Java (JSSE), keytool and certificates

Similar Messages

• JSSE: keys and certificates

  1)What exactly is the difference between a key and a certificate?
  2)Can both be used by JSSE?
  3)How can I obtain a key?
  4)A private and a public key? are it two separate files or what is it?

  The first (and until so far only time) that I used SSL was with a webapplication, running on tomcat on SSL. Then I was told to generate a keystore with the keytool command and that was all and everything worked fine. You would have had to import a certificate from the server to the client's truststore. If you worked at the server end you would have had to generate a key and either a self-signed cert or the whole CSR, get it signed, re-import sequence. This is a bit more than just 'generate a keystore with the keytool command'.
  if you never heard about the keytoolAre you kidding me?
  1)So this keystore was then a self-signed-certificate or even not a certificate at all???keytool -genkey generates a private/public key pair. keytool -selfcert generates a self-signed certificate for that keypair. Nobody in the world will trust that certificate unless you export it from this keystore and import it into their truststore. By contrast, if you generate a CSR, get it signed by a well-known CA, and import the signed cert into the same keystore the CSR came from, everybody will trust that cert, because they already trust the CA. BTW these things aren't they keystore, they are in the keystore.
  2)The keystore contains thus a private and public key, which ensure integrity and confidentiality.... but NOT client and server autentication?The public/private key system can give you integrity and confidentiality. The X.509 certificate system can be used for authentication. They are different things.

• JSSE  Client and server communication problem .err:untrusted server cert

  Hai all,
  I am trying to communicate JSSE client and server.
  I have created root.cert(CA),root.key,server.cert,server.key , client.cert and client.key. All these certificates are created using openssl.
  I have placed root.cert in default keystore cacerts.
  I have created a keystores(server & client) name mykeystore.
  I have placed root.cert and client.cert in the client keystore.
  I have placed root.cert and server.cert in the server keystore.
  But during the run time i am getting javax.net.ssl.SSLException: untrusted server cert chain.
  please suggest the modifications needs to be done to fix the error.
  please tell me In the client keystore and in the server keystore....what certificates we need to put?
  whether my approach as said above is correct or not?
  In java code how to specify this particular certificate we are referring?
  I have coded in this way ....
  SSLContext ctx;
  KeyManagerFactory kmf;
  KeyStore ks;
  char[] prasad = "prasad".toCharArray();
  ctx = SSLContext.getInstance("SSLv3");
  kmf = KeyManagerFactory.getInstance("SunX509");
  ks = KeyStore.getInstance("jks");
  ks.load(new FileInputStream("mykeystore"), prasad);
  kmf.init(ks, prasad);
  ctx.init(kmf.getKeyManagers(), null, null);
  factory = ctx.getSocketFactory();
  But my doubt is we are specifying only keystore name with that how it will check root.cert(ca) and client.cert and server.cert?
  Is there any modifications need in my code?
  Please tell me some way ...
  Thanks ,
  Prasad.

  Hi prasad,
  There will be a problem with the certificates being received from thr remote server or client. Check that your trust store contains the certificate of the remote machine or the CA that signed it and that the certificate has not expired.
  Also be sure that both machines are using the latest version of the JSSE.
  Hope this will help you.
  Regards,
  Anil.
  Technical Support Engineer.

• Keytool exporting certificate chain

  I went through the steps of generating a key pair with keytool and created a certificate signing request.
  Using openSSL I signed the certificate and imported it back into the keystore.
  When I run:
  keytool -list -v -keystore myKS.jks -alias my_site
  I see the certificate and it indicates its in a chain of two certificates. So far so good.
  However, when I export the certificate, only the site certificate is exported and not the full chain.
  How do I export the chain into a single file?
  If I can't, is there a way I can glue the root certificate and the site certificate into a single file?

  check this out
  http://www-106.ibm.com/developerworks/java/library/j-certgen/?ca=dgr-jw17j-certgen
  i hope it will help you.

• PKCS#11 Provider unable to fetch asymmetric keys and certificates

  Hi,
  I'm facing a problem while getting keys and certificate from Eracom HSM (ProtectServer Orange:38039 Model: PSO:PL50) using Sun PKCS#11 Provider. It gets only the symmetric keys but NEVER gets the asymmetric keys.
  My code snippet and configuration file are:
       Java Code:
       java.io.InputStream is = new java.io.FileInputStream("pkcs11.cfg");
  sun.security.pkcs11.SunPKCS11 pkcs11_provider = new sun.security.pkcs11.SunPKCS11(is);
  System.out.println("Provider Name : " + pkcs11_provider.getName());
  java.security.Security.addProvider(pkcs11_provider);
  KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11_provider);
  ks.load(null, "password".toCharArray());
  java.util.Enumeration obj_enumeration = ks.aliases();
  while (obj_enumeration.hasMoreElements()) {
  String str_certAlias = (String) obj_enumeration.nextElement();
  System.out.println("Alias : " + str_certAlias);
       pkcs11.cfg:
       name = Eracom
       library = G:\Eracom\cryptoki.dll
       slot = 0
       attributes(*, CKO_PRIVATE_KEY, *) = {
       CKA_TOKEN = false
       CKA_SENSITIVE = false
       CKA_EXTRACTABLE = true
       CKA_DECRYPT = true
       CKA_SIGN = true
       CKA_SIGN_RECOVER = true
       CKA_UNWRAP = true
       attributes(*, CKO_PUBLIC_KEY, *) = {
       CKA_ENCRYPT = true
       CKA_VERIFY = true
       CKA_VERIFY_RECOVER = true
       CKA_WRAP = true
  I also ran my program without specifying any attributes in configuration file, also tried many other combination, but in all cases (with or without attributes) only symmetric keys are loaded from HSM. I am able to get all keys (symmteric and asymmteric) and certificates from the same HSM using IAIK PKCS#11 Provider. Though, the Sun PKCS#11 Provider is working fine with SmartCard tokens (Rainbow, Alladin etc.)
  Any help to resolve my problem would be highly appreciated.
  Thanks in advance.

  I recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
  "There are two separate issues - one is that our current pkcs11
  release doesn't support ECDSA signature with SHA-2 hashes
  (the v11.00 firmware adds support for it, but the main release version of
  the pkcs11 library hasn't been updated to take advantage of it yet).
  There is a hotfix version that does support SHA-2 hashes with some
  restrictions, talk to [email protected] for details, and V11.10
  should be out soon and have that merged in.
  But the issue with setting CKA_SIGN is that our underlying HSM API
  allows elliptic curve keys to be either key exchange (ECDH) or
  signature (ECDSA) keys, but not both at one.
  At the PKCS #11 level, if you specify CKA_DERIVE=true and let
  CKA_SIGN default, it will default to false, and vice versa.
  If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
  return CKR_TEMPLATE_INCONSISTENT because we can't do both with
  the same key. (However, the tests using C_GetMechanismInfo will
  show that we can do both mechanisms, because we can - so long
  as you use different keys, even though they have the same PKCS#11
  type.)
  I can't comment on when or how that will be changed."
  I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
  Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
  Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
  Dave

• Webservice call failed during execution (SSL and certificates) on NetWeaver 7.30

  Hey experts,
  i need your help!
  We make webservice calls to sap me with our own software.
  We connect to our software via SSL and certificates e.g. https://host:50001/XMII/CM/POD/MEDialogsWeb.irpt
  At the beginning the software runs without any problems and than we become the following message on all our webservice:
  thats the webservice configurations
  (configuration - connectivity - single service administration):
  (configuration - security - authentication and single sign-on)
  if we restart the software after the error display, the webservice call runs successfully again.
  is it a timeout?
  can anybody help us?
  Thanks,
  Markus
  our system info:
  NetWeaver 7.30 Java
  SAP ME 6.0
  software runs log looks as following
  software doesn't runs log looks as following
  security Log Entry
  more info from security_00.0.log
  #2.0 #2014 06 06 14:51:17:136#+0200#Warning#/System/Security/WS#
  com.sap.ASJ.wssec.020142#BC-ESI-WS-JAV-RT#tc~sec~wssec~service#C0000A650AD826FF0000000100000BEC#3855850000000005#sap.com/me~ws#com.sap.engine.services.wssec.authentication#Guest#0##207092CAED7111E3A01A0000003AD5EA#23386e31ed7911e39d560000003ad5ea#23386e31ed7911e39d560000003ad5ea#0#Thread[HTTP Worker [@648881277],5,Dedicated_Application_Thread]#Plain##
  Received unsupported callback: com.sap.engine.interfaces.security.auth.SetLogonTicketCallback
  Received unsupported callback: com.sap.engine.lib.security.http.HttpSetterCallback
  Read data of type username and value  MEFLEX from wsse:Security header and set on module javax.security.auth.callback.NameCallback
  Read data of type username and value   from HTTP header and set on module javax.security.auth.callback.NameCallback
  Read data of type password and value  xxx from wsse:Security header and set on module javax.security.auth.callback.PasswordCallback
  Read data of type password and value  xxx from HTTP header and set on module javax.security.auth.callback.PasswordCallback
  Authentication for web service ShopOrderService, configuration ShopOrderService using security policy BASIC*SSO2*_*_*ws failed: Cannot authenticate the user.. (See SAP Note 880896 for further info).

  Hi,
  the authentication for the second call is failing. Have you tried suggest log level from note 880896 - Web Service authentication failure? I would also try to use something like SoapUI to test if the issue is caused by your application or something wrong on SAP side. Also coparing messages for the first and second calls might give you answer.
  Cheers

• JSSE client and server

  Hai all,
  I am trying to communicate jsse client and server.
  It is showing socket closed error.
  when will we get java.net.SocketException: Socket closed?
  please tell me way to sort this problem
  Thanks,
  Prasad.

  Hi prasad,
  There are two reasons for this error to occur
  java.net.SocketException: Socket closed
  (i)First is that the provider is not registered properly. Check your java.security files and make sure that you have created an entry for
  com.sun.net.ssl.internal.ssl.Provider.
  Then make sure that there are no extra java.security files on your hard drive that are being used by your runtime configure your providers. If there make sure to add the providers to them also.
  (ii) Secondly there may be problem with your keystore. Make sure that you are providing the proper file and password for your keystore.
  If you are using SSL socket server then check the following code:
  SSLServerSocketFactory ssf = (SSLServerSocketFactory )SSLServerSocketFactory.getDefault();
  ServerSocket ss = ssf.createServerSocket(PORT);
  Socket s = ss.accept();
  If you are using regular sockets, perform the following:
  ServerSocket ss = new ServerSocket(PORT);
  Hope this will help you.
  Regards,
  Anil.
  Technical Support Engineer.

• Applets and certificates in jdk1.4

  Hello all...
  I have an applet which imports the java.awt.Robot class. I can not use the methods from a html page due to security restrictions...
  I've searched high and wide for documentation on how to overcome this (as i am only going to be running this applet from my own machine)...i know it involved signing and certificates - i've tried several methods but none seem to work.....does anyone have an idea of exactly how i would go about getting this working??
  Thanks in advance........
  Johnno

  Johno
  If you're only going to run this 'applet' on your own machine why not write a program instead ?

• Problem with java.sql.Clob and oracle.sql.CLOB

  Hi,
  I am using oracle9i and SAP web application server. I am getClob method and storing that in java.sql.Clob and using the getClass().getName() I am getting the class name as oracle.sql.CLOB. But when I am trying to cast this to oracle.sql.CLOB i am getting ClassCastException. The code is given below
  java.sql.Clob lOracleClob = lResultSet.getClob(lColIndex + 1);
  lPrintWriter = new PrintWriter(new BufferedWriter (((oracle.sql.CLOB) lOracleClob).getCharacterOutputStream()));
  lResourceStatus = true;
  can anybody please tell me the what is the problem with this and solution.
  thanks,
  Ashok.

  Hi Ashok
  You can get a "ClassCastException" when the JVM doesn't have access to the specific class (in your case, "oracle.sql.CLOB").
  Just check your classpath and see if you are referring to the correct jar files.
  cheers
  Sameer
  PS: Please award points if you find the answer useful

• Problem with java swing button and loop

  Problem with java swing button and loop
  I�m using VAJ 4.0. and I�m doing normal GUI application. I have next problem.
  I have in the same class two jswing buttons named start (ivjGStart) and stop (ivjGStop) and private static int field named Status where initial value is 0. This buttons should work something like this:
  When I click on start button it must do next:
  Start button must set disenabled and Stop button must set enabled and selected. Field status is set to 1, because this is a condition in next procedure in some loop. And then procedure named IzvajajNeprekinjeno() is invoked.
  And when I click on stop button it must do next:
  Start button must set enabled and selected and Stop button must set disenabled.
  Field status is set to 0.
  This works everything fine without loop �do .. while� inside the procedure IzvajajNeprekinjeno(). But when used this loop the start button all the time stay (like) pressed. And this means that a can�t stop my loop.
  There is java code, so you can get better picture:
  /** start button */
  public void gStart_ActionEvents() {
  try {
  ivjGStart.setEnabled(false);
  ivjGStop.setEnabled(true);
  ivjGStop.setSelected(true);
  getJTextPane1().setText("Program is running ...");
  Status = 1;
  } catch (Exception e) {}
  /** stop button */
  public void gStop_ActionEvents() {
  try {
  ivjGStart.setEnabled(true);
  ivjGStart.setSelected(true);
  ivjGStop.setEnabled(false);
  getJTextPane1().setText("Program is NOT running ...");
  Status = 0;
  } catch (Exception e) {
  /** procedure IzvajajNeprekinjeno() */
  public void IzvajajNeprekinjeno() {  //RunLoop
  try {
  int zamik = 2000; //delay
  do {
  Thread.sleep(zamik);
  PreberiDat(); //procedure
  } while (Status == 1);
  } catch (Exception e) {
  So, I'm asking what I have to do, that start button will not all the time stay pressed? Or some other aspect of solving this problem.
  Any help will be appreciated.
  Best regards,
  Tomi

  This is a multi thread problem. When you start the gui, it is running in one thread. Lets call that GUI_Thread so we know what we are talking about.
  Since java is task-based this will happen if you do like this:
  1. Button "Start" is pressed. Thread running: GUI_Thread
  2. Event gStart_ActionEvents() called. Thread running: GUI_Thread
  3. Method IzvajajNeprekinjeno() called. Thread running: GUI_Thread
  4. Sleep in method IzvajajNeprekinjeno() on thread GUI_Thread
  5. Call PreberiDat(). Thread running: GUI_Thread
  6. Check status. If == 1, go tho 4. Thread running: GUI_Thread.
  Since the method IzvajajNeprekinjeno() (what does that mean?) and the GUI is running in the same thread and the event that the Start button has thrown isn't done yet, the program will go on in the IzvajajNeprekinjeno() method forever and never let you press the Stop-button.
  What you have to do is do put either the GUI in a thread of its own or start a new thread that will do the task of the IzvajajNeprekinjeno() method.
  http://java.sun.com/docs/books/tutorial/uiswing/index.html
  This tutorial explains how to build a multi threaded gui.
  /Lime

• Help! java wont download and I NEED it!

  Okay so I have tried to download every version of java I can and none of them are working and I need it for my website. I have os x 10.4.8 Tiger so I don't know why it won't work. Can anyone please help me out with this? Thank You.

  Well java should be installed by default as part of Mac OS X. I'm pretty sure both the Java runtime environment AND the software development kit should be included. Maybe be more specific with your question, I might be missing something.

• Help needed with Java 1.4 and xml Runtime problem

  I am working on a java 1.3 and JAXP1.1 written code. Now I want to compile and run it using J2SE 1.4. Here are the import statements from the existing code.
  import org.xml.sax.*;
  import org.xml.sax.helpers.DefaultHandler;
  import org.xml.sax.Locator;
  import javax.xml.parsers.SAXParser;
  import javax.xml.parsers.SAXParserFactory;
  import org.xml.sax.Attributes;
  import org.xml.sax.XMLReader;
  import org.xml.sax.InputSource;
  import java.sql.*;
  import java.net.*;
  import java.io.*;
  When I run the existing(using java 1.3 and Jaxp1.1) code I have to include the files crimson.jar and jaxp.jar in the windows 2000 CLASSPATH and works fine.
  But when I compile and run it using J2SE 1.4 which has the built in support for the saxp, I thought that I don't have to specify any CLASSPATH for the new 1.4 so I don't specify any Classpath and it gives me the Microsoft "ClassFactory cannot find the requested class" error which means that even thought the new java 1.4 has the xml classes as libraries yet it still requies some .jar files to be listed in the CLASSPATH.
  If I am right then what path will work(i.e what jar class I need to add to the CLASSPATH).
  Thanks for your help.
  RA.

  Thanks for your reply,
  I think I didn't specify when the error occurs. The ClassFactory related error occurs when I run the program, it compiles without any error.
  From what I understood somewhere in the java 1.4 docs, that the new 1.4 has the xml libraries built in by default so one doesn't need to give the classpaths just like we don't give any CLASSPATH for using swing and many of the other java packages. That is one thing.
  Second thing is that I also tried to use the java_xml_pack-spring02 and java_xml_pack-summer02; but non of them include the crimson.jar and the jaxp.jar files in them which are the 2 .jar files that makes the program run fine when used under the java 1.3 with combination of the jaxp1.1(which was downloaded seperately and then the CLASSPATH for it was set.).
  Can you please help what .jar files do I need to use instead. I tried to use the ones that the new java_xml_pack-spring02 and java_xml_pack-summer02 has for the jaxp in them.
  Thanks again.
  RA

• Server 2012 R2 - Essentials Experience - - I jacked my CA and certificates all to @#&$%!!

  Windows Server 2012 R2 - Essentials Experience
  In trying to put pieces together, I jacked my CA and certificates all to @#&$%!!
  Some of the factors involved are:
   Server0 - Hyper-V Host
    Server1 - DC, 2012 R2 Essentials Experience role
    Server2 - Exchange 2013
   Client Machines -
    Windows 7 Pro
    XP (Yes, these are my cross to bear... - worth noting their presence, but I'm working them out) 
   The functional requirements:
    Anywhere Access for Remote users
     - Remote Desktop for Windows 7 machines
    Outlook Web Access
  The mistake... 'Web Application Proxy'
   -which uninstalled the CA
  There is a CA back now, but after days of spinning in cirles in a rare area where I feel nearly completely lost (Certificate services) I am asking for help getting these pieces put back together.
  The current situation:
   The network is up with all of the network and business services required to work 'Inside the Office' - so the client is "functional".
   The "Essentials Experience" is broken and won't install to the clients, though it does provide the Essentials website, access to server shared files (fairly gracefully, I might add) and, as an administrator user, I can get to the servers via
  RWA through the site and there are no certificate problems with that since I have a secured certificate for the domain. 
   OWA has been moved to a further back burner while I try to get the Essentials Experience functioning t the point where the remote users can get to their workstations through RWA... This is the biggest current hurdle... RWA for the clients.
  Trying to install the client to the workstations nets me the "The Server is not available.  Try connecting this computer again,..." message at the point of username and password authentication.
  The clientdeploy.log finishes like this:
   [4976] 141016.153746.2670: ClientSetup: Standard Error:
   [4784] 141016.153746.2670: ClientSetup: The exit code of the process (C:\Windows\system32\nslookup.exe) is: 0
   [4784] 141016.153746.2670: ClientSetup: Set CD Fail reason 10 for SQM in ClientDeployment.exe
   [4784] 141016.153746.2670: ClientSetup: RecordClientDeploymentFailReason: Save registry failed in ClientDeployment.exe : System.UnauthorizedAccessException: Cannot write to the registry key.
    at Microsoft.Win32.RegistryKey.EnsureWriteable()
    at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(String subkey, RegistryKeyPermissionCheck permissionCheck, Object registrySecurityObj, RegistryOptions registryOptions)
    at Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck)
    at Microsoft.WindowsServerSolutions.ClientSetup.ClientDeploy.Helper.RecordClientDeploymentFailReason(UInt32 failReason)
   [4784] 141016.153746.2670: ClientSetup: Exiting ValidateUserTask.Run
   [4784] 141016.153746.2670: ClientSetup: Task with Id=ClientDeploy.ValidateUser has TaskStatus=Failed
   [4784] 141016.153746.2670: ClientSetup: Task with Id=ClientDeploy.ValidateUser has RebootStatus=NoReboot
   [4784] 141016.153746.2670: ClientSetup: Exting ConnectorWizardForm.RunTasks
   [1272] 141016.153755.0976: ClientSetup: Back from the Client Deployment Wizard
   [1272] 141016.153755.0976: ServerDiscovery:HostsFileUpdater: Removing hosts file entry: 1-WGB-01
   [1272] 141016.153755.0976: ClientSetup: Saving Wizard Data
   [1272] 141016.153755.0976: ClientSetup: End of ClientDeploy: ErrorCode=1603
  The computerconnector.log shows nothing of value.
  What I want to accomplish as a 'first step' toward recovery is to get the workstations properly connected so they show up in the Dashboard 'Devices' pane and can be managed and access by the Essentials tools.
  Secondarily, I would like to get the client side tools in place and functioning (I expect the latter will be a side effect of the former).
  So,... for anyone patient enough to have read this far... uh,... help?

  Actually,... I can now confirm the delicacy of which you speak...
  After a support incident with Microsoft which spanned a marathon 18+ hours on the phone and remote access by no fewer than 7 Microsoft Engineers, we got to a successful result. 
  It is a point of utter frustration for me when people put in threads like this then don't bother to come back and report 'how the issue was solved', and sadly, I am about to have done that merely because my span of functional attention and valuable reporting
  capability was basically gone before I submitted the ticket and following all that was done in my state was not conceivably possible. 
  So - all I can do is apologize for not being able to report a valuable resolution and give a few little tidbits.
  The net result is this - DO WHAT YOU CAN TO AVOID THE SITUATION IN THE FIRST PLACE.  Once your CA is in place, LEAVE IT THE $%@& ALONE!!!!  I mean... my best current advice.
  In all, the CA was uninstalled and reinstalled 4 times after my blunder and significant work was done in ADSIEdit as well as substantial manual manipulation of certificates and CAs that was well outside of my (quite considerable) scope of expertise.
  I wish I had more to offer in the world of resolution.
  With this said, I will make one more request of viewers and moderators alike:
  THIS QUESTION IS OFFICIALLY NOT ANSWERED.  IT WILL NEVER BE ANSWERED.  THE RESOLUTION IS NOT AVAILABLE TO THE MORTAL MAN.
  DO NOT MARK IT AS ANSWERED
  IF YOU MUST DO SOMETHING, DELETE THE WHOLE THREAD, BUT DO NOT BURDON PEOPLE WHO ARE LOOKING FOR REAL ANSWERS WITH THE NECESSITY OF READING THROUGH THIS.
  DO NOT MARK THIS QUESTION AS ANSWERED
  I hope this makes sense for people, and I hope people will appreciate NOT having to read this as though there is some 'resolution' contained within.

• Why not Deprecate java.util.Date and java.util.Calendar

  With the introduction of java.time, why did you not flag java.util.Date and java.util.Calendar. These classes have been a bane to every Java developer and should never be used again with the introduction of Java 1.8.

  Adding the @Deprecated annotation would only just provide a warning about an old API and recommendation to the developer(s) to no longer use it. Doing so would not break any existing library out there; in fact quite a number of constructors and methods on the Date class have already been flagged deprecated.
  The new java.time package is far superior to Date/Calendar.

• Possible to extend java Concurrent Program and replace standard??

  Hi All!
  i have following developing need. There is a java concurrent program POXPOPDF (PO Output for Communication). The customer needs this program to do actually something complete different than printing the PO in PDF. The executable for this CP is java class PoGenerateDocumentCP in oracle.apps.po.communicate package.
  We thought that we may be able to extend that class and then in some way made OA to use the extended java class instead of the standard. This is possbile and simple for OA Framework pages unsing classes as controllers, but I don't know how it could be done for CP (if there's a way to do it without violent intervention in standard system).. Is it possbile, can anyone help me with this.
  The thing is that instead of reformatting the XML returned from PO_COMMUNICATION_PVT.POXMLGEN (function POXMLGEN in database package PO_COMMUNICATION_PVT) into PDF we want to reformat into another XML and then send it in other way to a webservice. Once I have the XML from POXMLGEN I have no problem to reformat it into another XML (I think, I have done it iwith other issues/processes). The webservice and the call to it is no problem and is already use with other purposes in other processes, but here (replaceing this stadard java class for an extension/new one) I am a little lost.
  Appreciate very much your help.
  Regards,
  Patricia

  Never mind, I see now that FND_REQUEST.SUBMIT_REQUEST() really does work, I tried with a different standard java concurrent program and it worked fine, and then I figured out that my parameters into fnd_request.submit_request for concurrent program APXVVCF4 were not correct (application short name was invalid for concurrent program).
  Thanks for the Info!