How to assign digitally signed certificates to soap clients?

Hi,
I create a webservice proxy for DRM api service which needs a x509 certificate for digital signature. I added the certificate to jre's keystore since it is not signed. But I am getting some strange error when I run the proxy.
Certificate path validation failed. No trusted certificates present in the keystore
SEVERE: WSM-07501 Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.client, application=null, composite=null, modelObj=DrmService, policy=null, policyVersion=null, assertionName=null.
oracle.wsm.common.sdk.WSMException: WSM-00138 : The path to the certificate is invalid due to Certificate path validation failed for identity in WSDL certificate "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown", Issuer of certificate is "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown".
I am sure that it is not hitting the server. Any help would be appreciated.
Thanks,
~Sri.
Edited by: user1643647 on Jan 19, 2012 2:09 PM

Save a copy before signing - important. Think of signing as final.

Similar Messages

  • How to use self-signed Certificate or No-Check-Certificate in Browser ?

    Folks,
    Hello. I am running Oracle Database 11gR1 with Operaing System Oracle Linux 5. But Enterprise Manager Console cannot display in Browser. I do it in this way:
    [user@localhost bin]$ ./emctl start dbconsole
    The command returns the output:
    https://localhost.localdomain:1158/em/console/aboutApplication
    Starting Oracle Enterprise Manager 11g Database Control ... ...
    I open the link https://localhost.localdomain:1158/em/console/aboutApplication in browser, this message comes up:
    The connection to localhost.localdomain: 1158 cannot be established.
    [user@localhost bin]$ ./emctl status dbconsole
    The command returns this message: not running.
    [user@localhost bin]$ wget https://localhost.localdomain:1158/em
    The command returns the output:
    10:48:08 https://localhost.localdomain:1158/em
    Resolving localhost.localdomain... 127.0.0.1
    Connecting to localhost.localdomain|127.0.0.1|:1158... connected.
    ERROR: cannot verify localhost.localdomain's certificate, issued by `/DC=com/C=US/ST=CA/L=EnterpriseManager on localhost.localdomain/O=EnterpriseManager on localhost.localdomain/OU=EnterpriseManager on localhost.localdomain/CN=localhost.localdomain/[email protected]':
    Self-signed certificate encountered.
    To connect to localhost.localdomain insecurely, use `--no-check-certificate'.
    Unable to establish SSL connection.
    A long time ago when I installed Database Server Oracle 11gR1 into my computer, https://localhost.localdomain:1158/em in Browser comes up this message:
    Website certified by an Unknown Authority. Examine Certificate...
    I select Accept this certificate permanently. Then https://localhost.localdomain:1158/em/console/logon/logon in Browser displays successfully.
    But after shut down Operating System Oracle Linux 5 and reopen the OS, https://localhost.localdomain:1158/em/console/logon/logon in Browser returns a blank screen with nothing, and no more message comes up to accept Certificate.
    My browser Mozilla Firefox, dbconsole, and Database Server 11gR1 are in the same physical machine.I have checked Mozilla Firefox in the following way:
    Edit Menu > Preferences > Advanced > Security > View Certificates > Certificate Manager > Web Sites and Authorities
    In web sites tab, there is only one Certificate Name: Enterprise Manager on localhost.localdomain
    In Authorities tab, there are a few names as indicated in the above output of wget.
    My question is: How to use self-signed certificate and no-check-certificate in Mozilla Firefox for EM console to display ?
    Thanks.

    Neither problem nor solution do involve Oracle DB
    root cause of problem & fix is 100% external, detached, & isolated from Oracle DB.
    This thread is OFF TOPIC for this forum.

  • How to replace self-signed certificate for enterprise manager console

    Does anyone know how to change self-signed certificate for https access to Enterprise Manager console, which is issued during installation of Oracle 11g?

    Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
    Not sure how relevant it will be for 11g, sorry :(

  • How to monitor self signed certificates using scom 2007 R2

    How to monitor self signed certificates using scom 2007 R2.  i need to monitor specifically self signed certificates expiration. if  possible in two state monitor...please suggest me the best way..
    B John

    Hi,
    Based on my understanding, that you want to create a monitor to monitor certificate expiration, with two state, when the certificate is about expiration for 21 days,, send warning, when the certificate is about expiration for 10 days, then send
    alert. I think we need to create scripts to do so, hope the below links can be helpful:
    Monitoring Certificates In SCOM
    http://blogs.technet.com/b/omx/archive/2013/01/30/monitoring-certificates-in-scom.aspx
    Monitoring Expiring Certificates using SCOM
    http://blogs.technet.com/b/sgopi/archive/2012/05/18/monitoring-expiring-certificates-using-scom.aspx
    Regards,
    Yan Li
    Regards, Yan Li

  • How do I digitally sign projector files?

    I am currently selling apps in Flash projector .exe format.  How can I install a certificate from Verisign or Thawte?
    Roger

    I want to access the file system of the client using a
    servlet which shall be digitally signed.
    You cannot do this. It is technically impossible. You are referring to an Applet. There are two ways to get the Applet to read the files of the client system.
    1. Have the client open up security by editing the java.policy file, which is dangerous.
    2. Digitally Sign the Applet.
    How do I do it.Please send the code.
    Write the code yourself. Sorry to say, but nobody here is going to program your code for you. That is, unless you pay them money!

  • How to disable digital signing and saving of PDF form?

    I have a PDF form that I have created. It does not have a signature field becuase I need them to print and physically sign the form. However no matter what I do Adobe Reader offers the option to digitally sign the form (as well as save it). How do I disable this?? Thank you for the help in advance.

    Thank you for the answer and explanation.  Unfortunately I am still not sure the best solution.
    It is a business application for a city site. As a result the limit of 500 is obviously not going to work. Also for legal reasons they need the form physically signed.
    The original hope was to provide a PDF form that could be filled in (almost entirely) on the computer if desire and then printed, signed, and turned in to the city.
    What they don't want is for someone to fill it out on the computer, use the echosign and email it as they need the physical signature.
    Sounds like we might have to choose between:
    - not having it interactive (so they can just print it out and fill it out)
    Or
    - make it so they can fill it out on the computer, but include instructions that they need the print it out and physically sign it. And hope they follow the instructions.
    Again, thank you for the explanation. I think I will just have to let them decide.

  • How to deploy self signed certificate using GPO

    Hello,
    I am applying a self-signed certificate for HTTPS inspection, as you know Firefox is not using Windows root certificate as IE & chrome did, so I did some research about this issue and check admx & FF GPO, nothing helped me !!
    Do anyone have any new idea on how to solve this issue?

    Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
    Not sure how relevant it will be for 11g, sorry :(

  • How to use self-signed certificate to verify others certificate?

    the self-signed certificate and keys acts as CA like VeriSign
    alias =SelfSignCA
    keystore = SelfSignLib
    certificate = SelfSign.cer
    certificate to be verify
    alias = companyCA
    certificate = companyLib
    csr file = company.csr
    how to use keytool to verify/sign the company certificate?thank you.

    Well, this might not be much help, but for 10g, on AIX, docID 1171558.1 describes how to create a new certificate.
    Not sure how relevant it will be for 11g, sorry :(

  • Using a CA digitally signed certificate for RMI

    Okay, now that my app works with a self signed certificate, we have now send a CSR to verisign and are awaiting to get the SSL certificate from them.
    Once we have that, on the server side,all we have to do is import the verisign certificate into our server keystore, where we have the original public/private key pair, and that's it, correct?
    Or should we create a new keystore with just that certificate? (I highly doubt this is right).
    And of course I assume that there is zero amount of work that has to be done for the client, since verisign should be in the client's jre cacerts file...
    Also, when I was using a self signed certificate I was able to sign my jars using my server keystore which contained only my public and private key pairs. Now verisign is telling me I need to buy a digital code signing package to do that. Why can't I use my keystore to still sign the jars for my webstart app?
    Thanks in advance...
    Edited by: Sal_C on Jan 9, 2008 10:16 AM

    Once we have that, on the server side,all we have to do is import the verisign certificate into our server keystore, where we have the original public/private key pair, and that's it, correct?
    it seems correct, but you have to remove the autosigned keys, probably (keep a backup of the private key, if you loose it your certificate is dead)
    Also, when I was using a self signed certificate I was able to sign my jars using my server keystore which contained only my public and private key pairs.
    Yes, with the jarsigner tool. From what I understand, it is necessary to buy something from verisign to be able to sign your jars. Without that, you could not sign with the whole certificate chain :
    http://www.verisign.com/support/code-signing-support/code-signing/digital-id.html
    NephYliM

  • How to automate digital signing PDF Files in batch

    I am trying to find a way to automate as much as possible the placing of a digital signature on a set of PDF documents.  We have Adobe Acrobat Pro 8.1 and the machine has MS Office 2003 with Vista Business.  Here's a scenario:  A set of documents exist in a TO-BE-SIGNED folder, each unsigned.  The user uses MS Access 2003 form with a button with VBA code to open and show the first document in the folder.  The AcroExch.App, AcroExch.AVDoc, and AcroApp.Show APIs are used to do this.  I found code on the internet to do that.  Rather than having my client now have to go through all the manual steps to place a digital signature on the document, I want to streamline it to a single click if possible.  Right now he has to click Advanced > Sign and Certify > Place Signature > then click and drag > then enter his password > then click sign > then save and close the doc.  Can all this be automated?  An added bonus would be automatically saving or moving the signed doc to a different folder when it is signed.
    I have created a stamp that allows me to add a stamp with just two clicks.  Can such be done to add a digital signature?  Is it possible to add a button to the toolbar to do this?  Can it be done in Access VBA using some Acrobat API calls?  Another feature I want to include is moving quickly from one document to the next in the TO-BE-SIGNED folder.  Like the arrow buttons take you from page to page, can a button be added to the Acrobat toolbar to take you from doc to doc in a particular folder?  Or can that be done using VBA and some Acrobat API calls?  To maintain the security of the password protection and yet cut down on clicks and keystrokes, I would like to input the password just once at the beginning of the session and have it remembered or applied to all the docs that get signed as long as that session is open.
    I've found some software that purports to do much of the above, but they are all very expensive and assume a big business with big bucks.  If anyone knows of inexpensive software that will REALLY do this, I'm open to that as well, though I'd like to control the process myself if possible.  I consider myself a beginner with Acrobat and using API calls and would appreciate any help anyone can give.  Is the above clear and even possible?
    PS:  I'm new to this site and using SDK.  I posted this under Security (thinking digital signatures) and was asked to post it here, which I'm glad to do.
    Thanks much!

    Our workflow is such that on infrequent occasions, we have a digitally signed PDF file and the doctor wants to append a scanned note to it.  In the past, we could do this, but not now.  In the past, when we added the scanned doc, we received a message saying that the doc is already signed and asking if we want to overrwrite the doc.  If we respond Yes, then Acrobat would allow it and the signature would indicate that the original part of the document was not modified, but that something had been changed--namely, a doc had been appended.  The signature indicated that something had changed since it was added, but it still allowed the append.  The signature would have an exclamation point in a yellow triangle indicating the doc had been updated since signed.  For our purposes, that was okay because we know what the change is based on the original doc and we know what is appended.  Now, however, we cannot append at all.  The only thing that is different that I know of is that the doc was signed with software that is not Adobe Acrobat, even though the other software uses an Adobe Acrobat self-created digital signature.
        I hope I've explained that clearly enough.
    Thanks for your help.

  • How can I digitally sign a pdf document and also disallow changes to the document?

    When I digitally sign the document it does not let me lock it down - when I lock down the doc first, it does not allow for digital signature. Please help.

    The initial document should have its properties set as:
    Changing the Document: Not allowed
    Signing: Allowed
    That way no one can make changes to it but anyone may sign it. These properties are available in v9, but I'm not sure about previous versions.

  • How do you digitally sign or electronically sign a document in Preview?

    Heya
    I'm wondering if it's possible to "digitally sign" or "electronically sign" a document in Preview? This feature exists in Adobe Acrobat. If not, does anyone know a workaround or plugin to accomplish this? Thanks!

    I believe the free Acrobat reader (9) will do that.
    Otherwise you'll need the Pro version.
    Here is what the Reader page says:
    With each new release, Adobe continues to add functionality to Adobe® Reader® software, making it an extremely versatile tool capable of viewing, searching, *digitally signing*, verifying, printing, and collaborating with electronic documents.

  • How do I digitally sign with reader XI when the fill and sign functions are grayed out?

    I am using Adobe Reader XI. I am suppose to digitally sign a fillable .pdf document for online submission. However, the fill and sign functions are grayed out.
    What are my options to put a signature in the signature box of the document?
    Thank you in advance!

    Pat Willener,
    Thank you for replying.
    Here is an image capture of the properties.
    The document is part of a job application that is suppose to be digitally signed and submitted soon. I have thought about printing, signing, and redigitizing to submit, however, the cells are statically sized and do not expand to include all of the information when printed.
    Any suggestions will be appreciated.

  • How to install self-signed certificate with iOS 4?

    I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
    I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?

    I've been trying to install a self-signed certificate in iOS 4 with no avail. I have a webserver at home in which I connect to via SSL using a self-signed cert. It used to work in 3.1.3; it would kick out a dialog, but you were able to continue to the page. Now with iOS 4, that is no longer the case, I am unable to view the site.
    I have tried several things. I have tried emailing the cert. to myself and installing it. I get it installed but says it's untrusted and am not able to view the site. I have tried converting my .pem that is on my server to .p12 and that didn't work. I tried going to the site in Safari on my Mac and adding the cert. to the keychain and then syncing; that didn't work. I tried taking that cert. in the keychain, making sure it was trusted, exporting it to .cer and adding that to a configuration profile I created in the iPhone Configuration Utility.. that did not work despite the fact that it showed it as trusted. Am I doing something wrong or missing something here?

  • How to use Self Signed certificate with SSLServerSocket?

    Hello to all.
    I'm trying to build a simple client/server system wich uses SSLSocket to exchange data. (JavaSE 6)
    The server must have it's own certificate, clients don't need one.
    I started with this
    http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
    To generate key for the server and a self signed certificate.
    To sum it up:
         Create a new keystore and self-signed certificate with corresponding public/private keys.
    keytool -genkeypair -alias mytest -keyalg RSA -validity 7 -keystore /scratch/stores/server.jks
         Export and examine the self-signed certificate.
    keytool -export -alias mytest -keystore /scratch/stores/server.jks -rfc -file server.cer
         Import the certificate into a new truststore.
    keytool -import -alias mytest -file server.cer -keystore /scratch/stores/client.jksThen in my server code I do
    System.setProperty("javax.net.ssl.keyStore", "/scratch/stores/server.jks");
    System.setProperty("javax.net.ssl.keyStorePassword", "123456");
    SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
    SSLServerSocket sslServerSocket = (SSLServerSocket)sf.createServerSocket( port );
    Socket s = sslServerSocket.accept();I am basically missing some point because I get a "javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled." when I try to run the server.
    Can it be a problem with the certificate? When using -validity <days> in keytool the certificate gets self-signed, so it should work if I'm not wrong.
    I have also tried this solution
    serverKeyStore = KeyStore.getInstance( "JKS" );
    serverKeyStore.load( new FileInputStream("/scratch/stores/server.jks" ),
         "123456".toCharArray() );
    tmf = TrustManagerFactory.getInstance( "SunX509" );
    tmf.init( serverKeyStore );
    sslContext = SSLContext.getInstance( "TLS" );
    sslContext.init( null, tmf.getTrustManagers(),secureRandom );
    SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
    SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );and still it doesn't work.
    So what am I missing?

    You were right. I corrected the mistakes in the server code, now it's
         private SSLServerSocket setupSSLServerSocket(){
              try {
                   SSLContext sslContext = SSLContext.getInstance( "TLS" );
                   KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
                   KeyStore ks = KeyStore.getInstance("JKS");
                   ks.load(new FileInputStream(_KEYSTORE), _KEYSTORE_PASSWORD.toCharArray());
                   km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
                    * Da usare con un truststore se serve autenticazione dei client
                    * TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
                   tm.init(ks);*/
                   sslContext.init(km.getKeyManagers(), null, null);
                   SSLServerSocketFactory f = sslContext.getServerSocketFactory();
                   SSLServerSocket ss = (SSLServerSocket) f.createServerSocket(_PORT);
                   return ss;
              } catch (UnrecoverableKeyException e) {
                   e.printStackTrace();
              } catch (KeyManagementException e) {
                   e.printStackTrace();
              } catch (NoSuchAlgorithmException e) {
                   e.printStackTrace();
              } catch (KeyStoreException e) {
                   e.printStackTrace();
              } catch (CertificateException e) {
                   e.printStackTrace();
              } catch (FileNotFoundException e) {
                   e.printStackTrace();
              } catch (IOException e) {
                   e.printStackTrace();
              return null;
         }and on the client code
    private SSLSocket setupSSLClientSocket(){
         try {
              SSLContext sslContext = SSLContext.getInstance( "TLS" );
              /* SERVER
              KeyManagerFactory km = KeyManagerFactory.getInstance("SunX509");
              km.init(ks, _KEYSTORE_PASSWORD.toCharArray());
              KeyStore clientks = KeyStore.getInstance("JKS");
              clientks.load(new FileInputStream(_TRUSTSTORE), _TRUSTSTORE_PASS.toCharArray());
              TrustManagerFactory tm = TrustManagerFactory.getInstance("SunX509");
              tm.init(clientks);
              sslContext.init(null, tm.getTrustManagers(), null);
              SSLSocketFactory f = sslContext.getSocketFactory();
              SSLSocket sslSocket = (SSLSocket) f.createSocket("localhost", _PORT);
              return sslSocket;
         } catch (KeyManagementException e) {
              e.printStackTrace();
         } catch (NoSuchAlgorithmException e) {
              e.printStackTrace();
         } catch (KeyStoreException e) {
              e.printStackTrace();
         } catch (CertificateException e) {
              e.printStackTrace();
         } catch (FileNotFoundException e) {
              e.printStackTrace();
         } catch (IOException e) {
              e.printStackTrace();
         return null;
    }and added a System.out.println(sslSocket); after every incoming message (server side) and SSL is now fully working!
    So my mistakes were:
    [] Incorrect setup done by code
    [] Incorrect and insufficient println() of socket status
    Now that everything works, I've deleted all this manual setup and just use the system properties. (They MUST be set before getting the Factory)
    SERVER SIDE:
    System.setProperty("javax.net.ssl.keyStore", _KEYSTORE);
    System.setProperty("javax.net.ssl.keyStorePassword", KEYSTOREPASSWORD);
    SSLServerSocketFactory f = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    SSLServerSocket sslServerSocket = (SSLServerSocket) f.createServerSocket(_PORT);
    CLIENT SIDE:
    System.setProperty("javax.net.ssl.trustStore", "/scratch/stores/client.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "client");
    SSLSocketFactory f = (SSLSocketFactory) SSLSocketFactory.getDefault();
    SSLSocket sslSocket = (SSLSocket) f.createSocket(_HOST, _PORT);
    And everything is working as expected. Thank you!
    I hope my code will help someone else in the future.

Maybe you are looking for

  • Chinese characters in keychain access?!?

    Just installed Leopard and the appropriate updates on my wife's G5 ppc dual 2.5 right at the bottom of the utilities Chinese writing appears. It is the keychain access app. I know this, as when I search for Keychain Access in Spotlight, it shows up a

  • Search help for material number in table control

    Hi I have a table which i have generated using table control wizard. I have used an interal table while creating the table control through wizard. In this internal table i have field matnr.Now my requirement is to have a search help for this field. I

  • Azure Add-On development

    I am looking for any help in what needs to be done to create and develop an add-on for the Azure store. Is there any online documentation?  Are there any sample code files? I am looking for answers to:  Creating an add-on  What is needed to be done t

  • Lightroom 5.4 is getting stuck in full screen mode. I need to force-quit the app in order to re-start and use again. How can I fix this?

    Lightroom 5.4 is getting stuck in full screen mode. I need to force-quit the app in order to re-start and use again. How can I fix this? I am using Mac osX 10.9.2 I can see that I am not the only one with this problem.

  • Formatting Code in a Post

    Hiya folks. Just a quick request to have some way of noting code on a page. Arial Narrow default font for long lines, and background CSS colouring would be neat in a [code] tag. I tried but she didn't show up. Cheers n' Beers