Import VPN admin certificate from RV016 to RV042

Similar Messages

• Importing public key certificate from external application

  Hello!
  I am trying to implement the following scenario:
  1. External client application sends it's public key certificate to SAP WAS
  2. SAP imports this certificate into its PSE
  3. External client application sends digitally signed messages to SAP (with <i>secKey</i> HTTP call parameter)
  4. SAP checks this signature and does whatever further action.
  For simplicity reason, I emulated this "external app" by using the ArchiveLink interface of the very same SAP system. So, I have one system which is at the same time client and server, but the communication works via HTTP.
  I started with step 1: The ArchiveLink (in my case "external app") uses the function SCMS_HTTP_PUT_CERT to send the public key certificate to the client via HTTP. It worked well - I received the message with HTTP service and it contained some binary content as expected (valid public key certificate - I suppose).
  Unfortunately, I was unsuccessfull with step 2: How to import the received certificate into my PSE?
  I debugged the STRUST transaction and saw that it uses the function SSFP_PUTCERTIFICATE to import public key certificate into SAP's own PSE. However, when I try to use it, I get error <i>No temporary PSE available</i>. I also tried to <i>encode-base64</i> this message with the same result. What does this mean?
  Does anyone has experience with this? Please share it.
  Thanks in advance and kind regards,
  Igor

  The key point was understanding the cleverly named parameter PROFILE in the function SSFC_PUT_CERTIFICATE. You'd never guess: it's a path to a PSE where you want to put the certificate, in my case: C:\usr\sap\NSP\DVEBMGS00\sec\SAPSYS.pse. There's one more step: updating database with the file system PSE.
  So, the test sequence that works is:
  1. SSFP_GETSAPCERTIFICATE
  2. SSFC_PUT_CERTIFICATE
  3. SSFPSE_STORE
  Regards,
  Igor
  P.S. Am I the only one playing with these things? I keep getting 0 replies to my questions.

• Importing a digital certificate from e-mail

  When receiving a digital certificate (in an fdf file) attachment in an e-mail in Outlook I want to automate importing it to the Acrobat trusted cert store using VBA with Acrobat classes.
  I use an Outlook rule and can get to saving the .fdf file with VBA. I have referenced the Acrobat type library in VBA. But I cant find an Acrobat import certificate function in the library.
  I am using Acrobat V8 and Outlook 2007

  I don't know if there is one,  but have you downloaded the Acrobat SDK? You cannot program Acrobat by "discovery" of classes and methods, you do need the documentation. You might have to use the VB:JavaScript linkage.

• ACS 5.2 / WLC - EAP-TLS Certificate from 2 CA

  Hello,
  I'm Newbie with ACS equipment, i'm trying to implement it to secure our WIFI environment.
  One wifi SSID is broadcasted on a site, I would like to authenticate WIFI client through machine certificate.
  The big deal is that some client computer belong to an AD (AD1) and having its own CA1. Other client computer belong to another AD (AD2) also having its own CA (CA2). (With no relation or between the 2 CA)
  So computer1 having machine certificate from CA1 and computer2 having machine certificate from CA2
  I have imported the root certificate from the both CA into the "certificate authorities" store of the ACS.
  I have generated certificate signing request, one for each CA. Then I have binding the CA signed certificate.
  After configuring... the access services (identity, authorization...) and so on  I have the following issue:
  - Computer with certificate from the CA1 can connect without any problem.
  - Computer with certificate from the CA2 can NOT connect:
       - After investigation: the client computer do not trust the server ACS and reject the connection
       - Error return :
  RADIUS Status:Authentication failed 11514 Unexpectedly received empty TLS message; treating as a rejection by the client
       - (If i get ridd of the option "verify server identity" on wifi optionof the client, the computer can conect: but this option is not acceptable)
       - It seems that the ACS sends only its certificate signed by the CA1
  The questions are:
  1- How can I configure the ACS to send the right certificate signed by the right CA corresponding to the computer that is intenting to authenticate
  2- I could see in documentation:
      "For TLS related EAP protocols, a single local certificate is used to authenticate the server for all the TLS related protocol"
       --> Does it mean that we can only configure one local certificate to allow the ACS to authenticate to client for all the EAP-TLS protocol used ?
       --> How can I choose it ?
       --> For the current configuration, I have only the certificate signed by the CA which is configure "EAP: Used for EAP protocols that use SSL/TLS tunneling" (i don't know if this option has an impact with the certificate presented by the ACS when it authenticate itself to the client")
  Thanks for your helk and your information.
  Guillaume

  Hi Bastien,
  it is actually what i did.
  The point here i have 2 CA involved, with no relation between them.
  So I did the operation twice for each CA :
  -> making a certificate signing request, sent it to the CA, signed to by the CA and then imported/binded into the ACS
  -> I have added the root CA of each CA into the ACS as well.
  The point is when a computer, try to connect, it try to verify ACS server identity. And the ACS server only seems to present the certificate signed from CA1.
  So when a computer with certificate machine CA2, try to connect, it doesn't trust the ACS server has the ACS sent its certificate signed by CA1.
  I don't know how to allow the ACS to present the right signed certificated depending on the cleint that try to connect.
  Then another conf I do not understand is the option:
  EAP: Used for EAP protocols that use SSL/TLS tunneling --> in local cetificate, when you add a local certificate to the ACS
  I do not undestand what does this option stand for ?
  Then I culd see into Cisco do :
      "For TLS related EAP protocols, a single local certificate is used to authenticate the server for all the TLS related protocol"
  Doest it means that the ACS can use only one single certificate for All the TLS protocol configured in the ACS, to authenticate itself to the client?
  Or does the ACS can use a diferent local certificate from each dedicated eap-tls protocol?
  thx

• Error while deleting certificate from key storage in visual admin.

  Hi,
  I am reconfiguring SSO with our ERP system.
  I need to delete certificate of abap system.
  when i try to delete certificate from visulal admin>server>services>key storage>ticketkeystore
  i get error stating
  com.sap.engine.services.keystore.exception.BaseRemoteException:Remote call errored
  at com.sap.engine.services.keystore.impl.KeystoreManagerManagementimpl.deleteEntry(KeystoreManagerManagementimpl.java:83)
  Pls help
  Thanks & Regards
  Raj Kiran

  I solved it.
  Visual Admin > Key Storage service ....
  1) Take note of all your Entries under the "TicketKeystore" view. You could export all of your Entries here except for the "SAPLogonTicketKeypair" in case you need this to be replaced by a new one
  2) Select the "TicketKeyStore" view and DELETE it
  3) Create the "TicketKeyStore" view again. It should be empty now.
  3) Recreate the SAPLogonTicketKeypair, and import all of the ones that you exported in step (1)
  Hope this helps
  Cheers

• Import and trust a self-signed CA certificate from the Terminal

  Hello there,
  i have a problem: I would like to import and trust a self-signed CA(root) certificate from the Terminal to the System.keychain.
  My request is to create a installation script to install the Cisco AnyConnect VPN Client and the needed certificates.
  For the import i have used the following command:
      sudo security import certificate.cer -k "/Library/Keychain/System.keychain" -A
      The Option "-A" says:
  Allow any application to access the imported key without warning (insecure, not recommended!) <- From the Mac Developer Library
  The command reportet: 1 certificate is importet ... but ... the certificate is not trusted.
  What do i need to do to set this certificate as trustworthy at the terminal?
  Thanks for your help and best regards
  Benjamin
  P.S. The command: sudo security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” “/private/tmp/certs/certname.cer” doen't run, i get an error message. Found on http://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates -to-system-keychain/

  Hello Linc Davis,
  thanks for your answer and sorry for my mistake, because i had already changed the last argument but for this discussion i had only copy this example.
  But your answer show me the right way, big thanks.
  I had entred the following command (see the last argument):
       sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "~/Downloads/mycert.cer"
  ... and i get the following message:
      ***Error reading file ~/Downloads/mycert.cer
       Error reading file ~/Downloads/mycert.cer
  Today i changed the last argument to:
       /Users/User/Downloads/mycert.cer
  and its run.
  Many thanks!
  Benjamin

• Import certificate from trading partner

  Hi
  I got a certificate from my trading partner. (Communication is AS2)
  Now I have to import it to my B2B and use it while communicating with him
  Can someone tell me how to import this so that I can select the certificate in the Security tab?
  Thanks
  Vijay Sai.S

  Hi,
  In Case of 10g using oracle wallet manager import trusted trading partner certificate.
  In case of AS11G use the below command to import the trading partner certificate into jks,
  keytool -importcert -file -keypass
  Please also look into the below link for more details,
  http://blogs.oracle.com/oracleb2bgurus/2009/08/certificate_management_in_11g.html
  Regards
  Nandagopal

• When viewing the Contact Certificates, I can see the Import option, but I do not see the option to actually save the Certificate from the original email.

  The title pretty much explains it. In Outlook 2013 when I add a new contact, their certificate is not getting added to their contact page.  When I look at the contact certificates section, it is blank with only import as an option.
  I have been able to export a cert from the email and then import it to the contact but it says "Persona not validated"
  Thanks for any insight you may have.

  In Outlook 2013 when I add a new contact, their certificate is not getting added to their contact page.  When I look at the contact certificates section, it is blank with only import as an option.
  Yes, this is the behavior when you didn't import any Locate Certificate into Outlook contact item. How you export the cert from email? A bit more exact steps how you got to this point would be helpful.
  Thanks,
  Tony Chen
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please contact
  [email protected]

• Importing personal certificate from pfx file

  Using iPhone configuration utility 3.5.0, Is it poosible to import a perosnal certificate using a .pfx file.
  When I try to miport it only lists certificates in the personal certificate store on windows machine? It doesn't allow me to import a certificate from a file.

  I am pretty sure that you can mail this certificate to an email account you can access on your iPad. Then when you open the certificate file it will be imported

• [HELP] Import PFX certificate from a command line

  Dear all,
  I am currently trying to import a user certificate with a .pfx extension. The certificate includes a private key as well as a password.
  The import works perfectly well in GUI, but when I try to import via CERTUTIL (the specific one for firefox), I keep getting an error message:
  Can certutil for firefox import .pfx files?
  These are the steps we performed:
  - Export certificate from the Windows store with a provate key and a password
  - Script checks the %appdata% folder and parses the different profiles within the Firefox profile folder
  - The folder ending with .default is targetted
  - The script then runs certutil to import the certificate (exported in step 1) in the cert8.db found in the folder (parsed in step 3)
  And we are blocked :(
  Help would be greatly appreciated.
  Thx,
  Ben

  benjaidafufukil,
  Did you script the export from the Windows store as well? Would it be possible to see a copy of your script? We need to do the same thing on about 2000 workstations.
  Eric

• Using Cisco VPN client certificate for built in IPSec?

  Hi,
  Does anybody know if it is possible to "convert" a certificate exported from Cisco VPN client and import it into the Keychain for using it with built-in IPSec in Snow Leopard?
  Thanks,
  Oli

  I too am having trouble importing the Cisco certificate. It would be nice for some clear documentation. We've been successful converting the x.509 cer to KPCS#7 using openssl which will import into the keychain. However, the VPN (Cisco IPSec) sill doesn't see it.

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• HTTPS request signed by client certificate from PL/SQL procedure

  Hi All, please help.
  The PL/SQL procedure connects to different web services, using both HTTP/HTTPS, for HTTPS sever certificates were used. Everything was OK.
  The next service requires client to sign requests with client certificate. I made the client certificate, sign it by CA, store it in Wallet Manager.
  Is here the possibility to send signed HTTPS request from PL/SQL?
  If not, how to do it using Java and encapsulate for PL/SQL?
  Please answer ASAP!!!

  It is pretty straight-forward to make HTTPS requests with UTL_HTTP.
  To do so, you first need to create an Oracle wallet on the database server host with Oracle Wallet Manager. If your database resides on Windows, I believe a short-cut has been created in the Windows menu. On Linux, it can be invoked from $ORACLE_HOME/bin/owm.
  Once the wallet is created, you need to make an additional call to utl_http.set_wallet(<wallet-directory>, <wallet-password>) before any utl_http.request or utl_http.begin_request calls. The <wallet-directory> is the wallet directory where you will find the cwallet.sso and/or ewallet.p12 files, using the format "file:/<wallet-directory>". For example:
  utl_http.set_wallet('file:/home/oracle/wallets/my_wallet/', '123456');
  When an Oracle wallet is created, it is pre-populated with common certificate authorities' certificates (e.g. Verisign). In the event that the server certificate of the HTTPS host is not signed by one of those common certificate authorities, you need to import the additional certificate authority's certificate in your wallet using Oracle Wallet Manager.

• How do I import a renewed certificate to the other DAG members?

  Hi
  I have just run through the process of renewing an internal certificate on one of our Exchange 2010 servers.  I requested a renewal, ran through the wizard on the internal CA, then completed the process on the Exchange server.  I have
  assigned services to the new certificate and it looks ok in the EMC.  Now I need to import the same certificate to our 2 other Exchange servers but I don't see how.  if I use the Import Certificate wizard it asks for a private key which I don't have. 
  Is there a way to import the same certificate or do I have to submit a request from each server (that doesn't sound right to me).
  Cheers

  Hi,
  Here are the steps to export the certificate with Private Key and import it.
  http://msexchangeguru.com/2013/06/29/import-cert-e2013/
  Kottees :My Blog Please mark it as an answer if it really helps you.

• Is it possible to export a certificate from an iPhone?

  Hi all,
  We are distributing corporate iOS devices with an internally-issued certificate.  The user can't use the VPN client without a proper certificate.  One of our consultants has the infrastructure director all spun up with the idea that a user could export the certificate from the iPhone or iPad and transfer it to their personal device.  As far as I know, this is not possible.  Am I correct?
  Any help or thoughts are appreciated.
  Thanks,
  - Steve

  Macbook354 wrote:
  Yeah, unless you want to deal with the pain of trying to get you messages to your computer, you will have to take a screenshot (by taping the home and lock button at the same time).
  If you want to print a screenshot, it will be in the photos app to print ( click the share button and click print).  If you so not have a AirPrint printer, there are third-party apps for computers like fingerprint (look it up) that can make a fake AirPrint printer.
  I want to add something more.
  In most cases, you would need to use a paid third party tool to export and then print your iPhone text messages on your computer. If you have a low amount of messages you want to print you can also take prints creens of each message, then transfer the photos to your computer and print from there. This and more methods of printing iPhone text messages here: How to Print Text Messages from iPhone?