Import a Certificate in Keystore without confirmation

Similar Messages

• Unable to import signed cert in keystore

  Hi everybody !
  I've been using keytool for years to generate client certificates that I would send to an enrollment server to get it signed by the CA.
  Here is the sequence :
  (1) Generating the key pair :
  keytool.exe -genkey -alias client-cert -keyalg RSA -keystore keystore   (2) Extracting the certificate request :
  keytool.exe -certreq -alias client-cert -file client-cert.csr -keystore keystore  (3) Sending the request to the enrollment server, getting in return a signedcert.der
  (4) Importing CA certificate in keystore :
  keytool.exe -import -alias caroot -file ca.der -keystore keystore (5) Importing the signed client certificate in the keystore : keytool.exe -import -alias cert-client -file signedcert.der -keystore keystoreNow we'd like to use openssl to generate the CA certificate and sign the client-cert (which is still generated by keytool).
  So instead of (3), we just have :
       openssl ca -config ca-sign.cnf -out signedcert.crt -infiles client-cert.csr
       openssl verify -CAfile ca.crt signedcert.crt
       openssl x509 -in signedcert.crt -out signedcert.der -outform DER     Everything runs fine for (4), but when we finally try to import the signedcert, we get this :
       keytool error: java.security.cert.CertificateException: IOException: X509.Object
       Identifier() -- data isn't an object ID (tag = 48)Some people here have already had the problem but got no answer.
  What I'd like to know first is what does such an error MEAN exactly, then how can I manage to put my cert into the keystore.
  FYI, we use keytool from JDK 1.3.0 and openssl 0.9.7
  (I can post config file ca-sign.cnf if needed)
  Thanks for your help
  Valerien

  I got no answer either, so here's the solution for other unlucky people : use keytool from the latest JDK (1.4.1_01 ran fine).
  Thank me very much.

• How to import a password protected p12 certificate to keystore?

  Hi all,
  I am new in java security programming.
  And I got something very urgent need your help..
  How to import a password protected p12 certificate to keystore programmatically?
  Does anyone have sample codes on this issue?
  thanks very much
  Wyan

  Hi omslion,
  I responded to a similar post from you (and moved it to the Acrobat forums). Password protecting a file requires Adobe Acrobat. You are welcome to download a free 30-day trial of Acrobat. For more information, see www.adobe.com/products/acrobat.html.
  Best,
  Sara

• E61 cannot import personal certificate

  Hello,
  I can't import personal certificate. I have personal certificate in p12 (pkcs12) format and it can be imported into firefox without any issues. However when I open this certificate on E61 I am asked for:
  password for my certificate - I enter correct one
  E61 proceeds to to Screen where it says:
  File contains:
  1 private key
  1 personal certificate
  1 authority certificate
  Save? When I click on save I get message:
  Private key corrupted!
  then it proceeds to CA which works fine.
  What I am doing wrong? Kindly assist as this is show stopper in 170K+ employees company.

  Hi,
  I'm not only unlucky, I'm frustrated! :-(
  I've got exactly the same problem. Modell: E65.
  In our company around 50000 users are already using personal certificates, generated using an openssl pki framework.
  Installing/migrating/running a Windows-PKI instead, only for importing P12-Files into our Nokia mobile's is not a solution nor an option.
  All our user-certificates (Server-,Client-,Multi-Level-CA-Certificates) are working fine within standard-protocols and standard applications (e.g. IMAPS, VPN/IPSec, WPA-EAP-TTLS/TLS, HTTPS, LDAPs,...), even within Microsoft's client-appilcations (IE / Outlook) there are no problems importing / using them for encryption, authentication or signing purposes.
  So there should be no problem, regarding the import into a E65?!
  I tried to convert some demo-certificates various ways, exported, converted them to DER, build different P12-formated files but not chance: the E65 always reports "File corrupted".
  I also followed the instruction found under
  https://blogs.forum.nokia.com/view_entry.html?id=412
  So I tried to download a p12-Container directly from a test-webserver using the correct mime-type, no luck: Corrupted File!
  But on the other hand, any p12-file, which the E65 says is corrupted, could be imported into IE/Firefox/Outlook/Thunderbird (the later two on windows & linux plattforms) or opened/investigated using openssl (0.9.8c and 0.9.8d) on the command line without any problems.
  The hint (two posts above), creating certificates using MS-AD-integrated PKI gave me a small hope again. (Please do not understand me wrong, migrating all our user/server certs and PKI-Infrastructure to MS is completly impossible, but a small test will show whether out p12-Files cause the corruption problems).
  So I imported (doubleclick, windows wizard...) the openssl-generated p12 into IE (flagged "exportable") without problems. Right after the import, I exported it various ways (e.g. w/o stong encryption) into a MS-pfx (aka p12) formated file. Renamed the suffix from pfx to p12 and gave it to openssl for processing / investigation:
  openssl pkcs12 -in testuser.p12 -info
  Enter Import Password:
  MAC Iteration 2000
  MAC verified OK
  PKCS7 Data
  Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
  Bag Attributes
  localKeyID: 01 00 00 00
  friendlyName: {EE88EF5C-5404-487C-AB22-AA56E79D447C}
  Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
  Key Attributes
  X509v3 Key Usage: 10
  Ok the content seems to be in "Microsoft CSP" format!!! (remembering two posts earlier, that's the container-format MS-PKI produces, so a successfull import of this file should be possible?!.... No way either!!! "File corrupted!"
  Another point: during my first p12 import try I used a corporate-standard-p12 file, that means, it contains:
  1 x User-Cert
  1 x User-Key
  1 x Intermediate-level-CA-Cert
  1 x Root-level-CA-Cert
  The E65 successfully imported the two CA-Certs, ask for a name and stored them under "Authorities". They are accessible within S60 (Security->certif.manag) and anything is fine with them. But the also contained user-certificate and the user-key resulted in "File Corrupted!". :-(
  So, for me in the moment it looks really that there is a bug in S60-3rdEd. (E65). Our certificate-containers are as far as I can say completly standard conform all software (opensource/closed source) can read/import our p12-contents without problems, even the E65 can partialy (CA-Certs) read the p12 contents (but not the user-cert/key). :-(
  I would be very happy if someone else can confirm the above results and even more happy if someone else can give me more ideas where to look for a possible solution.
  What I'm missing is an exact specification from Nokia/Symbian, regarding the P12 contents. That means, Certificate/Key Encryption, Formats, Hash-Algorithms, Iterators, Mac-Iterators, and so on... If such an specification would be available/accessible chances are good to be able to generate a valid p12 file containing importable private keys. Information like DER/PEM and mime-type that's by far not enough.
  Because I was not able to find such details specs, all I can offer in the moment is to generate test certificates and p12-container-files for further in-deep debugging?!
  If it is not a bug of S60-3rdEd. perhaps someone else reading this thread can offer a MS-PKI-generated (and of course successfully imported ins S60) p12-File (even revoked should not be a problem) with all passphrases for download, so I can try to investigate in deep the formats and the differences?
  Many thanks for your help!
  Cheers
  Krum

• Import the certificate to establish a trust relationship

  Hi ,
  In BI Configuration, Bi Diagnostic tool gives the below error.
  *Calls from WebAS ABAP to WebAS Java will fail because the certificate of the BI mastersystem is not imported into J2EE ticket keystore
  Import the certificate to establish a trust relationship*
  Please help
  Thanks, Satish

  Are u having problems importing the certificate ?
  If so,
  When you are in STRUSTSSO2 and you double clik on "Owner" the below section gets updated with the certificate information. Make sure that the certificate is valid and you have proper CN and OU configured.
  When you export the certificate from STRUSTSSO2, please select Base64 as the file format for the certificate that is exported and then try to import that one in the java system.
  (or)
  Are u having problems after importing the certificate on Java system?
  If so, what is the error you are facing ?
  - Shanti

• The Manifest Designer could not import the certificate

  What I'm trying to accomplish here is to have the .appx file signed during build time so that the following command would work or even better I should not need it anymore
  set path=%path%;"C:\Program Files (x86)\Windows Kits\8.1\bin\x64"
  SignTool.exe sign /a /f certificate.pfx /fd SHA256 /v /p MySecretPassword TestApp.appx
  I opened package.windows.appmanifest file (located in TestApp_root\TestApp\bld\Release\platforms\windows directory) in the editor view, chose Packaging tab and clicked Choose certificate... From there I chose Select from File... from the Configure Certificate
  drop down menu and selected the .pfx we purchased from Symantec few weeks ago. After that I typed in password and password confirmation as requested.
  I ended up getting an error message "The Manifest Designer could not import the certificate", The certificate you selected is not valid for signing because it's either expired or has another issue.
  I checked that the certificate is listed in certmgr.msc Trusted Root Certificate Authorities > Certificates view and it's issued to our Company name.
  In the Manifest Designer Publisher display name matches our Company name, but Publisher is set to CN=$username$
  I tried to change that to CN=Company Name, OU=Company Name that was mentioned in the certificate, but still no luck.
  Certificate also matches the listed requirements: http://stackoverflow.com/questions/22288410/choosing-a-certificate-for-a-windows-store-application-via-the-package-appxmanif
  How to proceed from here?

  Hi terodev,
  I found a similar discussion on the forum:
  https://social.msdn.microsoft.com/forums/windowsapps/en-us/d858d189-6d14-4c8d-809d-d6c841dd8866/using-domain-certificate-for-app-signing
  Could you take a look and give a try to see if it helps?
  --James
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Import a certificate into Sun/Java/Deployment/security/trusted.clientcerts

  Hi I'm trying to make a java applet, it has to add a certificate in the Keystore Sun/Java/Deployment/security/trusted.clientcerts.
  The problem is that to store, I have to enter a password. I enter "". ToCharArray () but when I try to view the certificates, it does not appear in the java control panel.
  And when I try to import a certificate from the java control panel throws the following error "keystore was tampered with or password was incorrect".
  Code:
  private void guardarKeyStore(KeyStore ks) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException{
  FileOutputStream out = new FileOutputStream(System.getenv("APPDATA").replace("\\", "/")+"/Sun/Java/Deployment/security/trusted.clientcerts");
  ks.setCertificateEntry("someAlias", decodeCertificate(somebase64));
  ks.store(out, "".toCharArray());
  out.close();
  }

  Francisco26 wrote:
  I Want to insert a certificate into trusted.clientcerts via java applet.
  This certificate have to appear in the java control panel. (Security->Certificates->user->client autentication)
  Why that? Because i need to do an applet that download a certificate response from a request to a CA.Which to paraphrase EJP is undesirable, insecure and untrustworthy. What you are asking would allow an untrustworthy site to declare itself trustworthy.

• Importing Portal Certificate Error

  I am trying to import my Portal PRD Certificate via STRUSTSSO2 transaction into my ECC 5.0 PRD server and I get "Error when opening file", the certificate is valid I can open it in Windows I can import it in BW PRD server without problem, in the other hand I can't import other certificates in ECC 5.0 PRD for instance Portal DEV this certificate is already imported in ECC 5.0 DEV. The format is Binary. Any ideas on how to solve this?

  Ruben,
  Check page 9 on link - Setting up Single Sign On between Enterprise Portal and mySAP ERP(ECC) Server
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/21eb036a-0a01-0010-25a3-b2224432640a
  Thanks.
  James
  Ps. reward point are appeciated.

• Importing selfsigned certificate

  How to import selsigned certificate in weblogic8.1

  Hi,
  Have a look at the documentation: http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1167485
  There is a tool which is very helpful to deal with Java keystores:
  http://homepage.ntlworld.com/wayne_grant/keytool.html
  That should get you started...
  Kai
  boney Jose <[email protected]> wrote:
  How to import selsigned certificate in weblogic8.1

• Importing Verisign Certificate on PIX7.1

  Hi there,
  After having importet Verisign Intermediate CA onto my PIX, I've send the CSR request to Verisign and gotten a Certificate back. Now when I try to import the returned certificate on the PIX, I get an error :
  Failed to parse or verify imported certificate
  Now, I've tried clearing all certs, reauthenticate the CA etc.
  Any ideas?
  Is it a problem that the CA is Intermediate? Can the CSR attributes contain spaces?
  Pix is running latest version 7
  Kind regards
  Kelvin Dam

  Hi koksm,
  Yeah - I got it to work. I dont know how many of these steps you have done, but heres how I did it :
  RSA-keys are probably already generated (also needed for ssh-access), but if you ever need to reissue the cert, regenerate the rsa keys, otherwise the CSR will be exactly the same and not accepted by the 3rd party CA:
  crypto key generate rsa
  Then define the trustpoint:
  crypto ca trustpoint Verisign
  crl optional
  enrollment terminal
  subject-name CN=host.domain.com,OU=Unit,O=Organisation,C=NL,St=xxx,L=xxx,[email protected]
  Import root CA cert (make sure you have the correct one, preferably without intermediate CA (RA)):
  crypto ca authenticate Verisign
  ---BEGIN--- or ---END--- lines do not matter>
  quit
  INFO: Certificate has the following attributes:
  Fingerprint: 069f6979 16669002 1b8c8ca2 c3076f3a
  Do you accept this certificate? [yes/no]: yes
  Trustpoint CA certificate accepted.
  Generate the CSR:
  crypto ca enroll Verisign
  % Start certificate enrollment ..
  % The subject name in the certificate will be: xxxx
  % The fully-qualified domain name in the certificate will be: hostname.domain.com
  % Include the device serial number in the subject name? [yes/no]: no
  Display Certificate Request to terminal? [yes/no]: yes
  Certificate Request follows:
  MIICNjCCAZ8CAQAwgbwxJTAjBgkqhkiG9w0BCQEWFnNlcnZpY2VkZXNrQGR5bm9t
  aWMubmwxEjAQBgNVBAcTCUJpbHRob3ZlbjEQMA4GA1UECBMHVXRyZWNodDELMAkG
  ---End - This line not part of the certificate request---
  Redisplay enrollment request? [yes/no]: no
  Notice this is generate without ---BEGIN--- and ---END--- lines which you do need to add when submitting the form to the 3rd party CA.
  After succesful verification by the CA you'll be returned a certificate which you can import with or without the ---BEGIN--- and ---END---- lines, so you might as well just copy the complete text:
  crypto ca import Verisign certificate
  % The fully-qualified domain name in the certificate will be: xxx.domain.com
  Enter the base 64 encoded certificate.
  End with the word "quit" on a line by itself
  -----BEGIN CERTIFICATE-----
  MIIDcTCCAtqgAwIBAgIQIHOwJ7acK6Fmibyhf67HlDANBgkqhkiG9w0BAQUFADC
  MXN/DqZw504SdlIkm3K4Dt7kSa5NILlncBiPhJJPJRjcOk6wRB6vuGG85uz6twR
  nq4BqbMitzpgxvK12hgS9ZDy62kC
  -----END CERTIFICATE-----
  quit
  INFO: Certificate successfully imported
  Make sure you activitate the trustpoint either as for use on all interfaces or on a specific interface using:
  ssl trust-point thawte.com [interface]
  One more thing - the verisign root cert, I did NOT get from their webpage, but I took the one that accompanies the Internet Explorer.
  Hope it helps
  Kdam

• Can not import Verisign certificate

  Dear all,
  I am trying to import a Verisign certificate in my ABAP BW 3.5
  Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
  PSE so that it contains field SP, it is more like installing a new
  certificate.
  What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
  I then created the CSR request to Verisign. I received
  the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
  When I apply the response, by pasting the contents of the text
  file created above, I get the message:
  "CA Certificate missing in database"
  I have already looked at notes 508307, 518185, 510007, 1074447, 511919
  I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
  I am also sure that the Verisign CA root certificate exists in the
  database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
  I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
  Many thanks in advance for your help
  Regards
  Andreas

  Just created a new SSL PSE and imported the certificate chain again and this time it worked...

• Error occuring during import of certificate for SSO configuring in BI

  Hi,
  I am configuring the SSO with logon ticket for BI system.
  I downloaded the certificate from portal server.
  But while importing this certificate on R/3 server it shows error
  "Error occurred during import"
  Message no. TRUST008
  Please suggest me any solution on it.
  Thanks & Regards,
  Vishal.

  Hi Vishal,
  Probably the certificate already exists - see https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0077873d-0b01-0010-1abb-cfbf21d1aa43 page 4.
  Hope it helps
  Detlev

• While importing a certificate I'm getting an error. What to do?

  I am trying to import a certificate, but after filling in my password I am getting the following error:
  PKCS #12-processing failed, reason unknown.
  (I translated this from Dutch, so it may not literally be the same...)
  Hope someone out there knows what to do...

  You can contact the iTunes Store Customer Service department at no charge using the form on their Support page (select the category and subcategory closest to the issue you're reporting and you'll find an "Email Us" button) and explain your problem to them.
  Copied from Varjak Paw in :https://discussions.apple.com/thread/2598671

• Help needed in importing SSL Certificate

  Hi All,
  The SSL certificate in our application server has expired. We have created a new certificate and imported it through oracle wallet manger. But the application server is not recognizing the new certificate. Still shows certificate error when we try to access the application via https.
  We are using oracle application server 10.1.2.0.2
  I don’t have much knowledge on application server.
  Please help me on this.
  Thanks in Advance,
  Jey

  Hi Jeykrishnan,
  The installation consists of three main parts:
  a) Importing the Primary Root CA
  b) Import the Intermediate Certificate and Cross Certificate
  c) Installing your SSL123 certificate
  a) Importing the Primary Root CA
  1. Launch Oracle Wallet Manager.
  2. Click Operations and select Import Trust Certificates from the menu
  3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
  4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of Primary Root CA text into the box and click OK.
  5. A message should appear that the import was successful and you will see the Root Certificate at the bottom of the Trusted Certificates tree.
  b) Importing the Intermediate and Cross certificates
  1. Launch the Oracle Wallet Manager.
  2. Click Operations > Import Trust Certificates from the menu.
  3. When the Import Trusted Certificate window appears, click Paste the Certificate and click OK.
  4. When the message "Please provide a base64 format certificate and paste it below" appears, paste the entire contents of the Intermediate Certificate text into the box and click OK.
  5. A message should appear that the import was successful and you will see the Intermediate Certificate at the bottom of the Trusted Certificates tree.
  6. Repeat the same steps for the Cross certificate
  c) Importing your SSL123 certificate
  1. Click Operations > Import User Certificate from the menu bar.
  2. The Import Certificate dialog appears.
  3. Select the Paste the Certificate radio button, and click OK.
  4. The Import Certificate dialog appears.
  5. Paste the entire contents of your SSL123 Certificate file and click OK.
  6. A message should show that the certificate was imported successfully.
  7. When you return to the main window, wallet status should show "Ready."
  Regards
  FAbian

• Is there a way to import my STD quality video without converting it with another program?

  I understand how to import the HD quality video through imovie, but cannot seem to import the STD quality video without first converting it through another program? Anyone know how to do it without the cumbersome converting process? Thanks.

  What kind of camcorder did you use to shoot the video?
  If you aren't sure, will the STD quality video play in QuickTime Player? If so, click Command-I to open the Inspector and tell us everything listed by the word FORMAT: as well as the dimensions of the clip.  (Instead of Command-I you could alternatively click WINDOW/INSPECTOR.)