Help with certificates

I want to sign a jar file and also make a cab file (for IE VM) with the same certificate but I can't :
First I tried to generate a certificate with makecerts (SDK for Windows) and I've imported it in keystore with keytool. That's ok except I can't signed my jar file with (it said certificate not found however certificate appears with "keytool -list" !!)
Second I generated a certificate with keytool, now I can sign my jar file ... but I can't build my cab file with !! (error : there is not valide certificate in the my cert store)
Is there possible to sign jar file and build cab file with the same certificate ? And how ?
Many thanks for any reply ...

Hi patrix3,
Well, if you;re aiming at the browser JVM and not the plug-in then all you need is one of our certificates.
Our MSAuthenticode certificate allows you to sign code for both IE and Netscape (JVM's) with a singlke certificate, all you need to do is follow a simple export/import process and sign the files with the appropriate tools.
Read more about it here:
http://www.thawte.com/getinfo/products/devel/diffapps.html
If you decide to buy though, I woudl go for the NSObjectsigning certificate as it allows you to control the keysize of the certificate, unless you do not mind using a 512 bit key...
If you need anything else, let me know.
Regards,
Jason Barr

Similar Messages

Windows Server 2008 R2 with multiple Roles OS Rebuild, Need help with Certificates.

Hi,
I have rebuilt a Server for my client and I require help with certificates..
I am unsure exactly what to do to get this server working as it was.
Example, The Windows Server 2008 R2 has Microsoft Exchange, DNS, DHCP, ADDS, FileServices,Network Policy and access Services and Webservices roles installed on a single box.
Since the Server OS Rebuild I am getting 2 issues that pop up usually when Outlook in opened on a client Workstation,
I have not dont anything certificate wise to the server since OS Install, and the messages I get and best described here
I seen on a backdrive, a few certificate files I dont know if we can use these files for anything but we have the following files of drive E (Backup)
e:\server.xxxx.com.au\gd_iis_intermediates.p7b
e:\server.xxxx.com.au\server.xxxx.com.au.crt
e:\ssl\2013-2018.cer
1st Message is about a Proxy certificate I dont get this often but saw it today and my client clicked ok too quickly.
I have seen it and didnt see it again after trying to close outlook and reopen
I looked up google images and tried to find it...
It's like this, (There is a problem with the proxy server's security certificate.
The security certificate is not from a trusted certifying authority.)
2nd Message is about Security Alert, Autodiscover.xxxx.com.au Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-X- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceed
[Yes][No][View Certificate ...]
3rd Message is very Close to the 2nd Message, is about Security Alert, xxxx-server.xxxx.local, Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
-X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
-TICK- The security certificate date is valid
-TICK- The name on the security certificate is invalid or does not match the name of the site
Do you want to preceded
[Yes][No][View Certificate ...]
If you can help guide me thou this as I'm very new to setting up certificates. I had a friend tell me about something in DNS.. but he has been super busy and I want to learn what to do.
Thank-You.

Hiya,
quite a lot has the same confusions as you do, so I've written a simple explanation on the subjet of certificates
http://jesperarnecke.wordpress.com/2014/03/22/certificates-simple-explanation/
Let me know if that helps you and if you need further assistance.

Help with certificate

Hi!
We develop here a small system for small network. In the network are some entities who wish to exchange information secretly. Now there is one CA that everybody trusts and have his Public key. When some entity wants to get a certificate it meets with the CA and the CA gives the entity a secret number. Now to get the certificate the entity need to send the secret key with his public key to CA and the CA sends back the certificate. Now the question is, when the entity sends the code and the public key, if it encodes it with CA public key is it enough??? Is it prevents from any sort of "man in the middle" attacks?
Hope i made it clear.Thanx.

Oh ok, Thanx then.
Another question. I try to explain what is going on. i've got users in the system, they want to share some information secretly. (that would be accomplished with ssl). But first of course they need to know, who is the person that they are talking withand his public key - that's where i need certificates. As i said everybody trust CA and knows his public. If from the beginning everybody already had their certificates on their computers, everything would be fine. But now i need that new users would get a certificate. So there is this protocol, the user meet CA (CA verify that the person who he says he is), Ca gives him secret number for later identification. Now when the user Log ins for the first time he sends this secret number and his public key to CA, by the secret number CA knows who's the user and sends him back his certificate.
Now to my questions: What do you suggest, using the certificate class i have in java or is it enough just to build certificate class by myself. Which has the info about person, his public key and all this is signed by the CA (with his private key of course). I'm asking this cause i looked at the certificate class in java and it looks pretty complicated to use and has to much data to enter.
So what are your suggestions?

I need help with the Web Application Certificate

Greets,
The title says it all really. I need help with the Web Application Certificate.
I've followed the instructions from here:
https://www.novell.com/documentation....html#b13qz9rn
I can get as far as item 3.c
3. Getting Your Certificate Officially Signed
C. Select the self-signed certificate, then click File > Certification Request > Import CA Reply.
I can get the certificate in to the Filr appliance but from there I'm stuck.
Any help much appreciated.

Originally Posted by bentinker
Greets,
The title says it all really. I need help with the Web Application Certificate.
I've followed the instructions from here:
https://www.novell.com/documentation....html#b13qz9rn
I can get as far as item 3.c
ok when you have you self signed certificate and you requested an official certificate with the corresponding CSR then you just need to go back to the digital certificates console. To import the official certificate, select the self signed certificate, then click File > Certification Request > Import CA Reply. Then a new windows pops out to select the certificate from your trusted authority from your local hard disk. Find the file (.cer worked for me) and click ok. As soon as you do this in the digital certificates console the self signed certificate will change the information that now it is officially signed. Look at the second column and you should see the name of your trusted authority under "issue from"
I personally had a lot of issues across all platforms. Especially Firefox and Chrome for android. Needed to pack all the root cert, intermediate cert and signed cert into one file and import as CA reply. Not even sure if this is correct now. But at least it works.

Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

I would love some help with this issue. I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0 I have a test account set up with lab.acme.com to use the ACS.
When I log into my site using Windows Auth, everything is great. However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
to use to log in and after 3-5 second
and return me the logon page with error message “Authentication failed”
I base my setup on the technet article
http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
I validated than all my certificate are valid and able to retrieve the crl
I got in eventlog id 300
The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Additional Data
Exception details:
Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
--- End of inner exception stack trace ---
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
serializationContext, AsyncCallback asyncCallback, Object asyncState)
at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
trustNamespace, AsyncCallback callback, Object state)
System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
thx
Stef71

This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
on my case was :
PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ad0001.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
Certificate : [Subject]
CN=domain.AD0001CA, DC=domain, DC=com
[Issuer]
CN=domain.AD0001CA, DC=portal, DC=com
[Serial Number]
blablabla
[Not Before]
22/07/2014 11:32:05
[Not After]
22/07/2024 11:42:00
[Thumbprint]
blablabla
Name : domain.ad0001
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : domain.ad0001
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17164
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
cer\SP2K10\ADFS_Signing.cer")
PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
Certificate : [Subject]
CN=ADFS Signing - adfs.domain
[Issuer]
CN=ADFS Signing - adfs.domain
[Serial Number]
blablabla
[Not Before]
23/07/2014 07:14:03
[Not After]
23/07/2015 07:14:03
[Thumbprint]
blablabla
Name : Token Signing Cert
TypeName : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
DisplayName : Token Signing Cert
Id : blablabla
Status : Online
Parent : SPTrustedRootAuthorityManager
Version : 17184
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
PS C:\Users\administrator.PORTAL>

Error in authentication with ldap server with certificate

Hi,
i have a problem in authentication with ldap server with certificate.
here i am using java API to authenticate.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
I issued the new certificate which is having the up to 5 years valid time.
is java will authenticate up to one year only?
Can any body help on this issue...
Regards
Ranga

sorry i am gettting ythe same error
javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
here when i am using the old certificate and changing the system date means i can get the authentication.
can you tell where we can concentrate and solve the issue..
where is the issue
1. need to check with the ldap server only
2. problem in java code only.
thanks in advance

Need Help with Windows 7 Certifications Manager - Can't log on easily

I have to do a complete restore of my 7 Windows Home Premium OS. I downloaded all of the drivers, got everything up and running, but now whenever I use Firefox, the only browser I utilize, I always get the pop-up caution box that states "Do you want to allow the following program to make changes to this computer?" I looked at where the default was set for that message, and it is set according to Windows' recommendations. Even though I have good virus protection (the complete Avast version), I am not comfortable with the thought of disabling the feature completely.
I have no experience with certificates, but with the use of Windows Help, I was able to get to the program, but I found NO program with mozilla in the string.
I think the problem is with a certification, but I have never had this problem before and would very much appreciate any assistance!
Thank you,
Belle

Hello Whatsername,
BugCheckCode 10 is the decimal version of this error 0x0000000A.
Please start by trying to apply the hotfix that is listed on this Microsoft kb article
Error message on a blue screen on a computer that is running Windows 7 or Windows Server 2008 R2: "S...
If I have helped you in any way click the Kudos button to say Thanks.
The community works together, click Accept as Solution on the post that solves your issue for other members of the community to benefit from the solution.
- Friendship is magical.

File to SOAP (Synchronous) with certificates Encryption and Descryption

Hi,
Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
Thanks,
Naidu.

For file to soap sync scenario without using BPM, you need to use the following adapter modules.
http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
For applying certificates, you need to configure SSL on java stack.
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
Regards,
Prateek

I need help with validating signatures.

I have Adobe Acrobat X and Reader 9 and need help with how to validate signatures.
I have a document that I am emailing to all employees that require the signature; but, when the form is emailed back, it states that the signatures requires validating.

Or, is the validation something I do once the form is emailed back to me?
I guess a subquestion would be, how to establish/manage trusted certificates with reader or acrobat 8.

MfE with Certificate Based Authentication on E6

Hello,
I've been trying to setup MfE on my E6 but I can't find a way to configure it to use a personal certificate, I even tried using "Nokia Configuration Tool" but it tells me that my device does not support MfE with Certificate Based Authentication, I get "Invalid Credentials" when using a username & password.
I get the same error on both Anna and Belle.
Any help would be appreciated.
Thanks

Better give the MfE configuration in detail.
Also please advise the if the server is a real Microsoft Exchange Server or a third-party mail service such as Gmail or Live.
bbao
* If this post helped you, please click the white Kudo star.
* If this post has solved your issue, please click Accept as Solution.

ActiveSync with Certificate-Based Authentication

We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.
What has been done so far:
OWA over https works fine. A public, trusted certificate is in place.
Setup ActiveSync against this Exchange server: works fine, using user name/password.
Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.
After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.
The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.
Any help will be greatly appreciated.
Roman.

No-one with this experience?
We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.
That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.

802.1x wireless authentication with certificates

Hi.
I have configured and working 802.1x authentication with certificates for Wired connections. with no problem.
when i try to authenticate the same machine with 802.1x and certificates , on Wirelss, the ACS rejects it with:
"12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ACS local-certificate."
the ACS is the same, the certificate the same, and the root ca is the same.
what's hapenning????
Antero Vasconcelos

What supplicant are we using for wireless authentication? Do we have complete chain of certificates installed on the client machine? Can you check if we have root CA/intermediate correctly installed in client and ACS.
~BR
Jatin Katyal
**Do rate helpful posts**

Need help with saving data and keeping table history for one BP

Hi all
I need help with this one ,
Scenario:
When adding a new vendor on the system the vendor is suppose to have a tax clearance certificate and it has an expiry date, so after the certificate has expired a new one is submitted by the vendor.
So i need to know how to have SBO fullfil this requirement ?
Hope it's clear .
Thanks
Bongani

Hi
I don't have a problem with the query that I know I've got to write , the problem is saving the tax clearance certificate and along side it , its the expiry date.
I'm using South African localization.
Thanks

Help with java digital signing code

hello people.
can anybody help me?
i have find a java code to resolve my problem with sending pay in soap envelope with digital signature and attached certificate. i compiled it with jdk jdk1.6.0_37. and it works.
i need it to work in built-in jvm in oracle 9i. in oracle 9i jvm release is 1.3.1. Java code does not work there. there is an error
class import com.sun.org.apache.xerces.internal.impl.dv.util.Base64 not found in import.
i did not find this class in network.
can anybody help with rewriting it for jvm 1.3.1?
thanks in advance.
code below:
import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import java.io.*;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
public class Sign {
public static void main(String[] args) throws Exception {
// TODO code application logic here
BufferedReader reader = new BufferedReader(new FileReader("c:\\cert.p12"));
StringBuilder fullText = new StringBuilder();
String line = reader.readLine();
while (line != null) {
fullText.append(line);
line = reader.readLine();
KeyStore p12 = KeyStore.getInstance("pkcs12");
p12.load(new FileInputStream("c:\\cert.p12"), "Hfrtnf$5".toCharArray());
//????????? ????????? ????, ??? ????? ????? ???????????? alias ? ??????
//Key key = p12.getKey("my kkb key", "ryba-mech".toCharArray());
Key key = (Key) p12.getKey("my kkb key", "Hfrtnf$5".toCharArray());
Certificate userCert = (Certificate) p12.getCertificate("my kkb key");
String base64Cert = new String(Base64.encode(userCert.getEncoded()));
//signing
Signature signer = Signature.getInstance("SHA1withRSA");
signer.initSign((PrivateKey) key);
signer.update(fullText.toString().getBytes());
byte[] digitalSignature = signer.sign();
String base64sign = new String(Base64.encode(digitalSignature));
String base64Xml = new String(Base64.encode(fullText.toString().getBytes()));
System.out.println("<certificate>" + base64Cert+"</certificate>");
System.out.println("<xmlBody>" + base64Xml+"</xmlBody>");
System.out.println("<signature>" + base64sign+"</signature>");
Edited by: user13622283 on 22.01.2013 22:08

My first search is to see if there is an Apache commons project that provides it. Lo and behold:
http://commons.apache.org/codec/apidocs/org/apache/commons/codec/binary/Base64.html
commons-codec.

When I click Sign, Adobe Reader XI v 11.0.4, my only option is Sign with Certificate, how do I also get the "I need to Sign" option that allow me to place a signature?

When I click Sign, Adobe Reader XI v 11.0.4, my only option is Sign with Certificate, how do I also get the “I need to Sign” option that allow me to place a signature? I need screen shots to develop a customized training pamphlet.

Hi,
Please update the Reader to 11.0.07 and then check the options.
Go to Help -> Check for updates.
Regards,
Anoop

Help with certificates

Similar Messages

Maybe you are looking for