Importing Certificates into Blackberry Z10 Key Store.

Currently, on the development network, we have stood up a BES10 server with a few Blackberry Z10 phones deployed. Using BES10, we are able to push the Root CA certificate for our developmental CA. We are currently unable to import the client's certificates (identity, encryption or signing) in *.p12 or *pfx format onto the device. We have tried numerous methods with limited success. Originally, we emailed a certificate using the work email exchange server and were able to view the certificates on the BB device. We are even able to select "Import certificate," submit the correct password and are presented with a messages stating "Certificate successfully imported." However, looking at the trust store or the S/MIMIE settings, none of the client's certificates are avaliable.
After some research, we followed the steps highlighted in tech support listed at http://docs.blackberry.com/en/smartphone_users/deliverables/47561/als1342708099072.jsp. After following the instructions on screen, selecting the appropriate certificates to import and presenting the correct PIN, the device attemps to import the certs. The device then states "0/3 certificates succesfully imported" and the process has failed.
Is there a log file avaliable to see what is causing the import to fail or is there an additional step we are missing? Any support would be helpful, thank you in advance.

Hey Shah_jeet,
Welcome to the BlackBerry® Support Community Forums.
Are you importing the certificate using a USB connection or using a Wi-Fi connection?
Thanks.
-HB
Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

Similar Messages

How do I install (import) certificat into FireFox using commad line?

I can import certificat using certutil.exe in command line, but this certificat is available only in Internet Explorer.
I can import certyficat into FireFox using its GUI. I must import that certificat on more then 60 PCs.
Question is: how do I install (import) certificat into FireFox using commad line?

HI ScanBit,
Thank you for your question, in order to import the certificate in the command line you will need these resources:
*[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil]
If you have any other questions about this, we are happy to help.

Error in importing certificate into the BW System

Hi,
I am trying to import the certificate from portal to BW system trough the STRUSTSSO2 transaction it is importing the certificate no issues in that but when i tried to add in the certificate list by using the "Add to certificate list" button i am grtting the error "error occured during import"
plz any one can give input in this.
This is very urgen...i will award the points for useful solution...
eagerly looking for the reply from u
Thanks
ajay

Hi JJ,
Thanks for the response.
I have unziped the file before importing the certificate,
first i went to key Store administrator in the portal and clicked on download verify.der button there it is down loaded in the local machine then i unziped that file in that i got the certificate this certificate i have imported in to the BW system .
the certificate has been imported without any error imported but when i click on the add to certificate list it will throw the eooror in import.
the same error i am getting the R/3 system also.
can u plz give any inputs on this.
Thanks
Ajay

Error during import certificate into sapwebdispatcher

HI experts:
I have a problem importing a certificate in a web dispatcher. The error is the next:
import_own_cert: Installation of certificate failed
ERROR in ssf_install_CA_response: (1280/0x0500) No certficate with your public k
ey found
Iu00B4m trying importi a verysign certificate.
If i import a temporal certificate from sap page, it works correctly.
The verysign certificate is ok. It is .p7b. I open it and i have 2 certificates into the same file. One of them is with the name of the web dispatcher hostname, and the other: Very sign Class 3.... Both are valid, one of them to 2012 and the other to 2019.
The web dispatcher works between the sap netweaver portal in windows-oracle and the ECC 6.0 in windows-oracle.
The web dispatcher profile is the next:
SAPSYSTEMNAME = JEE
INSTANCE_NAME = WD05
SAPSYSTEM = 06
SAPGLOBALHOST = sapwep.madrid.informa
SAPLOCALHOSTFULL = sapwep.madrid.informa
DIR_INSTANCE=k:\usr\sap\wd\secudir
ssl/ssl_lib=k:\usr\sap\wd\secudir\sapcrypto.dll
ssl/server_pse = k:\usr\sap\wd\secudir\temporal.pse
#ms/https_port = 8101
wdisp/server_info_protocol = http
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
icm/HTTPS/verify_client = 0
icm/server_port_1 = PROT=HTTPS, PORT=60000
Example: SAPLOCALHOST=vwdisphost.sap.com
SAPLOCALHOST = sapwep.madrid.informa
#--- SAP Web Dispatcher-specific parameters
icm/server_port_0 = PROT=HTTP, PORT=8206,TIMEOUT=30,PROCTIMEOUT=600
rdisp/mshost = sapvsap.madrid.informa
ms/http_port = 8100
icm/HTTP/admin_0= PREFIX=/sap/wdisp/admin,DOCROOT=./admin
icm/max_conn              = 16384
icm/max_sockets          = 32768
wdisp/HTTP/max_pooled_con = 16000
wdisp/HTTPS/max_pooled_con = 16000
icm/req_queue_len          = 6000
icm/min_threads            = 100
icm/max_threads            = 500
mpi/total_size_MB          = 500
mpi/max_pipes              = 20500
mpi/buffer_size           = 32768
Iu00B4m trying to import it using:
K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
Can somebody help me?.
Thanks.

K:\usr\sap\wd\secudir>sapgenpse import_own_cert -c K:\usr\sap\wd\secudir\certifi
cado.7b -p K:\usr\sap\wd\secudir\prueba.pse -c CA.cer
That doesn't look quite right.
It should be something along the lines of:
sapgenpse import_own_cert -p K:\usr\sap\wd\secudir\prueba.pse -c K:\usr\sap\wd\secudir\certifi
cado.7b -r CA.cer
Note the -r for CA root certificate. Although it should not be required for a PKCS#7 certificate to specify a CA root when importing as it should already have it included in the certificate. You can try importing without specifying the CA root too.
Nelis

Help with understanding SSL on Netweaver 7.1 and the relevant key stores.

I am having a great difficulty in understanding how SAP manages and uses SSL certificates in Netweaver 7.1. More specifically, what the difference is between System, Server, and Client.
As I can see, there are three PSE key stores I see within STRUST.
1. SSL System PSE
2. SSL Server PSE
3. SSL Client PSE
The System PSE I believe is installed by default and enables the systems to communicate between each other, such as Application Servers and the Central Instance.
The Server PSE is the where I store the certificate I generated and had signed by a CA (certificate authority). It contains a root and intermediate certificate and both have been imported back into the Server PSE store. When partners connect to me and I agree to accept server only authentication, it is this cert that identifies my server as a trusted server the partner. Do I need to add the partneru2019s u201Crootu201D or u201Cintermediateu201D certs to my Server PSE in order to allow SSL login?
The Client PSE is where I store partneru2019s client certificates that I allow to login via u201Cclientu201D authentication. Without their key installed in this store, they will not be allowed to login via SSL.
When I wish to make connections to partners, I will take my Server key from the Server PSE, export the key, and send it to the partner so they can import it in their key store.
Does the above sounds right? Any clarification would be greatly appreciated.
Thanks,
Mike.
P.S. I also have questions about how and if certificates are synchronized from the ABAP stack (STRUST) to the JAVA stack (Netweaver Administrator), as keys can be stored in either direction. If not, does where you store the certificate depend if it is an ABAP or JAVA type connection?

hi michael,
 
please be careful - actually, there is NO SSL System PSE. 
There is only a so called "System PSE", which is not at all related to SSL. 
 
The PSEs actually available for SSL as default are: 
 
- the SSL Server PSE (which is a rather complicated construction ... see below) [mandatory] 
- the SSL Client PSE (standard) 
- the SSL Client PSE (anonymous) 
 
Looking at connections using HTTPS/SSL, you always have two communication partners: an entity issuing a request, named the "client", and another entity, to which the request is sent in order to be responded to, named the "server".
Since an SAP ABAP system can be either client or server in this setup, we have the chance to provide different security environments (= PSE) for these communication roles. 
 
When the SAP system initializes a HTTPS communication, it will make use of one of the SSL Client PSEs. These PSEs mainly serve the purpose of storing the CA certificates that are trusted. Only servers whose server certificate is signed by a CA where the CA root certificate is contained in the SSL Client PSE can be connected to. If the server's certificate is not trusted, the error message "verification of the server's certificate chain faile" will appear in the ICM trace (see note 1094342). 
 
The difference between SSl Client PSEs "standard" and "anonymous" is the actual certificate - the "anonymous" PSE always contains the distinguished name (DN) "CN=anonymous", which can not be used for client authentication. In contrast, the "standard" PSE's DN can be defined freely, so this PSE can be signed by a CA and furthermore used for client authentication. 
 
Now for the SSL Server PSE. 
As mentioned already, the SSL Server PSE can be a complicated thing ... actually, this PSE is only a container for more PSEs. There must be at least the "default" PSE (unfortunately also called "standard"), and there can be up to 1 PSE for each application server. 
In a standard setup, the default PSE is used only for those cases where no application server specific PSE applies. The application server specific PSEs are supposed to be the ones that are actually used by the ICM. 
 
What does "up to 1 per AS" mean? Well - as soon as two SSL Server PSEs use the same DN, these PSEs are no longer distinguished, and will be mapped to the same PSE data (key pair, certificate list). So, if you define the same DN for several application servers, only one PSE is created and used by both application servers. 
 
I hope this (lengthy) epistle anwers more question than opens new ones... 
 
regards, 
sebastian
Edited by: Sebastian Broll on Apr 8, 2010 8:07 AM (formatting)

STRUST Import Certificate to ABAP engine.

Hi All,
I'm importing Certificate into ABAP for first time.
Can you please tell me the steps to do that.
T-code: STRUST
SSL Client Ananymos
On the right panel click on Import and then browse the certificate?
I did browsed the zip file which contains 6 certificates and now I'm getting this error
"Cannot analyze certificat" after selection in "Import"
Can you please tell me the steps to completed the import of certificates into ABAP engine. so that I can use it in SM59 HTTP destination type G.
Is there any blog for that ?
Thanks
Newi

Hi,
Go through below links these might help you.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/a6/f19a3dc0d82453e10000000a114084/content.htm
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/14/29236de1864c6e8d46e77192adaa95/content.htm

How to include a new root certificate in BlackBerry device

Dear Sir/Madam,
　TWCA is a certification authority in Taiwan provides security system for internet banking, stock trading, e-commerce and SSL certification service in Asia-Pacific region. TWCA wish to add its' root certificate into BlackBerry mobile device in order that our customers may use BlackBerry mobile device to do internet banking and stock trading on secured SSL Website. Could you provide some information about BlackBerry/RIM root certificate program?
Thanks and Regards.
Blues Lin
Solved!
Go to Solution.

Hi and Welcome to the Forums!
It sounds like your question is of a formal nature -- as in you wish to communicate directly with RIM for your query. Unfortunately, these forums are not a user-to/from-RIM communication vehicle -- rather, they are a user-to-user support forum. As such, it is unlikely that anyone from RIM will see and respond to your question. Hopefully some other user knows how to advise you, but I just wanted to set your expectation correctly about what to expect from these forums.
Good luck!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code

How can i automate importing certificates?

My company is using zScaler for web filtering and we are trying to figure out how we can import certificate into firefox. I have tried copying the cert.db from one machine to another but the problem is that the page only loads with text, which implies the certificate is half working. if we remove the cert and manually import the cert it works fine. we are trying to find a way to automate the deployment of this certificate to 100+ machines. Please advise if this is possible.

I have not done this before, however there is posted information about with how to attempt this, for example: [http://community.spiceworks.com/how_to/show/15158-firefox-trust-a-local-certificate-authority-for-all-users-and-computers]
There is also the ESR community that does this alot. Check out their lists for community questions [https://www.mozilla.org/en-US/firefox/organizations/]

Is it necessary to restart the J2EE after I have imported certificates?

Hi guys,
I have imported certificates into the keystore. Is it necessary to restart the J2EE to make them available?
Thanks, Olian

Hi Olian,
Not necessary to restart the server.
If you have imported server certificates, then you can check it by assigning the certificates to https port in SSL provider and acces the server through https://<server name (FQDN):<https port>.
The explorer should show you the imported certificate.
If you have imported any other certificates , then also its not necessary to restart. You can directly check the functionality for which you have imported the certificates.
Cheers....,
Raghu

Error while importing CSR into key storage?

Dear All,
I am trying to implement the SSL certificates on our production server. I have generated the CSR from Visual Admin --> Key Storage. I forwarded it to CA and got the certificate response also. Now while importing the certificate into key storage, it is giving me following error:
The private ket pair doesnt match the certificate response file: Invalid PKCS#1 padding, no leading zeros.
What can be the cause and probable solution on this issue? Any help on this will be highly appreciated. Kindly reply..
Thank you,
Ameya

Hi,
I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked.

Help requested with Importing a website's CA certificate into my Java App

Hello everyone,
First of all, I'm not sure if this is the right category for my question, so if not please move it appropriately.
I'm creating a desktop application that will update your IPv4 address to Tunnelbroker (Hurricane Electric's IPv6 tunnel service). Right now it's about 76% complete, and I'm testing it out. My problem is this: Tunnelbroker uses their own CA Certificate (SSL) for their https:// connection, and it's not valid in Java/Netbeans. So, whenever I try to update the IPv4 address, I get the following Can't read from the Internet: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net foundThe website is https://ipv4.tunnelbroker.net (so you can verify that it's a valid site/certificate).
I've found workarounds for importing my OWN CA Certificate into the application (or Netbeans), but nothing about importing a valid third-party CA Certificate into the application (or Netbeans). I've posted this question to the Netbeans forums--but have yet to receive anything from them. Also, I've found workarounds for trusting all certificates (although I'm not sure how to implement that into my application).
What I'm looking for is either a) how to import the certificate into my application, so the user won't have to deal with it b) a workaround to bypass the security check c) any other method of getting over this hurdle.
I'd say I'm an intermediate developer, so pointing me to something like "Adding a Certificate Exception" is fine, except that I need to know whether I can take everything inside of the main method and put it as it's own method somewhere (or do I need to create an entire class for that portion).
Also, I don't necessarily want to use the "Trust All Certificates" method. Even though the end-user won't be able to change the site, I don't want to create that much of a security hole.
Thank you for any assistance in this. (As an aside note, this will enable me to finally mark another "open" question as answered, as I haven't been able to test it yet because of this issue).
Have a great day:)
Patrick.

EJP wrote:
1. It should be in the directory of the JRE, not the JDK. The end user won't have one.
2. Dunno, I would think so.
3. This is a step for the end user to perform, not you. You don't want to be telling the end user who to trust, for all kinds of legal liability reasons. You want him to decide.Hello again.
I have an update to this. I found out that the domain tunnelbroker.net is in my cacerts (at least if I run a small program to test the SSL Certificate for the site), however since it doesn't list ipv4.tunnelbroker.net as an alternative (that I can see), this is why I'm getting the SSL HandshakeException error.
Here is the script that I ran (compiled and then used java -Djavax.net.debug=all TestSSL https://ipv4.tunnelbroker.net to run it.
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLConnection;
* @author Daryl Banttari
public class TestSSL {
 public static void main(String[] args) {
 // default url:
 String urlString = "https://www.paypal.com/";
 // if any url specified, use that instead:
 if(args.length > 0) {
 urlString = args[0];
 System.out.println("Connecting to " + urlString + "...");
 try {
 // convert user string to URL object
 URL url = new URL(urlString);
 // connect!
 URLConnection cnx = url.openConnection();
 cnx.connect();
 // read the page returned
 InputStream ins = cnx.getInputStream();
 BufferedReader in = new BufferedReader(new InputStreamReader(ins));
 String curline;
 while( (curline = in.readLine()) != null ) {
 System.out.println(curline);
 // close the connection
 ins.close();
 catch(Throwable t) {
 t.printStackTrace();
}And here are the results of the complete debugging ***** WARNING there's a lot here ****
>
Connecting to https://ipv4.tunnelbroker.net...
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: /usr/lib/jvm/java-6-openjdk/jre/lib/security/jssecacerts
trustStore type is : jks
trustStore provider is :
init truststore
< ... Snipped to conserve space... >
adding as trusted cert:
Subject: OU=RSA Security 1024 V3, O=RSA Security Inc
Issuer: OU=RSA Security 1024 V3, O=RSA Security Inc
Algorithm: RSA; Serial number: 0xa0101010000027c0000000b00000002
Valid from Thu Feb 22 15:01:49 CST 2001 until Sun Feb 22 14:01:49 CST 2026
adding as trusted cert:
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Algorithm: RSA; Serial number: 0xbc201a57ebb49897
Valid from Tue Jul 10 20:35:31 CDT 2007 until Fri Jul 07 20:35:31 CDT 2017
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 19:00:00 CDT 1999 until Wed Jul 16 18:59:59 CDT 2036
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 05:38:31 CDT 2000 until Sat May 30 05:38:31 CDT 2020
adding as trusted cert:
Subject: CN=CC Signet - PCA Klasa 2, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
Issuer: CN=CC Signet - RootCA, OU=Centrum Certyfikacji Signet, O=TP Internet Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x3cbede10
Valid from Thu Apr 18 09:54:08 CDT 2002 until Mon Sep 21 10:42:19 CDT 2026
< ... Snipped to conserve space... >
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1286668278 bytes = { 67, 34, 247, 171, 23, 198, 239, 55, 170, 174, 198, 240, 212, 155, 66, 209, 111, 146, 87, 177, 42, 3, 70, 62, 239, 10, 223, 89 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
[write] MD5 and SHA1 hashes: len = 177
0000: 01 00 00 AD 03 01 4D B1 00 F6 43 22 F7 AB 17 C6 ......M...C"....
0010: EF 37 AA AE C6 F0 D4 9B 42 D1 6F 92 57 B1 2A 03 .7......B.o.W.*.
0020: 46 3E EF 0A DF 59 00 00 46 00 04 00 05 00 2F 00 F>...Y..F...../.
0030: 35 C0 02 C0 04 C0 05 C0 0C C0 0E C0 0F C0 07 C0 5...............
0040: 09 C0 0A C0 11 C0 13 C0 14 00 33 00 39 00 32 00 ..........3.9.2.
0050: 38 00 0A C0 03 C0 0D C0 08 C0 12 00 16 00 13 00 8...............
0060: 09 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 ................
0070: 00 00 3E 00 0A 00 34 00 32 00 17 00 01 00 03 00 ..>...4.2.......
0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................
0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................
00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................
00B0: 00 .
main, WRITE: TLSv1 Handshake, length = 177
[write] MD5 and SHA1 hashes: len = 173
0000: 01 03 01 00 84 00 00 00 20 00 00 04 01 00 80 00 ........ .......
0010: 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 01 00 ..../..5........
0020: 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 C0 07 ................
0030: 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 C0 00 ........@.......
0040: C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 00 00 ..........3..9..
0050: 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 00 80 2..8............
0060: 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 13 00 ................
0070: 00 09 06 00 40 00 00 15 00 00 12 00 00 03 02 00 ....@...........
0080: 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D B1 00 .............M..
0090: F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 9B 42 .C".....7......B
00A0: D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .o.W.*.F>...Y
main, WRITE: SSLv2 client hello message, length = 173
[Raw write]: length = 175
0000: 80 AD 01 03 01 00 84 00 00 00 20 00 00 04 01 00 .......... .....
0010: 80 00 00 05 00 00 2F 00 00 35 00 C0 02 00 C0 04 ....../..5......
0020: 01 00 80 00 C0 05 00 C0 0C 00 C0 0E 00 C0 0F 00 ................
0030: C0 07 05 00 80 00 C0 09 06 00 40 00 C0 0A 07 00 ..........@.....
0040: C0 00 C0 11 00 C0 13 00 C0 14 00 00 33 00 00 39 ............3..9
0050: 00 00 32 00 00 38 00 00 0A 07 00 C0 00 C0 03 02 ..2..8..........
0060: 00 80 00 C0 0D 00 C0 08 00 C0 12 00 00 16 00 00 ................
0070: 13 00 00 09 06 00 40 00 00 15 00 00 12 00 00 03 ......@.........
0080: 02 00 80 00 00 08 00 00 14 00 00 11 00 00 FF 4D ...............M
0090: B1 00 F6 43 22 F7 AB 17 C6 EF 37 AA AE C6 F0 D4 ...C".....7.....
00A0: 9B 42 D1 6F 92 57 B1 2A 03 46 3E EF 0A DF 59 .B.o.W.*.F>...Y
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1286668279 bytes = { 139, 214, 225, 90, 66, 187, 209, 102, 61, 206, 214, 127, 65, 85, 39, 88, 162, 1, 53, 255, 208, 234, 207, 26, 74, 4, 177, 213 }
Session ID: {89, 242, 19, 161, 3, 178, 31, 57, 88, 84, 187, 218, 194, 76, 244, 187, 23, 84, 240, 215, 19, 93, 176, 35, 237, 63, 49, 125, 232, 186, 89, 98}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 4D B1 00 F7 8B D6 E1 5A 42 BB ...F..M......ZB.
0010: D1 66 3D CE D6 7F 41 55 27 58 A2 01 35 FF D0 EA .f=...AU'X..5...
0020: CF 1A 4A 04 B1 D5 20 59 F2 13 A1 03 B2 1F 39 58 ..J... Y......9X
0030: 54 BB DA C2 4C F4 BB 17 54 F0 D7 13 5D B0 23 ED T...L...T...].#.
0040: 3F 31 7D E8 BA 59 62 00 04 00 ?1...Yb...
[Raw read]: length = 5
0000: 16 03 01 02 BF .....
[Raw read]: length = 703
0000: 0B 00 02 BB 00 02 B8 00 02 B5 30 82 02 B1 30 82 ..........0...0.
0010: 02 1A 02 09 00 BC 20 1A 57 EB B4 98 97 30 0D 06 ...... .W....0..
0020: 09 2A 86 48 86 F7 0D 01 01 04 05 00 30 81 9C 31 .*.H........0..1
0030: 0B 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 .0...U....US1.0.
0040: 06 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 ..U....Californi
0050: 61 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D a1.0...U....Frem
0060: 6F 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 ont1 0...U....Hu
0070: 72 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 rricane Electric
0080: 2C 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 , LLC1.0...U....
0090: 49 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 IPV61.0...U....t
00A0: 75 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 unnelbroker.net1
00B0: 1A 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B .0...*.H........
00C0: 69 6E 66 6F 40 68 65 2E 6E 65 74 30 1E 17 0D 30 [email protected]
00D0: 37 30 37 31 31 30 31 33 35 33 31 5A 17 0D 31 37 70711013531Z..17
00E0: 30 37 30 38 30 31 33 35 33 31 5A 30 81 9C 31 0B 0708013531Z0..1.
00F0: 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 0...U....US1.0..
0100: 03 55 04 08 13 0A 43 61 6C 69 66 6F 72 6E 69 61 .U....California
0110: 31 10 30 0E 06 03 55 04 07 13 07 46 72 65 6D 6F 1.0...U....Fremo
0120: 6E 74 31 20 30 1E 06 03 55 04 0A 13 17 48 75 72 nt1 0...U....Hur
0130: 72 69 63 61 6E 65 20 45 6C 65 63 74 72 69 63 2C ricane Electric,
0140: 20 4C 4C 43 31 0D 30 0B 06 03 55 04 0B 13 04 49 LLC1.0...U....I
0150: 50 56 36 31 19 30 17 06 03 55 04 03 13 10 74 75 PV61.0...U....tu
0160: 6E 6E 65 6C 62 72 6F 6B 65 72 2E 6E 65 74 31 1A nnelbroker.net1.
0170: 30 18 06 09 2A 86 48 86 F7 0D 01 09 01 16 0B 69 0...*.H........i
0180: 6E 66 6F 40 68 65 2E 6E 65 74 30 81 9F 30 0D 06 [email protected]..
0190: 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 81 8D 00 .*.H............
01A0: 30 81 89 02 81 81 00 D7 24 7C 25 2A 7E 69 75 4A 0.......$.%*.iuJ
01B0: 85 01 91 86 60 8F 2C 96 E4 BE 96 E4 B6 36 28 A1 ....`.,......6(.
01C0: 7A 56 53 5C 01 A4 13 C8 6B 96 44 B7 5E 3D C0 60 zVS\....k.D.^=.`
01D0: B9 27 75 D5 A0 72 84 D7 54 C9 48 F4 B2 B4 B4 44 .'u..r..T.H....D
01E0: 0C 3D 90 48 57 F4 17 8D 71 EA 1E F8 4E 6F 88 68 .=.HW...q...No.h
01F0: 4F 5E 30 F9 56 F2 48 F4 57 18 3A 94 89 A9 09 60 O^0.V.H.W.:....`
0200: 19 CD 15 98 88 47 C3 80 E7 50 30 33 DF A9 51 91 .....G...P03..Q.
0210: A4 34 40 09 60 C5 C4 F9 38 7C 7A EB 5A F3 3C 63 .4@.`...8.z.Z.<c
0220: 3D 2D 24 12 08 C6 6F 02 03 01 00 01 30 0D 06 09 =-$...o.....0...
0230: 2A 86 48 86 F7 0D 01 01 04 05 00 03 81 81 00 55 *.H............U
0240: 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 99 E.(.3.6.:.... ..
0250: 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A 74 u.....bi..q....t
0260: E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 71 .\c7d.`hCP.I...q
0270: 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 71 ..7?.8.2Ul.c.j.q
0280: 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 5B ..v.I...2......[
0290: 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B DE .....,(....m6k..
02A0: E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 5D ..&J..?..N.....]
02B0: 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F .E..K.....Q....
main, READ: TLSv1 Handshake, length = 703
*** Certificate chain
chain [0] = [
Version: V1
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
public exponent: 65537
Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
 To: Fri Jul 07 20:35:31 CDT 2017]
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
SerialNumber: [ bc201a57 ebb49897]
Algorithm: [MD5withRSA]
Signature:
0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
Found trusted certificate:
Version: V1
Subject: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 151078214832725997135839062949249516337507001175872585678208884131491712232432816986255053685674730439436945979324335861205079532450830475393857978740049212402170775011735778076852329233310431150139137152539823492882314808967689085169519290729775244738682251391827885615393137851975032443040800861047648470639
public exponent: 65537
Validity: [From: Tue Jul 10 20:35:31 CDT 2007,
 To: Fri Jul 07 20:35:31 CDT 2017]
Issuer: [email protected], CN=tunnelbroker.net, OU=IPV6, O="Hurricane Electric, LLC", L=Fremont, ST=California, C=US
SerialNumber: [ bc201a57 ebb49897]
Algorithm: [MD5withRSA]
Signature:
0000: 55 45 96 28 96 33 CD 36 1C 3A 98 96 8B DE 20 93 UE.(.3.6.:.... .
0010: 99 75 C9 D7 86 94 2E 62 69 C3 80 71 C2 F4 F0 1A .u.....bi..q....
0020: 74 E5 5C 63 37 64 92 60 68 43 50 0F 49 FB A0 90 t.\c7d.`hCP.I...
0030: 71 1C EF 37 3F BF 38 E2 32 55 6C EB 63 C5 6A A1 q..7?.8.2Ul.c.j.
0040: 71 8B AF 76 0A 49 C6 0A 7C 32 0A 7F 87 9B F3 C5 q..v.I...2......
0050: 5B 1F 98 9C EC 8D 2C 28 E2 DA 83 98 6D 36 6B 7B [.....,(....m6k.
0060: DE E7 E6 26 4A AC E9 3F 84 96 4E CB B6 EC C5 13 ...&J..?..N.....
0070: 5D 99 45 A0 CB 4B AB BA 08 B7 DF 51 7D CB B7 1F ].E..K.....Q....
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1665)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:258)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:252)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1165)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:610)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:546)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:913)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1158)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1185)
 at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1169)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:440)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
 at TestSSL.main(TestSSL.java:33)
Caused by: java.security.cert.CertificateException: No name matching ipv4.tunnelbroker.net found
 at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:225)
 at sun.security.util.HostnameChecker.match(HostnameChecker.java:94)
 at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:285)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:271)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1144)
 ... 11 more
{quote}
So, now I'm trying to figure out how to get past this. Unless (and until) Tunnelbroker includes the alternative name in their certificate (or if it's included already, until I figure out how to get that alternative imported into my truststore), I'm never going to be able to update via java.
Have a great day:)
Patrick.

Import a certificate into Sun/Java/Deployment/security/trusted.clientcerts

Hi I'm trying to make a java applet, it has to add a certificate in the Keystore Sun/Java/Deployment/security/trusted.clientcerts.
The problem is that to store, I have to enter a password. I enter "". ToCharArray () but when I try to view the certificates, it does not appear in the java control panel.
And when I try to import a certificate from the java control panel throws the following error "keystore was tampered with or password was incorrect".
Code:
private void guardarKeyStore(KeyStore ks) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException{
FileOutputStream out = new FileOutputStream(System.getenv("APPDATA").replace("\\", "/")+"/Sun/Java/Deployment/security/trusted.clientcerts");
ks.setCertificateEntry("someAlias", decodeCertificate(somebase64));
ks.store(out, "".toCharArray());
out.close();
}

Francisco26 wrote:
I Want to insert a certificate into trusted.clientcerts via java applet.
This certificate have to appear in the java control panel. (Security->Certificates->user->client autentication)
Why that? Because i need to do an applet that download a certificate response from a request to a CA.Which to paraphrase EJP is undesirable, insecure and untrustworthy. What you are asking would allow an untrustworthy site to declare itself trustworthy.

How to import a Verisign SSL Certificates into WebAccess

I attempted tp follow the Novell TID:
How to Import a CSR generated by GWCSRGEN (10091564).
Whenever I attempt an import according to the above TID, I get the following error message 'Failed to store the root certificate into the object VeriSignCert.xxxxx.xxx.xxx. Returned error code is -1,240.
The Novell Certificate Server Snap-In to Netware Administrator or Console One could not parse the certificate or extract the mandatory elements from the certificate.

FilosaD,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

Login error in Portal after importing a new certificate into BI

Hi Experts,
Our certificate in BI expired last month and we were unable to login to the BEx reports due to this.
I have created a new certificate using Visual Administrator and imported that certificate into BI using STRUSTSSO2 after deleting the old certificate from the system PSE.
After which I have added this new certificate to the ACL for Single Sign On.
Then rebooted the JAVA stack for the changes to take effect.
Now, when I want to login to view reports on the Portal created by BEx Analyzer, I am getting this RFC_ERROR_LOGON_FAILURE exception.
When checked in SM50, it shows SsfVerify failed and SSF_API_NOCERTIFICATE errors.
Please help me out resolving this. Did I miss out on any of the steps?
Also when I ran the report, RSPOR_SETUP, the step 5 shows SID_certificate.crt is not existing and the step 12 shows that BI certificate not imported, SAP BI User is not mapped to SAP EP User.
Regards,

Hi,
Have a look at this [thread|The URL http://xxx was not called due to an error; as well as the [Wiki Link|http://wiki.sdn.sap.com/wiki/display/BSP/Logon].
Hope this will be helpful for you.
Regards,
Varadharajan M

Importing Certificates into Blackberry Z10 Key Store.

Similar Messages

Maybe you are looking for