Importing Verisign Certificate to Integrated ITS

Similar Messages

• Importing Verisign Certificate on PIX7.1

  Hi there,
  After having importet Verisign Intermediate CA onto my PIX, I've send the CSR request to Verisign and gotten a Certificate back. Now when I try to import the returned certificate on the PIX, I get an error :
  Failed to parse or verify imported certificate
  Now, I've tried clearing all certs, reauthenticate the CA etc.
  Any ideas?
  Is it a problem that the CA is Intermediate? Can the CSR attributes contain spaces?
  Pix is running latest version 7
  Kind regards
  Kelvin Dam

  Hi koksm,
  Yeah - I got it to work. I dont know how many of these steps you have done, but heres how I did it :
  RSA-keys are probably already generated (also needed for ssh-access), but if you ever need to reissue the cert, regenerate the rsa keys, otherwise the CSR will be exactly the same and not accepted by the 3rd party CA:
  crypto key generate rsa
  Then define the trustpoint:
  crypto ca trustpoint Verisign
  crl optional
  enrollment terminal
  subject-name CN=host.domain.com,OU=Unit,O=Organisation,C=NL,St=xxx,L=xxx,[email protected]
  Import root CA cert (make sure you have the correct one, preferably without intermediate CA (RA)):
  crypto ca authenticate Verisign
  ---BEGIN--- or ---END--- lines do not matter>
  quit
  INFO: Certificate has the following attributes:
  Fingerprint: 069f6979 16669002 1b8c8ca2 c3076f3a
  Do you accept this certificate? [yes/no]: yes
  Trustpoint CA certificate accepted.
  Generate the CSR:
  crypto ca enroll Verisign
  % Start certificate enrollment ..
  % The subject name in the certificate will be: xxxx
  % The fully-qualified domain name in the certificate will be: hostname.domain.com
  % Include the device serial number in the subject name? [yes/no]: no
  Display Certificate Request to terminal? [yes/no]: yes
  Certificate Request follows:
  MIICNjCCAZ8CAQAwgbwxJTAjBgkqhkiG9w0BCQEWFnNlcnZpY2VkZXNrQGR5bm9t
  aWMubmwxEjAQBgNVBAcTCUJpbHRob3ZlbjEQMA4GA1UECBMHVXRyZWNodDELMAkG
  ---End - This line not part of the certificate request---
  Redisplay enrollment request? [yes/no]: no
  Notice this is generate without ---BEGIN--- and ---END--- lines which you do need to add when submitting the form to the 3rd party CA.
  After succesful verification by the CA you'll be returned a certificate which you can import with or without the ---BEGIN--- and ---END---- lines, so you might as well just copy the complete text:
  crypto ca import Verisign certificate
  % The fully-qualified domain name in the certificate will be: xxx.domain.com
  Enter the base 64 encoded certificate.
  End with the word "quit" on a line by itself
  -----BEGIN CERTIFICATE-----
  MIIDcTCCAtqgAwIBAgIQIHOwJ7acK6Fmibyhf67HlDANBgkqhkiG9w0BAQUFADC
  MXN/DqZw504SdlIkm3K4Dt7kSa5NILlncBiPhJJPJRjcOk6wRB6vuGG85uz6twR
  nq4BqbMitzpgxvK12hgS9ZDy62kC
  -----END CERTIFICATE-----
  quit
  INFO: Certificate successfully imported
  Make sure you activitate the trustpoint either as for use on all interfaces or on a specific interface using:
  ssl trust-point thawte.com [interface]
  One more thing - the verisign root cert, I did NOT get from their webpage, but I took the one that accompanies the Internet Explorer.
  Hope it helps
  Kdam

• Can not import Verisign certificate

  Dear all,
  I am trying to import a Verisign certificate in my ABAP BW 3.5
  Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
  PSE so that it contains field SP, it is more like installing a new
  certificate.
  What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
  I then created the CSR request to Verisign. I received
  the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
  When I apply the response, by pasting the contents of the text
  file created above, I get the message:
  "CA Certificate missing in database"
  I have already looked at notes 508307, 518185, 510007, 1074447, 511919
  I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
  I am also sure that the Verisign CA root certificate exists in the
  database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
  I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
  Many thanks in advance for your help
  Regards
  Andreas

  Just created a new SSL PSE and imported the certificate chain again and this time it worked...

• How to import Verisign Intermediate certificate (char 2) with Oracle Wallet 10.1.0.5

  Hi,
      Recently I renewed a Verisign Certificate using Oracle Wallet 10.1.0.5 but could not apply one of the intermediate certificates (char2 encryption?).  The error message is : "Some trusted certificates could not be installed:. Does anyone have a solution to this problem?  A technician at Verisign told me that I need to contact Oracle for a patch.  Is there such a patch for Oracle Wallet version 10.1.05?
      Please help and thanks!
  Jim.

  Hi Jim,
  Which certificate did you get renewed ? root certificate or a user certificate and is it using the same CSR or did you request it via a new CSR (certificate signing request)
  Looks like the certificate chain is breaking when you are trying to import the intermediate certificate. The certs has to be imported in a order (root , intermediate and then user)
  Below doc can help you to some extent:
  How to Replace an Expired or Expiring Certificate in Wallet Manager in Oracle AS 10g and FMW 11g (Doc ID 303299.1)
  Thanks,
  Sharmela

• Not able to import business system in Integration Directory

  Dear all,
  Currently i involved in XI system copy. As per the standard documetn i have finsihed the initial activites like EXPORT and import of abap and java files is succedded.
  Now in the post instalaltion activites.
  I have changed the exchange profile parameter
  SLD connection.
  And other post installation activites succesfully.
  But I am not able to import the business system in Integration director. It throws an error by mentioning.
  *Access to object list of type business system using the internalEOA service business system accessor failed *
  Here we are maintaing a central SLD and hence i created the service users with specific roles.
  SLDcheck is working fine and it dispalying the businees system as well.
  I confirmed that the user and password are same in XI and SLD system,
  But in SLD I am not able to see the domain under web as Exchagne Infrastructure alonng with the componets. I have tried to registerd the same using the note 761476 but in vain. After the changes i restarted the machin and checked the domain status in SLD technical system under exchagne Inffrastructure its not working.
  Is this the problem or am i missing out somewhere?
  FYI: The users are not locked.
  Kindly suggest me and it will be greatful if i get immediate reply.
  Thanks and regards
  Vijay kumar G

  Hi Vijay,
  It looks like the problem is with the SLD.
  Did you delete the SAP ABAP and Java technical system and business systems and recreate them in the central SLD? If this was the case, then you may not be able to import them into your integration directory anymore, as the GUID of the new technical systems and business systems are not the same with the previous one.
  Why not tried to recopy the SLD again, and this time do not change the technical and business systems. If the reregistration of these systems are not avoidable, then you will have to open up the copied IR for configuration.
  Regards,
  Lim...

• How do I surface language specific texts in Integrated ITS?

  Hello all,
  I'm new to both stand alone and integrated ITS and am researching the upgrade process. In our stand alone templates we used htrc files with our html templates to show language specific texts.
  Example.
  html template code for a field label
  `if (i==2) DETAIL-FLABEL[2]= #KAFN end`
  htrc name value pair
  z_pz01_en.htrc
  KAFN     Known As First Name
  z_pz01_de.htrc
  KAFN     Bekannt unter dem Vornamen
  I see no hint that htrc's can be used in integrated and am not seeing anything in the way of resource based language texts in integrated. I think I've hit every document out there yet, I have a feeling I'm missing something obvious. Your help is appreciated.
  Doug

  Edgar,
  Thanks so much for the detail!
  I have run through the steps for manual creation of translations as well as SIAC_UPLOAD of htrc files and have it working and documented. I will add a few more findings here for others who find this post later.
  Some of our old htrc files had duplicate keys (probably from original German version). In stand alone ITS the last key in the file was used so this didn't matter. In integrated ITS this matters for 2 reasons.
  1 Uploading/Converting htrc files having logged in in English will cause failures if any of the text being entered in the service parameters has characters that arent consistent with the codepage being used for EN. (Ex. back Azureück). Clean up htrc files to use only the language they should contain.
  2 Stand alone ITS was forgiving of htrc files containing duplicate keys. Integrated ITS is not. Remove all duplicate keys.
  3. This one is obvious but... if  parameters have already been entered in another language you may be prompted to confirm you are changing language and there are several prompts along the way. As these prompts will appear in the logon language itu2019s important to eitheru2026
  a. Be fluent in all supported languages , oru2026
  b. Memorize button and menu positions.
  I do have one additional question.
  Our old stand alone setup had an alternate corporate "APCI" design that we used...
  File system view -
  hostDEV_WWWmimesdesigns"apci"webgui as opposed to the out of box
  hostDEV_WWWmimesdesignssap_streamlinewebgui I suppose.
  I believe this was then referenced in the global services file ~DESIGN="APCI"
  I'm starting research to understand if there is an analog to this in the integrated webgui service or precisely what I have to do to accomplish alternate styles for webgui and our Z_services.
  Thanks again, points on the way, If I could award more I would.
  Doug

• Signing in mail with a verisign certificate

  I have 2 certificates bought from Verisign that I used previously under 10.6.
  I made a clean install of 10.6 and then updated to 10.7, but even if I managed to import the certificates in the keychain access, the buttons in mail proposing the signature and encryption of emails doesn't appear.
  Thank you in advance for your help

  I haven't been able to resolve this issue using Mail and a Verisign certificate. So instead I tried Comodo and my Mail system now works perfectly with both signature and encryption. So perhaps the problem lies with Verisign rather than Apple......
  And Comodo is free, see http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html

• Integrated ITS issues in HTML Viewer Control related to applets

  We are currently running on integrated ITS - WAS 7.0 kernel 90 at level SAPKB70010.  We recently upgraded from a 46C environment that was utilizing external ITS.   We also utilize the standard SAP CIC0 transaction (call center interaction center)  that is essentially running the webgui service inside of html viewer controls inside of the SAPGUI.
  Once we upgraded to the integrated ITS we have lost some functionality.  It appears functions like exporting to spreadsheets from ALV grid, for example, no longer work in the CIC0.
  Through some investigation, I can see that if I run the webgui service in an IE browser, the ALV grid export functionality will work, and makes use of applets.
  If I run the same webgui service in an HTML viewer control  (for example, by running thru program RSDEMO_HTML_VIEWER), I can see that the download will not work.
  I'm aware the HTML viewer control has limitations, however this functionality worked fine for us when using the External ITS, and is important functionality for our CIC0 transaction.  We are using the same version of SAPGUI (640) now we were using before.
  Is anyone aware what has changed with Integrated ITS that would make this functionality no longer work in HTML viewer control?  or possibly settings that might need adjusted?
  Thanks,
  Pam Crissman
  Pam Crissman

  Hi Pam,
  I found something on SAP Notes:
  Check this:
  Note 858959 - ALV export: saving in SAP GUI for HTML as local file
  Regards,
  Siddhesh

• Not able to import others certificate in firefox

  dear all
  i have to change my plateform from windows to linux. i am working on security programming. even i find it tough to do simple stuffs. i am using fedora linux and firefox browser. i am trying to install others certificat. i am not able to do so. its giving me error. i had already imported the root CA certificate and the CA certificate successfully.
  error:
  the certificate can't be verified and will not be imported. the certificate issuer might be unknown or untrusted, the certificate might have expired, or been revoked, or the certificate might not have been approved.
  could any body give me some idea about all these simple issues. it will be very helpful if u could give me any link from where i can get some relevant materials.
  thanks
  ajkr
  Message was edited by:
  ajkr
  Message was edited by:
  ajkr

  If you already have the CA certificate chain in your cert8.db, then you need to make sure that the CA certs are trusted. If the trust settings are missing, then your end-entity cert will not get verified successfully. Use Firefox to change the trust settings on the CA certs and try the operation again.

• E61 cannot import personal certificate

  Hello,
  I can't import personal certificate. I have personal certificate in p12 (pkcs12) format and it can be imported into firefox without any issues. However when I open this certificate on E61 I am asked for:
  password for my certificate - I enter correct one
  E61 proceeds to to Screen where it says:
  File contains:
  1 private key
  1 personal certificate
  1 authority certificate
  Save? When I click on save I get message:
  Private key corrupted!
  then it proceeds to CA which works fine.
  What I am doing wrong? Kindly assist as this is show stopper in 170K+ employees company.

  Hi,
  I'm not only unlucky, I'm frustrated! :-(
  I've got exactly the same problem. Modell: E65.
  In our company around 50000 users are already using personal certificates, generated using an openssl pki framework.
  Installing/migrating/running a Windows-PKI instead, only for importing P12-Files into our Nokia mobile's is not a solution nor an option.
  All our user-certificates (Server-,Client-,Multi-Level-CA-Certificates) are working fine within standard-protocols and standard applications (e.g. IMAPS, VPN/IPSec, WPA-EAP-TTLS/TLS, HTTPS, LDAPs,...), even within Microsoft's client-appilcations (IE / Outlook) there are no problems importing / using them for encryption, authentication or signing purposes.
  So there should be no problem, regarding the import into a E65?!
  I tried to convert some demo-certificates various ways, exported, converted them to DER, build different P12-formated files but not chance: the E65 always reports "File corrupted".
  I also followed the instruction found under
  https://blogs.forum.nokia.com/view_entry.html?id=412
  So I tried to download a p12-Container directly from a test-webserver using the correct mime-type, no luck: Corrupted File!
  But on the other hand, any p12-file, which the E65 says is corrupted, could be imported into IE/Firefox/Outlook/Thunderbird (the later two on windows & linux plattforms) or opened/investigated using openssl (0.9.8c and 0.9.8d) on the command line without any problems.
  The hint (two posts above), creating certificates using MS-AD-integrated PKI gave me a small hope again. (Please do not understand me wrong, migrating all our user/server certs and PKI-Infrastructure to MS is completly impossible, but a small test will show whether out p12-Files cause the corruption problems).
  So I imported (doubleclick, windows wizard...) the openssl-generated p12 into IE (flagged "exportable") without problems. Right after the import, I exported it various ways (e.g. w/o stong encryption) into a MS-pfx (aka p12) formated file. Renamed the suffix from pfx to p12 and gave it to openssl for processing / investigation:
  openssl pkcs12 -in testuser.p12 -info
  Enter Import Password:
  MAC Iteration 2000
  MAC verified OK
  PKCS7 Data
  Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2000
  Bag Attributes
  localKeyID: 01 00 00 00
  friendlyName: {EE88EF5C-5404-487C-AB22-AA56E79D447C}
  Microsoft CSP Name: Microsoft Enhanced Cryptographic Provider v1.0
  Key Attributes
  X509v3 Key Usage: 10
  Ok the content seems to be in "Microsoft CSP" format!!! (remembering two posts earlier, that's the container-format MS-PKI produces, so a successfull import of this file should be possible?!.... No way either!!! "File corrupted!"
  Another point: during my first p12 import try I used a corporate-standard-p12 file, that means, it contains:
  1 x User-Cert
  1 x User-Key
  1 x Intermediate-level-CA-Cert
  1 x Root-level-CA-Cert
  The E65 successfully imported the two CA-Certs, ask for a name and stored them under "Authorities". They are accessible within S60 (Security->certif.manag) and anything is fine with them. But the also contained user-certificate and the user-key resulted in "File Corrupted!". :-(
  So, for me in the moment it looks really that there is a bug in S60-3rdEd. (E65). Our certificate-containers are as far as I can say completly standard conform all software (opensource/closed source) can read/import our p12-contents without problems, even the E65 can partialy (CA-Certs) read the p12 contents (but not the user-cert/key). :-(
  I would be very happy if someone else can confirm the above results and even more happy if someone else can give me more ideas where to look for a possible solution.
  What I'm missing is an exact specification from Nokia/Symbian, regarding the P12 contents. That means, Certificate/Key Encryption, Formats, Hash-Algorithms, Iterators, Mac-Iterators, and so on... If such an specification would be available/accessible chances are good to be able to generate a valid p12 file containing importable private keys. Information like DER/PEM and mime-type that's by far not enough.
  Because I was not able to find such details specs, all I can offer in the moment is to generate test certificates and p12-container-files for further in-deep debugging?!
  If it is not a bug of S60-3rdEd. perhaps someone else reading this thread can offer a MS-PKI-generated (and of course successfully imported ins S60) p12-File (even revoked should not be a problem) with all passphrases for download, so I can try to investigate in deep the formats and the differences?
  Many thanks for your help!
  Cheers
  Krum

• Installing Verisign Certificate for SSL - please help

  I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generator servlet to
  generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
  like it's in .pem format). Now, I've gone to the admin console and entered what
  I thought were the right values in the right places, but WLServer doesn't seem
  to like what I've entered and/or the files themselves. Here's what I have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
  from the actual domain name) - This is the file generated automatically by the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
  this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
  cert into this file - documentation real fuzzy on this step so it's probably wrong).
  SSL is enabled, listening on the default port of 7001, client certificate not
  enforced.
  Now, when I boot the server, I get the following error in the log file: ####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
  <system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the location I specified,
  so does that error mean it can't find it or that the file itself is corrupt?
  That's just the file that was autogenerated by the servlet, i don't see how it
  could be corrupt! Also, I assume that's just the first error ... if I fix that
  one, there likely will be more. I especially don't understand the part about
  the chain file as the documentation is so unclear to me about putting multiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

  Hi Josh,
  Jus to reconfirm are you sure that the Server key and Server Cert are not
  interchanged ?
  The error message indicates that private key is being read as a certificate.
  Maybe its not a explicit error message and instead should be
  Security configuration problem with private key file
  config/mydomain/my_domain_com-key.der
  Are you able to run with the democerts provided with weblogic ?
  yeshwant
  <system> <> <000296> <Security configuration problem with certificate
  file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
  Hey Yeshwant,
  Thanks for the tip. I did not use a password when creating the CSR request and
  the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
  Thanks,
  Josh
  Yeshwant <[email protected]> wrote:
  Hi Josh
  when you generated the csr using the certificate webapp , did you use
  a password ie are you using a password
  envrypted private key ?
  if yes you will have to provide that value in the start sript using the
  system property
  weblogic.management.pkpassword=actualpassword and also make sure that
  the Use Encrypted box is checked.
  If not make sure that the Use Encrypted box in the console under the
  ssl tab is unchecked.
  Yeshwant
  Josh Daynard wrote:
  I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
  on a Win2K Server. I have used the built-in certificate generatorservlet to
  generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
  like it's in .pem format). Now, I've gone to the admin console andentered what
  I thought were the right values in the right places, but WLServer doesn'tseem
  to like what I've entered and/or the files themselves. Here's whatI have:
  Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
  from the actual domain name) - This is the file generated automaticallyby the
  certificate servlet that I moved into this directory.
  Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
  was sent to me by Verisign, supposedly my 40-bit certificate).
  Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
  this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
  cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
  SSL is enabled, listening on the default port of 7001, client certificatenot
  enforced.
  Now, when I boot the server, I get the following error in the log file:####<Nov
  19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
  <system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
  java.io.EOFException>.
  What am I doing wrong here? I thought i put that file in the locationI specified,
  so does that error mean it can't find it or that the file itself iscorrupt?
  That's just the file that was autogenerated by the servlet, i don'tsee how it
  could be corrupt! Also, I assume that's just the first error ... ifI fix that
  one, there likely will be more. I especially don't understand thepart about
  the chain file as the documentation is so unclear to me about puttingmultiple
  certs in the chain file ...
  Thanks for any pointers,
  Josh

• Unable to Import Internal Certificate to Lync Deployment wizard Local Store

  hi,
  While installing Edge server. i imported internal certificate to Certificate local store. But when i tried to assign those certificate i did not see any imported certificate. I have installed Lync and Edge server several times but this is the 1st time, i m
  facing this issue.
  FYI,
  Its Lync 2010 Standalone Server. Also i have installed, domain’s root certificate to Edge server ” trusted root authority”.
  Kindly suggest.
  Thanks and Regards,
  Ankit

  Hi Ankkit18,
  You can download the Certificate Chain from CA and import it to Edge Server using MMC (Computer Account ->
  Trusted Root Certification Authorities).
  And in certificate request step, make sure that you have selected the
  Mark certificate private key as exportable check box.
  For more details, please refer to the following article.
  Set up certificates for the internal edge interface in Lync Server 2013
  Best regards,
  Eric

• Problem import trusted certificate with oracle wallet manager

  hi people
  db version 10.2.0.4
  owm version 10.2.0.4
  os version windows server 2003
  the first thing i've tried
  is to import a certificate which was created with selfssl (contained in the mircosoft iss resource kit)
  but its not working
  i get the following failure "Some trusted certificates could not be installed"
  i've checked the metalink and found this
  [WALLET MANAGER FAILS TO IMPORT MS IIS GENERATED CERT|https://metalink2.oracle.com/metalink/plsql/f?p=130:15:3132180381448029652::::p15_database_id,p15_docid,p15_show_header,p15_show_help,p15_black_frame,p15_font:BUG,6815320,1,1,1,helvetica]
  i've tried it with an openssl generated certificate
  no problems with importing this as trusted certificate
  so my question
  exists a general problem with certificates which were created with iis services?

  Hi, I am having the same issue with the certificate. Can anyone tell me how to fix this?
  Thank You!
  Kathie

• Verisign Certificates renewal Issue

  Hi
  We are running Sun Java Web Server 7.0 update 5 and wanted to renew verisign certificates for 2 more years.
  What i did:
  1. Got the certificates from Verisign with last year CSR (i'm not sure if previous CSR can be used or not)
  2. Using admin console (browser based) , i went to "server certificates" ->"install" and could successfully installed them (but there was a warning that duplicate nick name) and i selected ls2 (listener-2 for https)
  3. admin console shows renewal successful and expiry year is 2011.
  4. I also restarted both admin and web services
  But the problem that when i access the application from browser, it still says the expiry year as 2009.
  Please advise.
  Prvn

  Well ... I don't know WHICH three *db files you copied, or from where you copied them in the admin-serv directory.
  If the admin server appears to be working as expected, and the instance appears to be working as expected, then just make sure the admin server isn't telling you that changes have been made on the instance (if it is then tell it to copy the changes and make them the new current version).
  Depending on which files you copied from where you may end up with the admin server having the wrong certificates. This could cause a problem for any nodes that are registered with it. I think you'd already see a problem if this were going to break things though.
  In a perfect world everything is just working as expected now, and you're done. If you want to be extra cautious, though, you should restore the admin server's key3 and cert8 databases from a backup (these databases contain the self-signed certificate and its associated keys that were created when you installed Web Server).

• How to sign the applet with verisign certificate?

  Hi,
  I got a test certificate from the Verisign.
  Now I want to know, how to sign my applet with that certificate?
  Thanks,
  Siva E.

  Hi!
  You have to create a keystore wich contains the certificate. I think you call keystore -import "verisign.cert"Try the command, and it will tell you what it needs.
  To do the acutal signing of an applet (jar-file), you write somehting like this:
  jarsigner  -keystore "NameOfKeystore" -keypass "PasswordToPrivKey"  -storepass "PasswordToStore" "YourJarFile.jar" "CertAlias"The cert alias is an alias you created when importing the certificate. Hope it Helps!
  Henrik