a result, I have generated
a brilliant PDF file of my picture, but on the WHITE background. When selecting the Adobe PDF printer, I have looked through all its settings ( in the Adobe PDF settings, I have found several tabs: General, Images, Fonts, Color, Advanced, PDF/X), none of them generated the original background color.
So how can a generate a PDF file, having the original background color (black, in my case) ?
OlegNow I feel that the background definition in the Adobe PDF printer and the background definition in the application the Adobe PDF printer is invoked from -- two different things. So I guess how can I define the black background in the Adobe PDF printer? I cannot find such settings.
Maybe you are looking for
-
Can I install the Photoshop CS6 Subscription Edition on two computers at the same time?
I'm interested in ordering Photoshop (so not the whole Creatie Cloud but single app only) via the subscription service but I'm wondering if I can install it on my home laptop as well as my office desktop. I wouldn't actually use them at the same time
-
Customer Payment history S_ALR_87012177 Report
Hello I would like to track customer payment history in SAP (checked off payment history record field in customer master). Is it possible to run a program so the system will record already posted transactions? My goal is to be able to use report S_AL
-
Servlets calls another servlet
servlets calls another servlet ...how to do it ? whats the efficient way ? class myservlet extends HttpServlet // i want to call a servlet situated at another machine in the LAN whose, IP // 123.123.45.66 (say) the servlet which is situated in anothe
-
I have a single XML file and my program have many calls can update it, potentially at close to the same time. ( I have [Fatal Error] Premature end of file] How i can synchronize access to the single xml file?
-
I just got a new windows 8 laptop and I am trying to install the version of photoshop elements I bou
I just got a new windows 8 laptop and I am trying to install the version of photoshop elements I bought at Costco on it, and it will not accept the serial number on the package.