Getting certificates from MSCertStore

Similar Messages

• C# How to get Certificate from thumbprint

  Hi everyone,
  Following the below step, i want to get Certificate from thumbprint
  1, Create Certificate by command 
  makecert -sky exchange -r -n "CN=Azure-P2S-Root-Cert"
  -pe -a sha1 -len 2048 -ss My "C:\tools\AzureCertificateName.cer"
  2, Open certmgr.msc
  3, Copy thumbprint of Certificate
  4, using code
   private static X509Certificate2 GetStoreCertificate(string thumbprint)
              List<StoreLocation> locations = new List<StoreLocation> 
                  StoreLocation.CurrentUser, 
                  StoreLocation.LocalMachine 
              foreach (var location in locations)
                  X509Store store = new X509Store("My", location);
                  try
                      store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
                      X509Certificate2Collection certificates = store.Certificates.Find(
                          X509FindType.FindByThumbprint, thumbprint, false);
                      if (certificates.Count == 1)
                          return certificates[0];
                  finally
                      store.Close();
              throw new ArgumentException(string.Format(
                  "A Certificate with thumbprint '{0}' could not be located.",
                  thumbprint));
  => Error: "A Certificate with thumbprint '{0}' could not be located.",
  Any ideas? I am really stuck here.
  Thanks a lot in advance,
  Quyen Pham

  I want to code following the step
  1,Create Virtual Network Gateway
  https://msdn.microsoft.com/en-us/library/azure/jj154119.aspx?f=255&MSPPError=-2147217396
  2, Revoke a Point-to-Site VPN Client Certificate
  https://msdn.microsoft.com/en-us/library/azure/dn547018.aspx
  first, i download file Microsoft_DL_SITE-4-10-2015-credentials.publishsettings
  and then get string ManagementCertificate = "MIIKDAIBAzCCCcwGCSqGSIb3DQEHAaCCCb0Eggm5MIIJtTCCBe4GCSqGSIb3DQEHAaCCBd8EggXbMIIF1zCCBdMGCyqGSIb3DQEMCgECoIIE7jCCBOowHAYKKoZIhvcNAQwBAzAOBAhZCJomXpq4MgICB9AEggTIM/68oC+j8ikOLVp2R5bAya5As1/vwStOjrmh3uQ56AOsbc8y5n1jGhGk4HIT4nd7cPwCPPuaYnC0UCKMOgdZouAUPXPYmgzSNXiqTaSAX4sXYbQYE75pwnCjis1YTcatVuJtIffsBTxllioonSblakob6sMuKWTD49MJS62AzbmM7Y7ioGmpF4uVykUFh6PWry5eMxNztSQ2WZJRl8lJbCKHNBzgH58U2rMELe+hCDshDRdSxXAIVT0fFWMvENKnR5yihfOD9W6m0wkQMeaBhp1tWiwdrP4I68zG/Hr0PgT5YFCnis2IQf29t83gGBNKQFESkaSqB/Hp91/0H5lKKuvn868ESOqvxUbkKwBIs46CXtsbUOh8uI+ewE5/wjeczG+j9FBNtQZxWbhkcX7naDaXWYITgsSrQY/4t5otv0AcsZNmQ05CwXwBn3RLW1Hw4GKvUEjQF9VTk+HWiye3beCniLTkYRwVqZ14sV+NmBGYLGWPzXrkXNSmcInggjcq9y27phdb1PCVeKQ0oNhoOTVd6efgYQ+YLpd3wGK/VYGphQJcacTCSfYn3RJL0JEt1PrSSX1AK9mt5Nfcb3oTU5AxU9mgTjLeBMml75MC6lAtWQ1z28ayyPwpCX4FJz7Z4QhADTCY/Nt0bEBofSth2MZ2VzHPTiqpLXyT+IvUJ/PdDxTZ1cHGzTAHeUZYihUiHKNBQI7fPstA+68j+7rIXS6sa15JJEU6Me+4j8iTHpnYM+3mO0LG2DV7FwsmzsAlY13Q+ClgUrr2bPLbAqxuQOj0HcwSKpsLLI8ynZEFbJJ9hH6re5zfZhUKOi04L2qb6LlnTiob5+cM78nw+ZWX6PKrAsx4ZweyFhAKvTZVR7TkGw81s1lpgyljK38sCaTv5gkBbuizqM6MCD9Z94vfaY+4bEGiLkzdaMFXgqJOtswTe8CZpaCwI/bOc1fum8jjkVwaXSXX/IG3Kph2sNHTvzmFE/hHXRmx5z0ryssrN12jzlVDpwoX6H2yC4T3akqfRkSGpMEzbNwz9if9QgVAJcBhsNlM2QviETKaVtyyxSkrmCm4UdDBNVJZ/IyIA6lQhS/6dxxXhBi10xG+XQ3JhAogxhOTBSMBfSlXWwlOT2KRVZbD+00x5Hm3RCXPapSPD9G1iwISOaRI7kF0oBgIDVCZ2GNUJucEQviogvwmYdx3g6PBni3sxAJV8E8KyPMKSt4TURB5werwCsYxObCNyT8i4lNjoM2W/h1BHmSq7kpmIZ9H07yD2qdN6rg+bKoijrHESdf0Bs6vb8NH0Y2DYbqqPb3N1Ek3DRwJVGwNAY9VunjtDPf6E9Wo9AMqMkCkC/HOa/zVnfXWnKX2XzLsf7gBV/46ip4u1bXW+sYtecdEj1+XPgo7DWpjotOw56hn7VS0VDIZV/ahGFviXm5VvuEhk3NoaC4gq2imH+Jo736U8kV+ti/xNZn52N9wSYHu0rMOKrPfjiyhUcY17suZinkDJLnicUHB1F9UjQktLXP9fyKgNz+9sauUjT+7N0Rqa507OF4Pfw8TYlVrKg/C4/UlVQoX+6c/mA0W7pCOMo5XxSVPEULHmMXj6Oktvtz+le1/u7KRqJlYZET+iW1rQcqHduKectdbMYHRMBMGCSqGSIb3DQEJFTEGBAQBAAAAMFsGCSqGSIb3DQEJFDFOHkwAewBBADAARAAxADYANgA0ADQALQAyADQAMwA4AC0ANAA4AEEAQQAtADgAQQAwADQALQBEAEQAMAAyADEAQQBGAEUARQA1ADkANAB9MF0GCSsGAQQBgjcRATFQHk4ATQBpAGMAcgBvAHMAbwBmAHQAIABTAG8AZgB0AHcAYQByAGUAIABLAGUAeQAgAFMAdABvAHIAYQBnAGUAIABQAHIAbwB2AGkAZABlAHIwggO/BgkqhkiG9w0BBwagggOwMIIDrAIBADCCA6UGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECIyfz8c6xK+RAgIH0ICCA3j6pViWi7ayqb2hOBXuZdLXrwhAXvqktgOD2U/HeJxAliYP+NWAZAhz/02V2zTUfRxdlk1eLiLRF21UadoTlIe9on0xZKy/ZAN3ghaNlfFNvbmV3DOlPovJd5weISr25twv5xYvHooDxs44F4IsPh9/2qH39OHHHFSGbzgjX+bI8pb/yYomQOrPwZCMd1Ydqs7VDD/sQWfd1C9H27/Ym9BMMkcqCtstMFDBQ0JlOupT1UBan+AvYTqs0xul4R0dGJFWyoNsRNWVeWATI3T98hOgYCeR76ZDV7gO6eCVeC7EV6do3Cw9ftHlKr1GQPlu4T2wvYdHvV9FeYGUmrFwehQeADcfeSgmpZEuL8L3qhBw/jURT3O7NkEfA4QL923H3bXKzzXbzrs6jFdFrmDUAHZScezCKlPtHqQ2Nvb7kJyn4yxMtnFboRlbunu9yf8xejbR/cR8T3XlbSneNSTXbSJFjurmoQGn/ZLE7rgq3ZcF2o0CMMrNwRzYKFrfj68pg30nAqZIwuvDnhZslhYD2eUExqyj7nsL7VOvFj9Z05Dyj8pgbyhTSSEvPI8GFmPGirU7yvnorK+xjHL4xE0oyf9oPatSxb1A+SSAN/T8wviEJ6MsYIigJr3mjbw9H225gfGX9Sw7YDXU4P6sj52+TLgoW8x1KV2VxuzFCN0K5wf4ylP9LT1SXaxWptpfJqIJ/ef3YbdHeJ8IO4c591egyf1bIGw9nG5ar6WqOtTbC6VmWQH4HgZgYDzF8fyFWhzneTu6zzJqvJNao/Usq7ynrLOPKgBzWgZZOqp/2P/I9hD0Gdm/9117A0rqB+xsmjOOCCyJz+rvleO8j8a6yyyFaBCTZa28YdRSM5SsbGnWgYLpV2M0fg2AIM9UszX28QnRuULw81aw5ZTAJdBacSacqwGmI+H+DF32jTu5mLtvGVSdvCnoYs+M46r40oUExS0YYEbteu0SYBXNkzn6v1Jf0BhT7yL3yNrSN6OsYkQOvfyvApFqkHZfTN/nvsw5ZXepgxmaUQv4YdXRS7MG8Iz8u6TNs07NxgSvBTUhV3u9prntI09RXZYrd4w2mVWgmAS7IPCU9rq8Sls6XPVODEAibSGVjM4lPrYsfuDMKuArIbNEWCvdwE5K93uKxHitEFMR2RVocuvA5oQ7fkV8p8TSaKwXwiVFJBFWfrMwNzAfMAcGBSsOAwIaBBT38BXHkJJ4lpM17OGhf7V1bCVk4wQUCFr1yJQiWrWnAFvqBvc8ni13foM=";
  X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(ManagementCertificate));
  using this cert, i can create ok virtual gateway, but i can not upload certificate
  Anything is wrong in here?
  Thanks and best Regards,
  Quyen Pham

• Get certificate from the browser

  Hi friends!,
  I am working with an application to get files from the client machine, to sign those files with the client's certificate and send those sign to the server.
  The application get the client's certificate from a key store, but I want the applet will get the certificate from the browser.
  Is that possible?.
  Thanks and sorry for my little english. Greetings from Venezuela.

  If all you're looking for is Client SSL Authentication, then you don't need to access the digital certificates through an applet; just enable ClientAuth on your web-server and let the browser handle it for you. While I haven't tried this with Chrome, Safari or Opera, I know for a fact that this works on Firefox and IE.
  If you're trying to access the digital certificates/keys in the browser-keystore for digitally signing some content that the applet creates, you're going to have far more difficulty. About 10-12 years ago, Netscape provided an API that allowed you to digitally sign text-content through JavaScript. That died a quiet death, I think, since I don't know of anyone who used that capability (outside of test environments).
  Years later, Mozilla added the ability to digitally sign XML content using XForms; there is even an add-on for Thunderbird (which uses the same libraries as Firefox for PKCS work): https://addons.mozilla.org/en-US/thunderbird/addon/4522/.
  However, to the best of my knowledge, the only way you can get an applet to access the borwser's keystore today is to have the security policy on the client-machine modified to provide access to the local file-system, and the applet then pretty much deals with the keystore and its objects through JCE.
  But, if I'm reading your post correctly, I think all you're looking for is SSL ClientAuth, for which you don't need to do anything other than enable it on your web-server that hosts the applets, and let the browser do the heavy lifting.
  Arshad Noor
  StrongAuth, Inc.

• Anyconnect Getting certificate from trusted 3rd party vendor

  Hi everyone,
  I have configured the Anyconnect in network.
  Now i need to get cert from 3rd party vendor so that when users login they should not get warning that this network is untrusted.
  Need to know what info i need to get from ASA so that i can get the SSL cert from the vendor?
  Also need to know if i can enable user authentication based on this cert also?
  Currently auth is done via radius?
  Regards
  Mahesh

  Each issuer's requirements vary but you generally need to submit a CSR (Certificate Signing Request) to the issuing Certificate Authority (CA). They will sign and issue a certificate for your ASA and email it back to you (or send you a link to download). You'll then have a certificate (file) to install on your ASA.
  See the link here for some more details on installing and using the certificate.

• How to get certificate from sun one directory server

  I have installed sun one directory server 5.2. Now in order to connect to the server through ldap protocol i need certificate on the client side.
  How to get the certificate from the sun one directory server...??
  ( Earlier i tried the same procedure with active directory .and i got the certificate successfully ...as well as ldap authentication..but don't know what to do with the sun one..???)
  Any tips on this issue will be helpful
  thank you

  You didn't make mention of setting up ssl on the server side, so search these boards for openssl. Some nice person uploaded an nice example of how do use openssl to do this.
  To get the ssl certs for the solaris-client ssl authentication ( tls:simple ) to work you will need to use netscape to connect to the ssl port to get the right format. There are comments in that same doc on how to do that.

• Applet does not get client certificate from browser (Firefox, IE7)

  I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
  Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
  All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
  Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
  I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
  I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
  So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
  1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
  2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
  BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
  Thanks all.

  My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
  This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
  it is not relevant to your issue.
  due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
  I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
  Applet database to function. Surprise!
  Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
  I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
  If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
  Further it opens up a complete NIO server ands starts listening for connections on a random port
  (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
  This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
  There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
  etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
  which I like the best ATM as it (X fingers it stays so) always has worked.
  Sadly that tidbit doesn't help you either I am afraid.
  What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
  SSLCACertificateFile D:/Certificates/ca.crt
  SSLVerifyClient require
  SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
  Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
  automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
  On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
  The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
  So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
  (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
  I am thinking maybe there is another method of doing this I do not know.
  Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
  Maybe someone else has other ideas; did you try the security forum??
  Sorry but I am afraid that is not much help.
  I did snarf this tidbit which may have some relevance
  The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
  In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
  -Djavax.net.ssl.keyStore=<name and path to client keystore file>
  -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
  If it is a PKCS12 format keystore, specify:
  -Djavax.net.ssl.keyStoreType=PKCS12
  In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
  Dennis
  Posted Date : 2005-07-28 19:55:50.0Good Luck!
  Sincerely:
  (T)
  Edited by: tswain on 23-Jul-2008 10:07 AM

• Provide steps to send Root CA certificate to the Lync client, getting error" There was a problem verifying certificate from the server"

  Hi,
    I Build an Lync 2013 set up with FEpool, Director pool and Exchange server is integrated. I have windows 8 client machine, with Lync client installed. When I try to login to the lync client, I am getting error like"There was a problem verifying
  certificate from the server".
  When I installed ROOT CA cert  manually on client machine I am able to login to the lync client. similarly if I add my client machine in my domain, I am able to login to the Lync client.
  Now is there any other way to send the certificate automatically to the client machine (Which are NOT part of the DOMAIN) from the server, instead of manual installation process.
  Please help me troubleshoot this problem

  Agree with S Guna, there is no easy way to push a certificate automatically to a client that you don't control other than building an installer package and asking them to run it.  In this situation, if there are a lot of non-domain joined machines
  a third party certificate is the way you need to go.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• How to get alias name of stored certificate from iKey token 2032

  Hi All,
  Below is my code woks well to use the same keypair for both encrypt/decryprt-SunPKCS#11 in SDK1.5. In my code i hard coded alias name of certificate, kindly tell me how to read alias name of certificate from iKey token 2032??
  import java.io.*;
  import java.util.*;
  import java.lang.*;
  import java.sql.*;
  import java.text.*;
  import java.math.*;
  import java.security.*;
  import java.security.cert.*;
  import java.security.interfaces.*;
  import javax.crypto.interfaces.*;
  import javax.net.ssl.*;
  import javax.crypto.*;
  import javax.crypto.spec.DESKeySpec;
  import java.security.KeyStore.*;
  public class Encrypt
  public Encrypt(){}
  public void loginToken() {
  Provider p = new sun.security.pkcs11.SunPKCS11(MQConfig.getvalue("SecurityPropertyPath"));
  String myAlias = "349eefd1-845b-4ba4-9f88-06e9f5cb82f6";
  /** to view alias name
  keytool -list -v -keystore NONE -storetype PKCS11 -storepass PASSWORD
  Security.addProvider(p);
  KeyStore ks = null;
  PrivateKey privKey = null;
  PublicKey pubKey = null;
  try{
  String password = General.ReadFiles(MQConfig.getvalue("logFilePath"),"Simple");
  password = password.trim();
  char pin[] = password.toCharArray();
  ks = KeyStore.getInstance("pkcs11");
  ks.load(null,pin);
  java.security.cert.Certificate cert = ks.getCertificate(myAlias);
  Key key = ks.getKey(myAlias, pin);
  if(PrivateKey.class.isInstance(key)) {
  privKey = (PrivateKey)key;
  pubKey = cert.getPublicKey();
  FileInputStream in = new FileInputStream("C:\\ReportDBBE.properties");
  FileOutputStream out = new FileOutputStream("C:\\ReportDBAE.properties");
  Cipher cp=Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
  cp.init(cp.ENCRYPT_MODE,pubKey);
  CipherOutputStream cout=new CipherOutputStream(out,cp);
  byte[] input=new byte[8];
  int byteread=in.read(input);
  while(byteread!=-1){
  cout.write(input,0,byteread);
  byteread=in.read(input);
  cout.flush();
  in.close();
  cout.close();
  catch(NoSuchAlgorithmException nsae)
  System.out.println("No Such Algorithm Exception " + nsae.getMessage());
  catch(NoSuchPaddingException nspe)
  System.out.println("No Such Padding Exception " + nspe.getMessage());
  catch(InvalidKeyException ike)
  System.out.println("Invalid Key Exception " + ike.getMessage());
  ike.printStackTrace();
  catch(IllegalStateException ise)
  System.out.println("Illegal State Exception " + ise.getMessage());
  catch(KeyStoreException kse)
  System.out.println("Key Store Exception " + kse.getMessage());
  catch(CertificateException ce)
  System.out.println("Certificate Exception " + ce.getMessage());
  catch(IOException ioe)
  System.out.println("IO Exception " + ioe.getMessage());
  catch(UnrecoverableKeyException unrke)
  System.out.println("Unrecoverable Key Exception " + unrke.getMessage());
  public static void main (String args[]) throws Exception {
  try{
  Encrypt tl = new Encrypt();
  tl.loginToken();
  }catch(Exception e){
  e.printStackTrace();
  Your help is very much appreciated!!!!

  Hi All,
  Now i managed to get alias name.
            char pin[] = password.toCharArray();
            ks = KeyStore.getInstance("pkcs11");
            ks.load(null,pin);
  Enumeration ea = ks.aliases();
            while(ea.hasMoreElements()) {
            myAlias = (String)ea.nextElement();
            }

• Tell me the alternate way to get my certificate from sap

  hi all,
  i badly need help. actually my company sponsered me for the certification during teched-06.
  i cleared my exam and company got the certificate also. but now my company is not ready to give me the certificate b'se they think that the moment i will get it i will leave the company.
  so plzzzz tell me is there any other way to get atleast my certification id or a duplicate certificate from sap.i have everything including the badge i got for the teched, identity card of company with photo and other id proofs also like passport, driving license etc.
  thanks a lot in advance. eagerly waiting for the response.
  zenithi george

  Hi George,
  You can contact SAP and tell them that you cleared your exam and give them the details.. Like your Name, Date of Certification Exam, Location and Company Sponsering you. And give them the address for delivery of new certificate.
  You can also contact Mr. M V Ramakrishnan from SAP. He can guide you and help you in much better way. His email ID is <b>[email protected]</b> ..Just discuss it with him. He will let you know the right person to contact and you can get your certificate at your home address.
  Ciao,
  Himanshu.

• Getting self-signed certificates from an internal server...

  Hi!
  Thanks to the beautiful [Andreas Sterbenz's|http://blogs.sun.com/andreas/entry/no_more_unable_to_find] article I was able to download the two self generated certificates from the mail server and store them in a single file. So I expected things to work like a charm but soon I had to change my mind due to the (usual) error:
  javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
  nested exception is:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:571)
  at javax.mail.Service.connect(Service.java:288)
  at javax.mail.Service.connect(Service.java:169)
  at com.agiletec.plugins.webmail.aps.system.services.webmail.WebMailManager.initInboxConnection(Unknown Source)
  at com.agiletec.plugins.webmail.aps.tags.WebmailIntroTag.doStartTag(Unknown Source)
  [etc etc]
  So here's the first question: Is it correct to store the certificates in the system properties with the following code?
  System.setProperty("javax.net.ssl.trustStore", certificateInUse); // <--- path of the file where I've stored the certificates
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); // password used
  System.setProperty("javax.net.ssl.trustStoreType","JKS");
  I haven't gone in the depth of the SSL theory but it seems to me that my webapp stores the certificates and keeps on connecting in the standard (non SSL) way....
  Thanks in advance for the time spent reading!
  Matteo

  Have you tried setting the "Always trust" property? Double click the certificate in Keychain Access and allow it to have always trust for email.
  Also, make sure that bundles are enabled for mail.
  (Forget the command, google for "defaults write com.apple.mail enableBundles")
  That did it for me.
  Br,
  T

• Is it possible to export a certificate from an iPhone?

  Hi all,
  We are distributing corporate iOS devices with an internally-issued certificate.  The user can't use the VPN client without a proper certificate.  One of our consultants has the infrastructure director all spun up with the idea that a user could export the certificate from the iPhone or iPad and transfer it to their personal device.  As far as I know, this is not possible.  Am I correct?
  Any help or thoughts are appreciated.
  Thanks,
  - Steve

  Macbook354 wrote:
  Yeah, unless you want to deal with the pain of trying to get you messages to your computer, you will have to take a screenshot (by taping the home and lock button at the same time).
  If you want to print a screenshot, it will be in the photos app to print ( click the share button and click print).  If you so not have a AirPrint printer, there are third-party apps for computers like fingerprint (look it up) that can make a fake AirPrint printer.
  I want to add something more.
  In most cases, you would need to use a paid third party tool to export and then print your iPhone text messages on your computer. If you have a low amount of messages you want to print you can also take prints creens of each message, then transfer the photos to your computer and print from there. This and more methods of printing iPhone text messages here: How to Print Text Messages from iPhone?

• I opened a file on my desktop that I don't remember putting there.  It turned out to be a keychain certificate from a client of ours.  Does this mean that they were spying on me?  What is the deal with that?  Any ideas?

  I opened a file on my desktop that I don't remember putting there. We use many photos and I thought it was a photo file I was looking for. It turned out to be a keychain certificate from a client of ours.  Does this mean that they were spying on me?  What is the deal with that?  Any ideas?

  Interesting tid bit.  I created an AAC of the original file, deleted the original MP3 from my library and also deleted the Clean matched track from the icloud.
  Result is that it matched with the explicit version of Mrs. Officer this time.
  What I am curious about is which songs this is happening for. I've went thru a few batched of about 500 songs at a time and redownloaded in 256k for many tracks. Sadly we don't have people to bring this to our attention and I have so much music that it's impossible to go thru every song to make sure I am getting the right version.

• Error while deleting certificate from key storage in visual admin.

  Hi,
  I am reconfiguring SSO with our ERP system.
  I need to delete certificate of abap system.
  when i try to delete certificate from visulal admin>server>services>key storage>ticketkeystore
  i get error stating
  com.sap.engine.services.keystore.exception.BaseRemoteException:Remote call errored
  at com.sap.engine.services.keystore.impl.KeystoreManagerManagementimpl.deleteEntry(KeystoreManagerManagementimpl.java:83)
  Pls help
  Thanks & Regards
  Raj Kiran

  I solved it.
  Visual Admin > Key Storage service ....
  1) Take note of all your Entries under the "TicketKeystore" view. You could export all of your Entries here except for the "SAPLogonTicketKeypair" in case you need this to be replaced by a new one
  2) Select the "TicketKeyStore" view and DELETE it
  3) Create the "TicketKeyStore" view again. It should be empty now.
  3) Recreate the SAPLogonTicketKeypair, and import all of the ones that you exported in step (1)
  Hope this helps
  Cheers

• How to extract certificates from IE for digital signature

  hi
  how to extract certificates from the cert store provided by Internet Explorer 6.0 and use it to read & verify the digital signatures present in the pc.this is needed in my web based application n i have no idea!!!
  pls help me out
  i have studied a lot about all JCA n JCE but the extraction part still baffles me!!!
  my application will be java based so i can make an applet/ servlet/ jsp
  drop your ideas as soon as u get time as i am stuck in the initial phase itself
  priya_16

  hi
  i've the same problem. i've found this solution, but you need download a JCE Provider that allow you to read the explorer certificate store.
  You can try this one: https://download.assembla.se/jceprovider/
  and the code:
  import se.assembla.*;
  public class Listcerts {  
       public static void list() throws Exception{
            java.security.Security.insertProviderAt(new se.assembla.jce.provider.ms.MSProvider(), 2);
            KeyStore ks = KeyStore.getInstance("MSKS","assembla");
            ks.load(null,null);
            X509Certificate cert=null;
            String alias=null;
            int count=0;
            for (java.util.Enumeration e=ks.aliases();e.hasMoreElements();){
                      alias=(String)e.nextElement();
                      cert=(X509Certificate)ks.getCertificate(alias);
                      System.out.println("\n Certificado alias"+alias+":");
                      System.out.println(cert);
                 count++;
            System.out.println ("NUM CERTS="+count);
  now, i need the same solution for Firefox browser XP
  good luck
  Message was edited by:
  meteko

• Weblogic Start script fails while Loading trusted certificates from jks

  Hi,
  I have a Weblogic Portal 10.3.2 installation on a Solaris Unix box. There is one Admin server and two Managed servers. I am trying to deploy an EJB based application on one of the Managed servers. Note that this application has been working fine in the Weblogic 9.2 environment.
  When the Managed Server is started, I get the below messages in the Weblogic console log. We have an internal SSO authentication system, which is integrated with this application. When this integration is removed, we are able to login to the application without any issues. When it is turned on, the redirection from SSO to the application fails - most likely because of the below SSL related errors.
  I have accessed the below link and accordingly set the property -Dweblogic.ssl.JSSEEnabled=true. But it didn't help.
  http://justasg.blogspot.com/2012/04/tlsssl-certificate-errors-and-warnings.html
  Please let me know if you have any suggestions.
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /data/applications/norkom/BEA103/wlserver_10.3/server/lib/DemoTrust.jks.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.228.12.24:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7020 for protocols iiop, t3, ldap, snmp, http.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "NCA_Server" for domain "norkom" running in Development Mode>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
  <Jun 4, 2012 4:52:01 PM MEST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  <WSEE:27>Warning: JMS queue 'weblogic.wsee.DefaultQueue' is not found, as a result, Web Service async responses via jms transport is not supported. If the target service uses JMS transport, the responses will not be able to come back.<JmsQueueListener.connect:287>
  Note: We have another Solaris Unix box, with the same installation of Weblogic with the same SSO redirection, but another EJB application is deployed. Also, there is no Managed and the application is deployed on the Admin server itself. But when the server is started, I don't see any attempts to load any certificates and also there are no issues.
  So either please suggest how this certificate loading can be rectified or suggest a way to disable the certificate loading (if at all its an option).
  Please let me know if you need any further details.

  Firstly,
  938767 wrote:
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.6.0_32/jre/lib/security/cacerts.>
  <Jun 4, 2012 4:51:59 PM MEST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>I don't think that this will be your problem... Unless you are actually using some of those certificates you can ignore those messages.
  But the following looks suspicious, I guess 7022 is your SSL port...
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure[1]". The address 127.0.0.1 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>
  <Jun 4, 2012 4:51:59 PM MEST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 10.228.12.24 might be incorrect or another process is using port 7022: java.net.BindException: Address already in use.>Hope that helps.
  Cheers,
  Vlad
  Give points - it is good etiquette to reward an answerer points (5 - helpful; 10 - correct) for their post if they answer your question. If you think this answer is helpful, please consider giving points.