Import a certificate into Sun/Java/Deployment/security/trusted.clientcerts

Similar Messages

• Help requested with Importing a website's CA certificate into my Java App

  Hello everyone,
  First of all, I'm not sure if this is the right category for my question, so if not please move it appropriately.
  I'm creating a desktop application that will update your IPv4 address to Tunnelbroker (Hurricane Electric's IPv6 tunnel service). Right now it's about 76% complete, and I'm testing it out. My problem is this: Tunnelbroker uses their own CA Certificate (SSL) for their https:// connection, and it's not valid in Java/Netbeans. So, whenever I try to update the IPv4 address, I get the following Can't read from the Internet: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net foundThe website is https://ipv4.tunnelbroker.net (so you can verify that it's a valid site/certificate).
  I've found workarounds for importing my OWN CA Certificate into the application (or Netbeans), but nothing about importing a valid third-party CA Certificate into the application (or Netbeans). I've posted this question to the Netbeans forums--but have yet to receive anything from them. Also, I've found workarounds for trusting all certificates (although I'm not sure how to implement that into my application).
  What I'm looking for is either a) how to import the certificate into my application, so the user won't have to deal with it b) a workaround to bypass the security check c) any other method of getting over this hurdle.
  I'd say I'm an intermediate developer, so pointing me to something like "Adding a Certificate Exception" is fine, except that I need to know whether I can take everything inside of the main method and put it as it's own method somewhere (or do I need to create an entire class for that portion).
  Also, I don't necessarily want to use the "Trust All Certificates" method. Even though the end-user won't be able to change the site, I don't want to create that much of a security hole.
  Thank you for any assistance in this. (As an aside note, this will enable me to finally mark another "open" question as answered, as I haven't been able to test it yet because of this issue).
  Have a great day:)
  Patrick.

  EJP wrote:
  1. It should be in the directory of the JRE, not the JDK. The end user won't have one.
  2. Dunno, I would think so.
  3. This is a step for the end user to perform, not you. You don't want to be telling the end user who to trust, for all kinds of legal liability reasons. You want him to decide.Hello again.
  I have an update to this. I found out that the domain tunnelbroker.net is in my cacerts (at least if I run a small program to test the SSL Certificate for the site), however since it doesn't list ipv4.tunnelbroker.net as an alternative (that I can see), this is why I'm getting the SSL HandshakeException error.
  Here is the script that I ran (compiled and then used java -Djavax.net.debug=all TestSSL https://ipv4.tunnelbroker.net to run it.
  import java.io.BufferedReader;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.net.URL;
  import java.net.URLConnection;
  * @author Daryl Banttari
  public class TestSSL {
      public static void main(String[] args) {
          // default url:
          String urlString = "https://www.paypal.com/";
          // if any url specified, use that instead:
          if(args.length > 0) {
              urlString = args[0];
          System.out.println("Connecting to " + urlString + "...");
          try {
              // convert user string to URL object
              URL url = new URL(urlString);
              // connect!
              URLConnection cnx = url.openConnection();
              cnx.connect();
              // read the page returned
              InputStream ins = cnx.getInputStream();
              BufferedReader in = new BufferedReader(new InputStreamReader(ins));
              String curline;
              while( (curline = in.readLine()) != null ) {
                  System.out.println(curline);
              // close the connection
              ins.close();
          catch(Throwable t) {
              t.printStackTrace();
  }And here are the results of the complete debugging ***** WARNING there's a lot here ****
  >
  Connecting to https://ipv4.tunnelbroker.net...
  keyStore is :
  keyStore type is : jks
  keyStore provider is :
  init keystore
  init keymanager of type SunX509
  trustStore is: /usr/lib/jvm/java-6-openjdk/jre/lib/security/jssecacerts
  trustStore type is : jks
  trustStore provider is :
  init truststore
  < ... Snipped to conserve space... >
  adding as trusted cert:
  Subject: OU=RSA Security 1024 V3, O=RSA Security Inc
  Issuer: OU=RSA Security 1024 V3, O=RSA Security Inc
  Algorithm: RSA; Serial number: 0xa0101010000027c0000000b00000002
  Valid from Thu Feb 22 15:01:49 CST 2001 until Sun Feb 22 14:01:49 CST 2026
  adding as trusted cert:
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Algorithm: RSA; Serial number: 0xbc201a57ebb49897
  Valid from Tue Jul 10 20:35:31 CDT 2007 until Fri Jul 07 20:35:31 CDT 2017
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
  adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
  adding as trusted cert:
  Subject: CN=CC Signet - PCA Klasa 2, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Issuer: CN=CC Signet - RootCA, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x3cbede10
  Valid from Thu Apr 18 09:54:08 CDT 2002 until Mon Sep 21 10:42:19 CDT 2026
  < ... Snipped to conserve space... >
  trigger seeding of SecureRandom
  done seeding SecureRandom
  Allow unsafe renegotiation: false
  Allow legacy hello messages: true
  Is initial handshake: true
  Is secure renegotiation: false
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1286668278 bytes = { 67, 34, 247, 171, 23, 198, 239, 55, 170, 174, 198, 240, 212, 155, 66, 209, 111, 146, 87, 177, 42, 3, 70, 62, 239, 10, 223, 89 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
  Compression Methods: { 0 }
  Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
  Extension ec_point_formats, formats: [uncompressed]
  [write] MD5 and SHA1 hashes: len = 177
  0000: 01 00 00 AD 03 01 4D B1 00 F6 43 22 F7 AB 17 C6 ......M...C"....
  0010: EF 37 AA AE C6 F0 D4 9B 42 D1 6F 92 57 B1 2A 03 .7......B.o.W.*.
  0020: 46 3E EF 0A DF 59 00 00 46 00 04 00 05 00 2F 00 F>...Y..F...../.
  0030: 35 C0 02 C0 04 C0 05 C0 0C C0 0E C0 0F C0 07 C0 5...............
  0040: 09 C0 0A C0 11 C0 13 C0 14 00 33 00 39 00 32 00 ..........3.9.2.
  0050: 38 00 0A C0 03 C0 0D C0 08 C0 12 00 16 00 13 00 8...............
  0060: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
  0070: 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 03 00 ..>...4.2.......
  0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................
  0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................
  00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................
  00B0: 00 .
  main, WRITE: TLSv1 Handshake, length = 177
  [write] MD5 and SHA1 hashes: len = 173
  0000: 01 03 01 00 84 00 00 00 20 00 00 04 01 00 80 00 ........ .......
  0010: 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 01 00 ..../..5........
  0020: 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 C0 07 ................
  0030: 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 C0 00 ........@.......
  0040: C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 00 00 ..........3..9..
  0050: 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 00 80 2..8............
  0060: 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 13 00 ................
  0070: 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 ....@...........
  0080: 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D B1 00 .............M..
  0090: F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 9B 42 .C".....7......B
  00A0: D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .o.W.*.F>...Y
  main, WRITE: SSLv2 client hello message, length = 173
  [Raw write]: length = 175
  0000: 80 AD 01 03 01 00 84 00 00 00 20 00 00 04 01 00 .......... .....
  0010: 80 00 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 ....../..5......
  0020: 01 00 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 ................
  0030: C0 07 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 ..........@.....
  0040: C0 00 C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 ............3..9
  0050: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 ..2..8..........
  0060: 00 80 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 ................
  0070: 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 ......@.........
  0080: 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D ...............M
  0090: B1 00 F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 ...C".....7.....
  00A0: 9B 42 D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .B.o.W.*.F>...Y
  [Raw read]: length = 5
  0000: 16 03 01 00 4A ....J
  [Raw read]: length = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  main, READ: TLSv1 Handshake, length = 74
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1286668279 bytes = { 139, 214, 225, 90, 66, 187, 209, 102, 61, 206, 214, 127, 65, 85, 39, 88, 162, 1, 53, 255, 208, 234, 207, 26, 74, 4, 177, 213 }
  Session ID: {89, 242, 19, 161, 3, 178, 31, 57, 88, 84, 187, 218, 194, 76, 244, 187, 23, 84, 240, 215, 19, 93, 176, 35, 237, 63, 49, 125, 232, 186, 89, 98}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  Warning: No renegotiation indication extension in ServerHello
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes: len = 74
  0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
  0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
  0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
  0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
  0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
  [Raw read]: length = 5
  0000: 16 03 01 02 BF .....
  [Raw read]: length = 703
  0000: 0B 00 02 BB 00 02 B8 00 02 B5 30 82 02 B1 30 82 ..........0...0.
  0010: 02 1A 02 09 00 BC 20 1A 57 EB B4 98 97 30 0D 06 ...... .W....0..
  0020: 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 9C 31 .*.H........0..1
  0030: 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 .0...U....US1.0.
  0040: 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 ..U....Californi
  0050: 61 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D a1.0...U....Frem
  0060: 6F 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 ont1 0...U....Hu
  0070: 72 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 rricane Electric
  0080: 2C 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 , LLC1.0...U....
  0090: 49 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 IPV61.0...U....t
  00A0: 75 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 unnelbroker.net1
  00B0: 1A 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B .0...*.H........
  00C0: 69 6E 66 6F 40 68 65 2E 6E 65 74 30 1E 17 0D 30 [email protected]
  00D0: 37 30 37 31 31 30 31 33 35 33 31 5A 17 0D 31 37 70711013531Z..17
  00E0: 30 37 30 38 30 31 33 35 33 31 5A 30 81 9C 31 0B 0708013531Z0..1.
  00F0: 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 0...U....US1.0..
  0100: 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 .U....California
  0110: 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D 6F 1.0...U....Fremo
  0120: 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 72 nt1 0...U....Hur
  0130: 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 2C ricane Electric,
  0140: 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 49 LLC1.0...U....I
  0150: 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 75 PV61.0...U....tu
  0160: 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 1A nnelbroker.net1.
  0170: 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B 69 0...*.H........i
  0180: 6E 66 6F 40 68 65 2E 6E 65 74 30 81 9F 30 0D 06 [email protected]..
  0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 .*.H............
  01A0: 30 81 89 02 81 81 00 D7 24 7C 25 2A 7E 69 75 4A 0.......$.%*.iuJ
  01B0: 85 01 91 86 60 8F 2C 96 E4 BE 96 E4 B6 36 28 A1 ....`.,......6(.
  01C0: 7A 56 53 5C 01 A4 13 C8 6B 96 44 B7 5E 3D C0 60 zVS\....k.D.^=.`
  01D0: B9 27 75 D5 A0 72 84 D7 54 C9 48 F4 B2 B4 B4 44 .'u..r..T.H....D
  01E0: 0C 3D 90 48 57 F4 17 8D 71 EA 1E F8 4E 6F 88 68 .=.HW...q...No.h
  01F0: 4F 5E 30 F9 56 F2 48 F4 57 18 3A 94 89 A9 09 60 O^0.V.H.W.:....`
  0200: 19 CD 15 98 88 47 C3 80 E7 50 30 33 DF A9 51 91 .....G...P03..Q.
  0210: A4 34 40 09 60 C5 C4 F9 38 7C 7A EB 5A F3 3C 63 .4@.`...8.z.Z.<c
  0220: 3D 2D 24 12 08 C6 6F 02 03 01 00 01 30 0D 06 09 =-$...o.....0...
  0230: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 55 *.H............U
  0240: 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 99 E.(.3.6.:.... ..
  0250: 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A 74 u.....bi..q....t
  0260: E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 71 .\c7d.`hCP.I...q
  0270: 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 71 ..7?.8.2Ul.c.j.q
  0280: 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 5B ..v.I...2......[
  0290: 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B DE .....,(....m6k..
  02A0: E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 5D ..&J..?..N.....]
  02B0: 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F .E..K.....Q....
  main, READ: TLSv1 Handshake, length = 703
  *** Certificate chain
  chain [0] = [
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  Found trusted certificate:
  Version: V1
  Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
  Key: Sun RSA public key, 1024 bits
  modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
  public exponent: 65537
  Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
                 To: Fri Jul 07 20:35:31 CDT 2017]
  Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
  SerialNumber: [    bc201a57 ebb49897]
  Algorithm: [MD5withRSA]
  Signature:
  0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
  0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
  0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
  0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
  0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
  0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
  0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
  0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
  main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  main, WRITE: TLSv1 Alert, length = 2
  [Raw write]: length = 7
  0000: 15 03 01 00 02 02 2E .......
  main, called closeSocket()
  main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
       at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
       at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
       at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
       at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
       at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
       at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
       at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
       at TestSSL.main(TestSSL.java:33)
  Caused by: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
       at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:225)
       at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
       at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:285)
       at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:271)
       at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
       ... 11 more
  {quote}
  So, now I'm trying to figure out how to get past this. Unless (and until) Tunnelbroker includes the alternative name in their certificate (or if it's included already, until I figure out how to get that alternative imported into my truststore), I'm never going to be able to update via java.
  Have a great day:)
  Patrick.

• Importing LTPA key in Sun Java Directory Server

  hi all,
  is it possible to import a LTPA token into Sun Java Directory Server?
  havent found any helpful docs on the net regarding the same.
  We want the users to get authentication from a Sun Directory when he login from a Domino HTTP server
  thanks
  Prasad

  Sun Directory Server is a generic purpose LDAP based directory server and can certainly contain any data, including LTPA tokens.
  Whether these tokens could be used for authentication using LDAP is another story (and the answer is probably no).
  Regards,
  Ludovic.

• Java 1.5.0_13 Cached HST files in %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\host

  We're using Java 1.5.0_13 required for use of Oracle EBS.  After a recent failover test of Oracle EBS, users were not able to connect back to production after the DR testing was complete.
  I discovered when launching a form, Java was creating a file in %USERPROFILE%\AppData\LocalLow\Sun\Java\Deployment\host named 376bdaf3.hst.  Within this file is the IP address of our load balancer. 
  I believe this to be the cause of the connectivity issue.  Those uninvolved with the DR testing were not affected.   
  I could find any documentation on these files much less how to disable them.  Clearing Java cache doesn't seem to affect this file.  The only way I could prevent its creation is make the host directory read-only, which didn't cause any apparent problems.
  Has anyone faced this problem before?  Is there something we can do to disable this?

  Hi Andrew
  Apologies for creating the same thread in a number of different forums. My intention was to grab the attention from as many forum users as possible.
  Coming back to your solution, prior to your message, I didn't know anyting about Java Web Start. Having read your solution, I went back to Oracle's forum where the Forum's one of moderators Jan Carlin has blogged about the working of Oracle Forms with Java Web Start. [http://groundside.com/blog/JanCarlin.php|Forms and Java Web Start]
  Having gone through the features of JWS, JWS sounds promising. But Oracle has not come out with white paper on JWS yet nor has it certified it officially yet. Hence at this stage I would not like to go with JWS. But I would certainly keep your solution in my mind whenever we decide to go for JWS.
  Many thanks for taking your time out to reply to my query.
  Cheers
  Mayur

• How can I import Openldap schema into sun one directory server?

  Hello All
  I have a schema which was written for openldap, and I want to import this schema into sun directory server. I found that some attribute syntaxes, like "NumericString", are not exist in sun directory server and some attribute definitions are also different. For example, the "internationaliSDNNumber" in sun directory is defined in "IA5String" syntax, but it is "NumericString" in openldap. Is there any effect on querying data from two different ldap server? How can I solve this problem?
  Thank you!

  http://directory.fedora.redhat.com/wiki/Howto:OpenLDAP
  Migration
  GaryThanks! But after I use some of scripts in that page, I got
  "Unknown attribute syntax OID "1.3.6.1.4.1.1466.115.121.1.36"
  It seems those scripts only transform schema file format, not the gap between different type(attribute syntax). Is it possible to import or add new type(attribute syntax) in sun one directory server?
  Thanks.

• How can I import personal certificates into firefox that are not pkcs12 files (.cer or other)?

  I am trying to import .cer personal certificat into mozzila so I can go to an secure site (bank account online) but cannot do it since it is not pkcs12 type of file. Can you help me.

  I tied that, but when I try to import them to mozzila all it wants are pkcs12 files. It does not accept any other.

• Importing jar files in Sun Java Studio

  Hi
  I am new to java and have recently installed Sun Java Studio Enterprise. As a part of assignment, I have been provided a jar file and use it.
  But i have not been able to load it into my program. How do i load it ?

  Hi
  I am new to java and have recently installed Sun Java Studio Enterprise. As a part of assignment, I have been provided a jar file and use it.
  But i have not been able to load it into my program. How do i load it ?

• Import JBuilder into Sun Java Studio Enterprise 8

  I have a few JBuilder projects that I would like to import into SJSE8.
  I have read all the guides for migrating projects from JBuilder but I cannot see how I actually get the Import Project module.
  SJSE8 is supposed to be built on NetBeans5.5 but when I use the Update Center I cannot see the Import JBuilder Project module. How can I find the module and install it? Perhaps I need to get the .nbm file, but finding this seems to be difficult.
  Please Help,
  Rob

  For questions on 'Java Studio Creator', you may want to post on the Creator forum at http://forum.java.sun.com/forum.jspa?forumID=881 .
  The following are possible options but they are not guaranteed to work:
  Have you tried connecting to the all the available update centers in Creator ide's autoupdate client and check if 'jbuilder importer' plugin is available from one of them?
  If not, you should be able to download the nbm separately from:
  http://www.netbeans.info/uc/show_uc_content.php?nbver=50&auver=1.15&uctype=stable
  You can then use 'Install manually downloaded nbm' option in the autoupdate wizard. Again, this may or may not work..
  Also: You should consider upgrading to NetBeans 6.0.
  NetBeans 6.0 is an all-in-one-ide that is the recommended migration path for both Creator and Studio users and is the latest version available:
  http://www.netbeans.org/
  Documentation: http://www.netbeans.org/kb/index.html
  Community: http://www.netbeans.org/community/index.html
  Register to Join the NetBeans Community
  Once registered you have the opportunity to submit bugs and feature requests in IssueZilla, submit news for the NetBeans Community, and contribute code or even create a project of your own. Welcome to the team!
  You can also joint the mailing lists (http://www.netbeans.org/community/lists/top.html), especially [email protected] , to discuss issues and get community help on NetBeans related questions

• How to import the certificate into the credential store

  When SSL is configured everywhere in the Environment:
  The components present are:
  1)oc4j Web Server(machine 1)
  2)Presenattaion Services(machine 1)
  3)oc4j Web Server for Publisher(machine 2)
  4)Publisher(machine 2)
  5)BI Server(machine 2)
  The Pres Server and the BI Server is all set in Place.
  But I am trying to configure Publisher currently in the environmnet.
  As a part of the deployement
  ■ “Exporting the Web Server Certificate to the truststore”
  At teh end of this step its refeered as the following...
  "Import the exported web server certificate to the BI Presentation Services Credential Store. The
  credential store of each instance of BI Presentation Services in your deployment must contain
  this certificate."
  May I know how can we do this...?
  ■ “Modifying the AdvancedReporting tag in instanceconfig.xml”
  ■ “Modifying BI Publisher Settings”
  The doc used is : Link:http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf
  Thanx
  KK

  Did you find an answer to this post?

• How can I Import CA Certificate into a new user profile when it's created

  I need to deploy a CA Root Certificate to new firefox user profile when it is created in windows. I Seen somewhere that you could place a working copy of cert8.db in %programfiles%\firefox-installation-folder\defaults\profile and this would get added when a new firefox profile is created. However, the profile directory doesn't exist in the defaults folder and when I created it this method still didn't work.
  Is there a way to get firefox to create new profiles with preconfigured Certificates?
  Right now when new users open firefox for first time it is unable to connect to any SSL sites through our proxy server until the user adds the proxies ca certificate or it gets added later via logon script (at next user logon).

  Update... For anyone looking for a similar solution:
  I ended up adding more to my logon script I have it check for a user's mozilla profile first and if not found it will use command line "firefox.exe -createprofile default" to make one. After that I just copy a working cert8.db to that new profile. Then when the user opens firefox for first time, it will detect this new profile, and it will load it along with the correct CA Certs intact...
  Also, for existing profiles my script just uses nss certutil to add my proxy CA Certificate to the users profile cert8db.

• Importing updated certificate into Wallet Manager on Oracle 904

  I have a certifiacte currently installed on our Oracle Application server that is about to expire. I went to our certifiacte provider and renewed the certifiacte for another year. I got the new certifiacte file and have copied it to the folder.
  I open up wallet manager and open the correct wallet. I see the certifiacte for the site and it shows it is about to expire. I went to import the new file but I am being told that I can not import it becasue:
  1. Input was not a valid certificate
  2. No matching certifiacte request found
  3. CA does not exist
  It is not 1. because I can pull it in as a trusted certificate and see all of the information is good. Since it is the same CA I am guessing that this is good. That leaves the no matching certificate request. Why is it looking for a cerrtifiacte request? Can you not just perform the upgrade? If so, how do I do this?
  Thanks much
  Dave

  Weird. I was logged in as myself and could not do anything to the user certificate. I logged in as administrator, the account that added the certificate, and was able to remove the certificate(I exported the cert first). I tried to apply the new, updated one to get all the same errors. I said screw it and tried to reimport the certificate I exported and the new dates showed up. I do not understand why, but everything nw appears to be working.
  Thanks to all who read and may be interested.

• Importing a certificate that wasn't created within jes into jes4 messaging

  Hi,
  We want to enable imap over ssl into jes4, so we tried to re-use a wildcard certificate that we received from globalsign.
  this certificate was generated using openssl on another server. We received a file from globalsign in the .pem format
  Now, we tried to import this certificate into our jes5 messaging server via the ldap console
  We got an error stating:
  "Either this certificate is for another server, or this certificate was not requested using this server". (the latter suggestion applies in our case).
  Is there a possibility somehow to import this certificate, or is this technically not possible ?
  kind regards,
  Tom

  Importing certificates not generated/requested by msgcert/admin console has been discussed in other forums:
  e.g.
  http://forum.java.sun.com/thread.jspa?threadID=5018886&messageID=9224268
  Regards,
  Shane.

• Sun Java Webconsole custom certificate

  I'm trying to use a custom certificate for Sun Java Webconsole; specifically, I'm trying to use the same certificate that we user for our other applications on the server.
  I have tried going into /var/webconsole/domains/console/conf/console.xml and changing the keystore file location, then tried using wcadmin password -k to change the password to the correct password. However, it refused to boot afterwords. the only error message I could find in any logs was that it could not determine the status of the webconsole.
  I really need to be able to do this because our IA trolls are demanding that all the browsers available on the box can only use known and trusted ssl certs, and the self-signed certs that webconsole uses doesn't work under that regime.
  This is the only reference I have found to this: http://forums.sun.com/thread.jspa?threadID=5432923
  And this has almost no useful information: http://docs.sun.com/app/docs/doc/817-1985/sunweb-1?l=en&a=view
  Can anyone help me???/

  This one hit me too, thanks for the hint. FWIW, the [patch description|http://sunsolve.sun.com/search/document.do?assetkey=1-21-125953-18-1] does indeed list this particular issue:
  a. JWC services that run local-only, seem to be undone (6722988).
  The console service is now [Secure By Default|http://opensolaris.org/os/community/security/projects/sbd/] . That is,
  tcp-listen in /var/svc/manifest/system/webconsole.xml
  is now set to false, so the console is by default set to
  local-only mode. The administrator should set it to true in
  order to allow the console to work over the network.

• Login error in Portal after importing a new certificate into BI

  Hi Experts,
  Our certificate in BI expired last month and we were unable to login to the BEx reports due to this.
  I have created a new certificate using Visual Administrator and imported that certificate into BI using STRUSTSSO2 after deleting the old certificate from the system PSE.
  After which I have added this new certificate to the ACL for Single Sign On.
  Then rebooted the JAVA stack for the changes to take effect.
  Now, when I want to login to view reports on the Portal created by BEx Analyzer, I am getting this RFC_ERROR_LOGON_FAILURE exception.
  When checked in SM50, it shows SsfVerify failed and SSF_API_NOCERTIFICATE errors.
  Please help me out resolving this. Did I miss out on any of the steps?
  Also when I ran the report, RSPOR_SETUP, the step 5 shows SID_certificate.crt is not existing and the step 12 shows that BI certificate not imported, SAP BI User is not mapped to SAP EP User.
  Regards,

  Hi,
  Have a look at this [thread|The URL http://xxx was not called due to an error; as well as the [Wiki Link|http://wiki.sdn.sap.com/wiki/display/BSP/Logon].
  Hope this will be helpful for you.
  Regards,
  Varadharajan M

• XWS-Security and Sun Java Studio Enterprise

  Hi,
  Does anyone knows whether XWS-Security API is integrated into Sun Java Studio Enterprise?
  I can't find the information anywhere in the java site. If there happens to be one, could you let me know about it?
  Thanks in advance :)

  XWS-Security is not integrated with Sun Java Studio Enterprise. However, if you would like to implement message level security in a web service in the Java Studion Enterprise environment, you may find this article useful:
  http://developers.sun.com/prodtech/javatools/jsenterprise/downloads/ea/jse8/reference/techart/security.html
  Rico