Generating Keypair and a certificate
I'm writting an applet to digitaly sign acrobat reader documents.
To sign this document i need:
- a private key
- a certificate
I'm generating both public and private key by the following code:
// Generate a 1024-bit RSA key pair
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
PrivateKey privateKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();
To test the application i don't want to use a certificate authority, i just want to get a certificate from the public key with:
the user name
the revocation date
etc...
without using command line
thank you
different implementation have different convinent approaches in from of utility methods or classes doing this, if you don't want to take the work of putting the extensions and the key together and get it signed yourself.
Look at the bouncycastle provider for example (www.bouncycastle.org) for the class org.bouncycastle.jce.X509V3CertificateGenerator
Similar Messages
-
ISE 1.2 and iPEP Certificate Requirements
Hi,
For 1.1.x version of ISE, there are some constraints regarding the certificates used for iPEP and Admin:
Both EKU attributes should be disabled, if both EKU attributes are disabled in the Inline Posture certificate, or both EKU attributes should be enabled, if the server attribute is enabled in the Inline Postur certificate.
[http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bea904.shtml]
Does the same thing applies for iPEP in ISE 1.2? The User Guide for ISE 1.2 and Hardware Installation Guide doesn't mention anything about EKU and specific certificate attributes..
Any thoughts?
Thank you,
OctavianThe EKU validation has been removed in version 1.2
"If you configure ISE for services such as Inline Policy Enforcement Point (iPEP), the template used in order to generate the ISE server identity certificate should contain both client and server authentication attributes if you use ISE Version 1.1.x or earlier. This allows the admin and inline nodes to mutually authenticate each other. The EKU validation for iPEP was removed in ISE Version 1.2, which makes this requirement less relevant."
Source:
http://www.cisco.com/en/US/products/ps11640/products_tech_note09186a0080bff108.shtml -
How to generate self-signed CA certificate, client certifacate in pkcs12
Based on the requirement, i need to generate self-signed CA certificate, client certificate, keystore type all in PKCS12 format.
Below is the successful process of generating them in DER format
1. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 2190 -config openssl.cnf
2. keytool -genkey -alias client -keyalg RSA -keystore client-keystore.jks
3. keytool -certreq -keystore client-keystore.jks -storepass clientkeystore -alias client -file client.cert.req
4. openssl ca -config openssl.cnf -out client.pem -days 2190 -infiles client.cert.req
5. openssl x509 -outform DER -in client.pem -out client.cert
openssl x509 -outform DER -in cacert.pem -out cacert.cert
6. keytool -import -file cacert.cert -keystore client-keystore.jks -storepass clientkeystore -alias ca
keytool -import -file client.cert -keystore client-keystore.jks -storepass clientkeystore -alias client
So, i try to create them in PKCS12 format
1. openssl req -x509 -newkey rsa:1024 -keyout cakey.pem -out cacert.pem -days 2190 -config openssl.cnf
2. keytool -genkey -alias client -keyalg RSA -keystore client-keystore.jks -storetype pkcs12
3. keytool -certreq -keystore client-keystore.jks -storetype pkcs12 -storepass clientkeystore -alias client -file client.cert.req
4. openssl ca -config openssl.cnf -out client.pem -days 2190 -infiles client.cert.req
5. openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem -name "CA Certificate"
cacert.p12 successfully created. but,
openssl pkcs12 -export -out client.p12 -in client.pem -inkey cakey.pem -name "Client Certificate"
error message said "No certificate matches private key"
I have no idea that which step goes wrong....any advice or suggestion? importantly is to convert into pkcs12 format.
ThanksYour last step should be to import the signed certificate back into your client PKCS#12 keystore, client-keystore.jks.
This file contains the private key used to create your signing requets originally, and must be matched when importing the signed certificate back in.
I think you will need to follow steps 5 & 6 in your DER example to complete the client PKCS12 keystore (including -storetype pkcs12 argument on the import statement).
Another way is to simply convert the keystore created in your DER example into a pkcs#12, by using JRE1.6 command:
keytool importkeystore -srckeystore [jks keystore] -srckeystoretype jks -destkeystore [pkcs12 keystore] -destkeystorestype pkcs12 -
OBIEE 11g SSL how to generate self-signed/demo certificate
Hi,
We are enabling SSL for OBIEE 11.1.1.5 environment and want to generate self-signed or demo certificate.
We are following note 1326781.1 and are at Step 1 - point 4 that says:
4. Submit the Certification request to your Signing Authority (CA).
Certification Authority(CA) is an valid signing authority of your choice (for example: OpenSSL, Verisign,
Microsoft, etc)
Upon submission of the certificate request, CA returns the certificate for the testmachine server (Server Certificate). Copy the CA certificate and Server Certificate to <MW_HOME>/SSL folder.
How to gerenate self-signed or demo certificate?
Thanks in advance.As long as you have the keytool on that server (installed with WLS) , you can create the generate the certificate and import that into a keystore.
Follow : Getting Started with WebLogic Server: How to Create and Configure Self Signed Certificates for WebLogic Server Environments [ID 1341192.1] , describes the two options.
http://www.techpaste.com/2012/06/steps-configure-ssl-oracle-weblogic-server-custom-identity-java-trust-keystore/
I am not sure how to generate self signed certs on IBM AIX machine.
HTH,
SVS -
Cisco Expressway C and E Certificates
Hi
I need some help on expressway C and E certificates. I need to know which certificates are reuired on both the systems.
What is the complete procedure to generate the license from internal Microsoft CA server and upload these certificates to Expressway C and E?
Regards
Rohit MahajanHere is the document Jamie is referring to:
Expressway Certificate Creation and Use Deployment Guide -
Problems generating a self-signed certificate using SDK
Adobe AIR 1.1 SDK was extracted to "D:\AIR\SDK\" in XP Pro
SP2 system. Also Java 2 runtime version 1.4 installed.
When I'm trying to generate a self-signed certificate I typed
the following in command line:
D:\AIR\SDK\bin\adt.bat -certificate -cn SelfSign 2048-RSA
newcert.p12 pass123
After a short delay an "unable to create output file" message
appears in command console and an empty (0 byte length) newcert.p12
created.
What may be the problem?
Also I would like to know if there was another way to create
self-signed certificates or is it possible to build air packages
without signing the source code?
Thanks in advance and sorry for bad English!I haven't seen this error occur before. It could indicate a
full drive or similar condition that might prevent writing to the
file.
Can you try using Java 1.5? Although 1.4 is officially
supported, I think 1.5 receives much more testing.
You can create self-signed certificates using other tools. If
you do that, make sure the certificate is marked as usable for
code-signing; otherwise, adt won't accept it.
You cannot create air packages without signing them. -
SA540 and SSL certificate from DigiCert
Has anyone succeeded in installing a SSL certificate from DigiCert on a SA540 router?
The SSL certifcate is a wildcard variant (*.example.com).Hello Mr. ivar,
In order to get a new SSL certificate please follow the next instructions:
STEP 1 : Click Administration > Authentication.
The Authentication (Certificates) window opens.
STEP 2 For each type of certificate, perform the following actions, as needed:
• To add a certificate, click Upload. You can upload the certificate from the PC or the USB device. Click Browse, find and select the certificate, and then
click Upload.
• To delete a certificate, check the box to select the certificate, and then click
Delete.
• To download the router’s certificate (.pem file), click the Download button under the Download Settings area.
STEP 3 To request a certificate from the CA, click Generate CSR.
The Generate Certification Signing Request window opens.
a. Enter the distinguished name information in the Generate Self Certificate
Request fields.
• Name: Unique name used to identify a certificate.
• Subject: Name of the certificate holder (owner). The subject field populates the CN (Common Name) entry of the generated certificate and can contain these fields:
- CN=Common Name
- O=Organization
- OU=Organizational unit
- L= Locality
- ST= State
- C=Country
For example: CN=router1, OU=my_dept, O=my_company, L=SFO, C=US
Whatever name you choose will appear in the subject line of the generated CSR. To include more than one subject field, enter each subject separated by a comma. For example: CN=hostname.domain.com, ST=CA, C=USA
• Hash Algorithm: Algorithm used by the certificate. Choose between MD5 and SHA-1
•Signature Algorithm: Algorithm (RSA) used to sign the certificate.
• Signature Key Length: Length of the signature, either 512 or 1024.
• (Optional) IP Address, Domain Name, and Email Address
b. Click Generate.
A new certificate request is created and added to the Certification Signing Request (CSR) table. To view the request, click the View button next to the certificate you just created.
Or you could check it on the next link. please check page 191
http://www.cisco.com/en/US/docs/security/multi_function_security/multi_function_security_appliance/sa_500/administration/guide/SA500_AG_OL1911404.pdf
If this answer was satisfactory for you, please mark the question as Answered.
Diego Rodriguez
Cisco network engineer
Thank you -
Private key and digital certificate
I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
and i got,
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
Question :
I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
If so , what are private keys and digital certificate in the above contents ?
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_CitizenThe content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .
-
Generate pdf and html(urgent)
can anybody tell how to generate pdf and html from a single report,
thanks in advFrom a single report, you can generate outputs to html, htmlcss, pdf, rtf, XML and text formats.
If you use rwclient, rwrun or rwservlet methods, specify desformat=pdf/html and the destination file name in desname command line parameters.
If you use Reports Builder, open a report, select File->Generate to file and select html/pdf. Then give the file name.
For more details, Refer to Reports Tutorial / Publishing Reports document from this site.
http://otn.oracle.com/docs/products/reports/content.html
Thanks,
The Oracle Reports team -
How to generate Header and Trailer for a file
Hi Guru
How can we generate header and Trailer for a file
EX:
i want to generate header with date and trailer with record count from table.
Sample file :
20120120
fwsfs
adfwsfd
adff
afsadf
afdwsg
adgsg
adgsgg
asgdsag
sdgasgdaf
sdfsagfadf
10Hi ,
1.Create an interface to load data from oracle to file and set generate header as false option in IKM .
2.Create variable get_current_date of alphanumeric datatype and implement logic SELECT to_Char(SYSDATE,'yyyymmdd') FROM DUAL under refreshing tab
3.Create variable get_record_count of numeric datatype and implement logic SELECT '<%=odiRef.getPrevStepLog("INSERT_COUNT")%>' FROM DUAL under refreshing tab
4.Create a package
Drag the get_current_date variable ,
Drag odioutfile and paste the below logic OdiOutFile "-FILE=D:\ODI_TEST\emp.txt" "-CHARSET_ENCODING=ISO8859_1" "-XROW_SEP=0D0A" #GET_current_date in command tab
Drag the interface
Drag another variable get_Record_count
Drag the odioutfile and paste the below logic OdiOutFile "-FILE=D:\ODI_TEST\emp.txt" -APPEND "-CHARSET_ENCODING=ISO8859_1" "-XROW_SEP=0D0A"
#GET_RECORD_COUNT in command tab
Link all these in sequence,save and run the package.
OR Modify the IKM SQL to File Append to achieve same functionality.
Thanks,
Anuradha -
Hi,
I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
Please suggest how to pass both the certs from client Application..Hi,
This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
And for more information, you could refer to:
http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
Regards -
ISE 1.2 and multiple certificates
Hello,
Hopefully someone can answer this question. We have ISE 1.2 setup and running, 802.1x and user and computer certificates. All is working fine except some users have two user certificates, one from our server the other from our parent company. When these users log in they get a bubble message saying "additional information is required to connect to the network", they click on this and they are asked to pick a certificate. If they pick the one from us all works.
Question, is there a way either in Windows or ISE to use our certificate by default? The PCs in question all have the cisco NAC agent, 4.9.43, and are either XP, Windows 7 or 8.
ThanksThanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac.
-
I have new Adobe premier Elements13 and Photoshop elements 12, (Download from Amazon) but Cannot access website to generate code and register. Please help if you can.
I do not know how to find my PC specific code, nor can I simply use another PC if the programs are then only for use on that (not my main) PC!. I have entered the correct serial/codes which came in the download files but simply cannot go further as each time I try it fails to connect with the website?
VincePlease post Photoshop Elements related queries over at
http://forums.adobe.com/community/photoshop_elements -
While doing F-32 residual payment - Two documents generated AB and RV
Hi all,
While Clearing partial payment with respect to Invoice thorough F-32 ( As residual )- Two documents generated AB and RV in development system.
where as in Quality and Production system there is only one AB document generated.
Is it standard behavior to generate AB and RV?
Customer don't what that RV document to be generated.Hi,
This is one of the option given by SAP to manage your open items in case of partial payments. In this process when you go for residual payment, your original open item against which partial payment is made gets cleared & system automatically creates a new open item with the balance amount.
e.g you have an open item of Rs 10,000/- since 01.03.2014 & today i.e on 01.04.2014 you are making an payment of Rs 6,000/- against the said item & you opt for residual payment. In this case the original open item i.e Rs 10,000/- gets cleared & a new open item of i.e Rs 4,000/- get created . Note that this new open item created by the system will have the new document date (01.04.2014) and new baseline date, i.e here aging of your receivable/payable does not reflects the true picture.
But this is not the case when you opt for partial clearing method. In partial clearing method , the original open item is not cleared, instead both the items are shown as open items.
If you take the case of above example, after making the partial payment of Rs 6,000/- against Rs 10,000/- you will have two open items. One the original one of Rs 10,000/- since 01.03.2014 and another for Rs 6,000/- on 01.04.2014.In this case the aging of your receivable/payable shows the true picture.
Yes its a business decision ,which method to adopt.
Thanks & regards
Deepak -
After generating automatic documents in Frame9 suchs as TOC, List of Figures and the like I have saved these as templates. Trying to import these formats into newly generated documents will not import the chapter and pagenumbers nor their layout even though these have been included on the reference pages. Adjusting these afterwards often does not affect position, style or layout. More concrete: the numbers in front of the titles are specified yet missing, the page numbers are directly behind the titles instead of at the configured tab stop. Moreover, titles are in Arial, while the pagenums having the same paragraph tag are times new roman. Something I cannot seem to change. Why does Frame not import the settings from the template or respond to my adjustments after updating. Sometimes it only partly updates.
Any help and ideas are welcomePieter van de Sande wrote:
Ok that's what I thought when posing the question. Index and TOC are incompatible. To me they are simply generated files and if I configure the page numbers to be on the right in the Arial font in the TOC I expect these to be the same after importing formats into another generated file. I guess I need to change my train of thought.
Yes, the're independent from each other. If you look on the TOC reference page, you'll find entries like:
<$paratext>(tab character) <$pagenum>
This entry is formatted using the assigned "TOC" paragraph style, e.g. if you're reading a paragraph style named "Heading1", this entry is formatted using the "Heading1TOC" paragraph style. If this style is set to Arial, the whole line (paragraph text and page number) will be formatted using the Arial font, as long as you don't use separate character styles for the placeholders (<$paratext> or <$pagenum>).
Looking on the SIX reference page, there are other entries. You'll see e.g.
Level1SIX (tab character)
(tab character)<$pagenum>
In this case the text entry is formatted using the "Level1SIX" paragraph format, and the page number is formatted using the "IndexSIX" format. These may specify different fonts. You see, there are completely different formats and "building blocks" which are used to create a TOC and an Index entry.
Bernd
Maybe you are looking for
-
Report for vendor across company code
Hi, We want to have a report which include the vendor name along with its transaction total and net balance. Will also need to have the overall view of the vendor for all company codes, as many of our company codes purchases from the same supplier. R
-
hi i want know what is the difference between BDC and LSMW and which is best also tell me BDC and LSMW using for which type data (like master or transactional data) thanka in advance deepak
-
As we all probably know the dunning module only prints. We want to create an add-on where it takes the dunning information and calculation and post into the BP A/R reconciliation module the interest calculate from the dunning. We have suggested our c
-
hello, every time i start up my Mac mini i get a message saying To open "adobe" you need to install a Java SE 6 runtime. But when i press install it says no connection available even though i am connected to a really reliable and fast connection. Ple
-
How to create cross tab reports in SAP-MII
how to create cross tab reports in SAP-MII