JWSDP 1.5: Certificates for XWS-Security samples expired April 9

The digitial certificates supplied with the XWS-Security samples in JWSDP 1.5 (e.g., JWSDP_HOME/xws-security/etc/client-truststore.jks) expired April 9, 2005. The XWSS sample programs now fail because the certificates are invalid. Are newer versions of the truststores available to replace the existing truststores, or do I need reinstall JWSDP to get newer certificates?
Thanks,
Mike

I am having the same problem. I tried creating my own RSA keys with the same aliases, self signing them and putting them into the key/trust stores but still get errors. What procedure is there to replace them? Included below are my steps for dropping the certs and adding in new self signed ones, that I tried.
Josh
keytool -delete -keystore server-keystore.jks -alias s1as -storepass changeit
keytool -delete -keystore client-truststore.jks -alias s1as -storepass changeit
keytool -genkey -keyalg RSA -alias s1as -keystore server-keystore.jks -dname "cn=Client" -keypass changeit -storepass changeit
keytool -selfcert -alias s1as -keystore server-keystore.jks -keypass changeit -storepass changeit
keytool -export -keystore server-keystore.jks -alias s1as -storepass changeit -file s1as
keytool -import -alias s1as -keystore client-truststore.jks -storepass changeit -file s1as
keytool -delete -keystore client-keystore.jks -alias xws-security-client -storepass changeit
keytool -delete -keystore server-truststore.jks -alias xws-security-client -storepass changeit
keytool -genkey -keyalg RSA -alias xws-security-client -keystore client-keystore.jks -dname "cn=Client" -keypass changeit -storepass changeit
keytool -selfcert -alias xws-security-client -keystore client-keystore.jks -keypass changeit -storepass changeit
keytool -export -keystore client-keystore.jks -alias xws-security-client -storepass changeit -file xws-security-client
keytool -import -alias xws-security-client -keystore server-truststore.jks -storepass changeit -file xws-security-client

Similar Messages

  • Jwsdp-1.4/xws-security/samples/simple/build.xml:108: wsdeploy failed

    Hi everyone,
    I am trying to deploy the simple sample for xws-security in the JWSDP 1.4 on redhat 9.0, I have done all the configurations as suggested by the tutorial and the readme file in the sample. But when I tried to run the sample by running "asant run-sample", I got a "wsdeploy failed" error. It looks like the following and happened at the "process-war" stage: (The earlier targets including "clean", "prepare", "gen-server", "compile-server", " set-web-inf", "raw-war" etc. work fine).
    [snip]
    process-war:
    [echo] Running wsdeploy...
    [wsdeploy] Exception in thread "main" java.lang.NoSuchMethodError: org.apache.xml.dtm.ref.sax2dtm.SAX2DTM.<init>(Lorg/apache/xml/dtm/DTMManager;Ljavax/xml/transform/Source;ILorg/apache/xml/dtm/DTMWSFilter;Lorg/apache/xml/utils/XMLStringFactory;ZIZZ)V
    [wsdeploy] at org.apache.xml.dtm.ref.sax2dtm.SAX2DTM2.<init>(SAX2DTM2.java:1901)
    [wsdeploy] at org.apache.xalan.xsltc.dom.SAXImpl.<init>(SAXImpl.java:767)
    [wsdeploy] at org.apache.xalan.xsltc.dom.XSLTCDTMManager.getDTM(XSLTCDTMManager.java:324)
    [wsdeploy] at org.apache.xalan.xsltc.dom.XSLTCDTMManager.getDTM(XSLTCDTMManager.java:267)
    [wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.getDOM(TransformerImpl.java:477)
    [wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:637)
    [wsdeploy] at org.apache.xalan.xsltc.trax.TransformerImpl.transform(TransformerImpl.java:317)
    [wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.DeployTool.defineServletsAndListeners(DeployTool.java:553)
    [wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.DeployTool.run(DeployTool.java:255)
    [wsdeploy] at com.sun.xml.rpc.util.ToolBase.run(ToolBase.java:43)
    [wsdeploy] at com.sun.xml.rpc.tools.wsdeploy.Main.main(Main.java:22)
    [wsdeploy] Command invoked: /work/nzw3/SUNWappserver/jdk/jre/bin/java -classpath /work/nzw3/SUNWappserver/lib/endorsed/dom.jar:/work/nzw3/SUNWappserver/lib/endorsed/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/endorsed/xalan.jar:/work/nzw3/SUNWappserver/lib/ant/lib/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/ant/lib/ant.jar:/work/nzw3/SUNWappserver/lib/ant/lib/xml-apis.jar:/work/nzw3/SUNWappserver/lib/ant/lib/optional.jar:/work/nzw3/SUNWappserver/lib/soapprocessor.jar:/work/nzw3/SUNWappserver/lib/jaxr-api.jar:/work/nzw3/SUNWappserver/lib/saaj-api.jar:/work/nzw3/SUNWappserver/lib/activation.jar:/work/nzw3/SUNWappserver/lib/security-plugin.jar:/work/nzw3/SUNWappserver/lib/jaxb-xjc.jar:/work/nzw3/SUNWappserver/lib/jax-qname.jar:/work/nzw3/SUNWappserver/lib/jhall.jar:/work/nzw3/SUNWappserver/lib/xmlsec.jar:/work/nzw3/SUNWappserver/lib/j2ee-svc.jar:/work/nzw3/SUNWappserver/lib/deployment/sun-as-jsr88-dm.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-sec.jar:/work/nzw3/SUNWappserver/lib/mail.jar:/work/nzw3/SUNWappserver/lib/appserv-admin.jar:/work/nzw3/SUNWappserver/lib/jaxb-impl.jar:/work/nzw3/SUNWappserver/lib/appserv-cmp.jar:/work/nzw3/SUNWappserver/lib/appserv-jstl.jar:/work/nzw3/SUNWappserver/lib/jaxb-libs.jar:/work/nzw3/SUNWappserver/lib/jwsdp-tools-lib/jax-qname.jar:/work/nzw3/SUNWappserver/lib/jwsdp-tools-lib/namespace.jar:/work/nzw3/SUNWappserver/lib/jaxr-impl.jar:/work/nzw3/SUNWappserver/lib/xercesImpl.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-spi.jar:/work/nzw3/SUNWappserver/lib/verifier/verifierhelp.jar:/work/nzw3/SUNWappserver/lib/xalan.jar:/work/nzw3/SUNWappserver/lib/appserv-upgrade.jar:/work/nzw3/SUNWappserver/lib/appserv-assemblytool.jar:/work/nzw3/SUNWappserver/lib/deployhelp.jar:/work/nzw3/SUNWappserver/lib/j2ee.jar:/work/nzw3/SUNWappserver/lib/xmldsig.jar:/work/nzw3/SUNWappserver/lib/commons-logging.jar:/work/nzw3/SUNWappserver/lib/saaj-impl.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-impl.jar:/work/nzw3/SUNWappserver/lib/appserv-tags.jar:/work/nzw3/SUNWappserver/lib/appserv-ext.jar:/work/nzw3/SUNWappserver/lib/relaxngDatatype.jar:/work/nzw3/SUNWappserver/lib/admin-cli.jar:/work/nzw3/SUNWappserver/lib/jaxrpc-api.jar:/work/nzw3/SUNWappserver/lib/jsf-api.jar:/work/nzw3/SUNWappserver/lib/jaxb-api.jar:/work/nzw3/SUNWappserver/lib/install/applications/__cp/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/__ds/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/__xa/jdbc.jar:/work/nzw3/SUNWappserver/lib/install/applications/jmsra/imqjmsra.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/cc.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admingui-jsp.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/framework.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/jato.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin-en.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/admin-xml.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/framework-en.jar:/work/nzw3/SUNWappserver/lib/install/applications/admingui/adminGUI_war/WEB-INF/lib/help.jar:/work/nzw3/SUNWappserver/lib/install/applications/samples.jar:/work/nzw3/SUNWappserver/lib/install/applications/com_sun_web_ui/WEB-INF/lib/registrationservlet.jar:/work/nzw3/SUNWappserver/lib/install/applications/jaxr-ra/jaxr-ra.jar:/work/nzw3/SUNWappserver/lib/commons-launcher.jar:/work/nzw3/SUNWappserver/lib/jsf-impl.jar:/work/nzw3/SUNWappserver/lib/sun-appserv-ant.jar:/work/nzw3/SUNWappserver/lib/appserv-rt.jar:/work/nzw3/SUNWappserver/lib/xsdlib.jar:/work/nzw3/j2sdk1.4.2_04/lib/tools.jar com.sun.xml.rpc.tools.wsdeploy.Main -keep -tmpdir /work/nzw3/jwsdp-1.4/xws-security/samples/simple/build/server -o /work/nzw3/jwsdp-1.4/xws-security/samples/simple/dist/securesimple.war /work/nzw3/jwsdp-1.4/xws-security/samples/simple/dist/simple-portable.war
    BUILD FAILED
    file:/work/nzw3/jwsdp-1.4/xws-security/samples/simple/build.xml:108: wsdeploy failed
    If anyone has any idea about this problem, please let me know.
    Many thanks,
    Jake

    Hello again,
    I got progress today, but still have some errors for the simple sample in the xws-security . (I am running on Redhat 9.0 and with Sun Java System Application Server 8) Looks like the sending message is ok, but at the receiving message stage, I got the following errors when running "asant run-sample":
    [snip]
    run-sample:
    [echo] Running the simple.TestClient program....
    [java] Service URL=http://giga15.ncl.ac.uk:8080/securesimple/Ping
    [java] Sep 8, 2004 1:14:19 AM com.sun.xml.wss.filter.DumpFilter process
    [java] INFO: ==== Sending Message Start ====
    [java] <?xml version="1.0" encoding="UTF-8"?>
    [java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    [java] <env:Header>
    [java] <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" env:mustUnderstand="1">
    [java] <wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="Id4487442798885738858">MIIFKDCCBBCgAwIBAgICBl4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVUsxETAPBgNVBAoT
    [java] CGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMTAkNBMS0wKwYJKoZIhvcNAQkB
    [java] Fh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswHhcNMDQwMjEwMTQzMDUyWhcNMDUwMjA5
    [java] MTQzMDUyWjBcMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNjaWVuY2UxEjAQBgNVBAsTCU5ld2Nh
    [java] c3RsZTEPMA0GA1UEBxMGTkVSZVNDMRUwEwYDVQQDEwxqYWtlIHpoZW5nd3UwgZ8wDQYJKoZIhvcN
    [java] AQEBBQADgY0AMIGJAoGBAO7B3texMjuzdA6zT6/F/hx3U4a+iWglhNWptB3JerhHHu7El0HkWky0
    [java] 9AzYVKZ7Y3n5qpgmSOe16a2MKySii5ud44DABj+3qkRBzkb/LDgNuF02X/XORbFbuZYEWwCHckZI
    [java] xQ50vJpdxJQqLOwrhMP48RXNBzrdXo9iYfcWP5cnAgMBAAGjggJiMIICXjAMBgNVHRMBAf8EAjAA
    [java] MBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCA+gwLAYJYIZIAYb4QgENBB8WHVVLIGUt
    [java] U2NpZW5jZSBVc2VyIENlcnRpZmljYXRlMB0GA1UdDgQWBBRlyb19GkybkmGa6QnQ9fPZ7mQ+NzCB
    [java] mgYDVR0jBIGSMIGPgBQCOKsRo5aAiw3TFSsIpY4w2rLaqKF0pHIwcDELMAkGA1UEBhMCVUsxETAP
    [java] BgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMTAkNBMS0wKwYJKoZI
    [java] hvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWuCAQAwKQYDVR0SBCIwIIEeY2Et
    [java] b3BlcmF0b3JAZ3JpZC1zdXBwb3J0LmFjLnVrMBkGA1UdIAQSMBAwDgYMKwYBBAHZLwEBAQEEMD0G
    [java] CWCGSAGG+EIBBAQwFi5odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL2NnaS1iaW4vaW1wb3J0
    [java] Q1JMMD0GCWCGSAGG+EIBAwQwFi5odHRwOi8vY2EuZ3JpZC1zdXBwb3J0LmFjLnVrL2NnaS1iaW4v
    [java] aW1wb3J0Q1JMMDwGCWCGSAGG+EIBBwQvFi1odHRwOi8vY2EtcmVuZXcuZ3JpZC1zdXBwb3J0LmFj
    [java] LnVrL3JlbmV3Lmh0bWwwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQtc3VwcG9ydC5h
    [java] Yy51ay9jZ2ktYmluL2ltcG9ydENSTDANBgkqhkiG9w0BAQQFAAOCAQEAgdN714aoC53Wef9JGaDD
    [java] PDJkmgmwVbL8ZuovBpORFsgy2GOPgIdtw15qTQx1NFbsFqW2I7d/9AteeXAk3sUGUODOvq8loeYB
    [java] iA+QofduwJ0VWO8TZ0e+7+J3cDQKbsukptRJd2L2W8PeCNPojCRkfiV/nT6BiF5yjh4Ui5e+pWGw
    [java] t3oN1qFDZViCFOTiB6Koi0MB+cu47gOEIxBQfP8jTEyf/SSy4RzjI+7C1LpDYCZpO/jqXMb67j9b
    [java] KdcmlWhMrzNOyRDM7A11rt5nBMABgRVAJsdBZIDevfKJ/kRGxUHGHqf8Pg+3qK22mNwMN8U2plr7
    [java] TgORAx6aOn4EQP2AzA==</wsse:BinarySecurityToken>
    [java] <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    [java] <ds:SignedInfo>
    [java] <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    [java] <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    [java] <ds:Reference URI="#Id5553294937503469412">
    [java] <ds:Transforms>
    [java] <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    [java] </ds:Transforms>
    [java] <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    [java] <ds:DigestValue>AcRqiIoxfOWauZ/FDnng4D1C5WU=</ds:DigestValue>
    [java] </ds:Reference>
    [java] </ds:SignedInfo>
    [java] <ds:SignatureValue>
    [java] omVS7TF+IqESZuMcRdsFfet8INaU4J9Vall1oGaPMRoEkc9xks+YK2ew4nG7hSekITwJrQLx42hH
    [java] Vb6HvEdWgsIrjOJslqQILQkYU7qdoptb6OEgY5lHQpjUJaTKNn4krsDXgpwZieQE45Gcu/zuP4eY
    [java] v8yMhUwVUE8xHy+6dLs=
    [java] </ds:SignatureValue>
    [java] <ds:KeyInfo>
    [java] <wsse:SecurityTokenReference>
    [java] <wsse:Reference URI="#Id4487442798885738858" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    [java] </wsse:SecurityTokenReference>
    [java] </ds:KeyInfo>
    [java] </ds:Signature>
    [java] </wsse:Security>
    [java] </env:Header>
    [java] <env:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id5553294937503469412">
    [java] <ns0:Ping>
    [java] <ns0:ticket>SUNW</ns0:ticket>
    [java] <ns0:text>Hello !</ns0:text>
    [java] </ns0:Ping>
    [java] </env:Body>
    [java] </env:Envelope>
    [java] ==== Sending Message End ====
    [java] Sep 8, 2004 1:14:23 AM com.sun.xml.wss.filter.DumpFilter process
    [java] INFO: ==== Received Message Start ====
    [java] <?xml version="1.0" encoding="UTF-8"?>
    [java] <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    [java] <env:Body>
    [java] <env:Fault>
    [java] <faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:InvalidSecurityToken</faultcode>
    [java] <faultstring>Certificate validation failed</faultstring>
    [java] </env:Fault>
    [java] </env:Body>
    [java] </env:Envelope>
    [java] ==== Received Message End ====
    [java] Sep 8, 2004 1:14:23 AM com.sun.xml.wss.filter.ProcessSecurityHeaderFilter process
    [java] WARNING: Message does not contain wsse:Security header
    [java] Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: Certificate validation failed
    [java] at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:515)
    [java] at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
    [java] at simple.PingPort_Stub.ping(PingPort_Stub.java:80)
    [java] at simple.TestClient.main(TestClient.java:37)
    [java] Java Result: 1
    I don't know if I have configured anything wrong. Basically, i just want to sign the outgoing soap message with my own p12 format certificate, hence I have chosen the following in the $JWSDP_HOME/xws-security/samples/simple/build.properties :
    client.security.config=config/sign-client.xml
    server.security.config=config/dump-server.xml
    Also, according to the last section of the jWSDP release notes at http://java.sun.com/webservices/docs/1.4/ReleaseNotes.html#KnownIssues
    I added these two changes,
    1. In the <jwsdp.home>/xws-security/samples/buildconfig/sjsas-config.xml file, delete the original .... app.classpath element definition and replace it with the following definition:
    <path id="app.classpath">
    <fileset dir="${sjsas.home}/lib/endorsed">
    <include name="dom.jar"/>
    </fileset>
    <fileset dir="${sjsas.home}/lib">
    <include name="*.jar"/>
    </fileset>
    <fileset dir="${javahome}/lib">
    <include name="tools.jar"/>
    </fileset>
    </path>
    2. In the <as.home>/domains/domain1/config/server.policy file, add the following configurations to the server.policy file, for the securesimple sample and pingservice samples, respectively.
    // These permissions apply to securesimple webapp grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/securesimple/WEB-INF/-" {
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission javax.security.auth.AuthPermission "modifyPublicCredentials"; permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
    permission javax.security.auth.AuthPermission "getSubject";
    permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.x500.X500PrivateCredential * \"*\"","read";
    permission java.security.SecurityPermission "putProviderProperty.BC";
    Moreover, has the sent message really been signed correctly? how can I tell the message has been signed by my own certificate? I have done the following:
    1. In the $JWSDP_HOME/xws-security/samples/simple/config/sign-client.xml, change to
    <xwss:SecurityConfiguration
    xmlns:xwss="http://com.sun.xml.wss.configuration" dumpMessages="true">
    <xwss:Sign/>
    </xwss:SecurityConfiguration>
    2. In the $JWSDP_HOME/xws-security/samples/simple/config/build.xml, change to something like the following in the run-sample target,
    <sysproperty key="javax.net.ssl.keyStore" value="/work/nzw3/jakenew.p12"/>
    <sysproperty key="javax.net.ssl.keyStorePassword" value="jake"/>
    <sysproperty key="javax.net.ssl.keyStoreType" value="pkcs12"/>
    I didn't change anything about truststore.
    What was the problem? What have I done wrong?
    Many thanks,
    Jake

  • Compilation error- xws-security sample aplication for signing

    hi
    I tried to run the sample application (xws-security) in JWSDP 1.6 but i am getting the following error.
    [echo] Running wscompile....
    [wscompile] C:\Sun\jwsdp-2.0\xws-security\samples\simple\build\server\WEB-INF\c
    asses\simple\PingService.java:10: cannot access java.lang.Object
    [wscompile] bad class file: C:\Sun\AppServer\jdk\jre\lib\rt.jar(java/lang/Objec
    .class)
    [wscompile] class file has wrong version 49.0, should be 48.0
    [wscompile] Please remove or make sure it appears in the correct subdirectory o
    the classpath.
    [wscompile] public interface PingService extends javax.xml.rpc.Service {
    [wscompile] ^
    [wscompile] 1 error
    [wscompile] error: compilation failed, errors should have been reported

    it worked ....thank you ghstark

  • Errors trying to run the xws-security sample app

    Hi all,
    I'm geting errors trying to compile the xws-security sample app, does anyone have any advice? Thanks in advance!
    [kerzhner@kerzhner]~/jwsdp-1.5/xws-security/samples/simple% ant run-sample Buildfile: build.xml
    clean:
    [delete] Deleting directory /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build
    [delete] Deleting directory /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/dist
    as8-check:
    ws-check:
    tc-check:
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/client/classes
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/server/WEB-INF/classes
    [mkdir] Created dir: /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/dist
    compile-handler-code:
    [echo] Compiling the handler source code
    [javac] Compiling 1 source file to /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build/server/WEB-INF/classes
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:0: error: malformed .zip archive in CLASSPATH: /home/kerzhner/jdk1.5.0_03/lib/tools.jar/
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:25: error: Class or interface `java.security.cert.X509CertSelector' not found in import.
    [javac] import java.security.cert.X509CertSelector;
    [javac] ^
    [javac] /home/kerzhner/jwsdp-1.5/xws-security/samples/simple/src/com/sun/xml/wss/sample/SecurityEnvironmentHandler.java:535: error: Type `X509CertSelector' not found in the declaration of the local variable `certSelector'.
    [javac] X509CertSelector certSelector = new X509CertSelector();
    [javac] ^
    [javac] 2 errors
    BUILD FAILED
    file:/home/kerzhner/jwsdp-1.5/xws-security/samples/simple/build.xml:68: Compile failed; see the compiler error output for details.

    Resolved. It was a space issue. Deleted a couple of old apps and have now installed the Sample Websheet Application.

  • How to Use a Certificate for Two Way SSL and another certificate for WS Security Header at Client Console Application(C# Dotnet)

    Hi,
    I want to consume a Java Web service from Dotnet based client Application. The service require one Certificate("abc.PFX") for Two Way SSL purpose and another certificate("xyz.pfx") for WS security purpose to be passed from client Application(Dotnet
    Console based). I tried configuring the App.config of Client application to pass both the certs but getting Error says:
    Could not establish secure channel for SSL/TLS with authority "******aaaa.com"
    Please suggest how to pass both the certs from client Application..

    Hi,
    This problem can be due to an Untrusted certificate. So you need just full permissions to certificates.
    And for more information, you could refer to:
    http://contractnamespace.blogspot.jp/2014/12/could-not-create-secure-channel-fix.html
    Regards

  • Suddenly getting a warning about a self issued certificate for a secure connection failure..is this a spoof?

    when starting up firefox, our fortigate firewall has started issuing a warning..
    "Secure connection failed- s-static.ak.fbcdn.net:443 uses of invalid security certificate. The certificate is not trusted because it is self signed. The certificate is valid for FGT50B3G10615174 Fortinet. (Error code: sec_errror_ca_cert_invalid). This could be a problem with the server's configuration or it could be someone trying to impersonate the server.
    If you have connected to the server successfully i the past the error may be temporary and you can try it again later."
    This error is coming up on more than one computer when going into Firefox.

    Try to disable secure connection in Facebook.
    *[https://www.facebook.com/settings?tab=security#!/settings?tab=security&amp;section=browsing&t]

  • A security certificate for "Adobe Acrobat" was expired in July and it asked to "update" my computer.....I declined.....a good response?

    I got a request to update Adobe Acrobat before I got onto the internet. When I queried the information it displayed a certificate that expired in July. I exited all. Did I do the correct and safe thing?

    That does sound a bit suspicious.
    To update Adobe Acrobat or Adobe Reader, I suggest using the Help menu inside your Adobe product and then "Check for Updates." This should reach out directly to Adobe and let you know whether you need an update.
    I should note that if you use Mozilla's plugin checker website ([https://www.mozilla.org/plugincheck/]), it only considers Reader/Acrobat XI (11) to be up-to-date. If you prefer Reader/Acrobat X (10), you have to rely on Adobe's internal update checker instead of Mozilla's.

  • JWSDP 1.6 xws-security Simple fails with "block not properly padded"

    Environment:
    - Windows 2000
    - Tomcat50-jwsdp
    - JAVA_HOME=C:/Progra~1/Java/jdk1.5.0_05
    - Security environment handler: SecurityEnvironmentHandler.java supplied with JWSDP 1.6 (Hello, Ron!)
    I get the following in the Tomcat Window:
    ==== Received Message End ====
    Nov 13, 2005 10:38:56 AM com.sun.org.apache.xml.internal.security.encryption.XMLCipher decryptKey
    INFO: Decryption of key type http://www.w3.org/2001/04/xmlenc#tripledes-cbc OK
    Nov 13, 2005 10:38:56 AM com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor decryptElementWithCipher
    SEVERE: WSS_ENC0004: Exception [ Given final block not properly padded ] while trying to decrypt message
    Nov 13, 2005 10:38:56 AM com.sun.xml.wss.impl.filter.DumpFilter process
    INFO: ==== Sending Message Start ====
    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:enc="http://schemas.xmlsoap.org/soap/enco
    ding/" xmlns:ns0="http://xmlsoap.org/Ping" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.or
    g/2001/XMLSchema-instance">
    <env:Body>
    <env:Fault>
    <faultcode xmlns:ans1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ans1:Fail
    edCheck</faultcode>
    <faultstring>Unable to decrypt message</faultstring>
    </env:Fault>
    </env:Body>
    </env:Envelope>
    ==== Sending Message End ====
    Please help!
    George

    Hi, I got the xws-security/samples/simple application
    working successfully with my own keystores. I have 2
    questions regarding this sample application.
    1) When running the application with the
    encrypt-server.xml and encrypt-client.xml
    configuration, why is it necessary to import the
    client's certificate into the server's truststore and
    the server's certificate into client's truststore when
    their certificates have already been signed by a
    trusted root CA (e.g. Verisign), whose certificate is
    in both truststores? Shouldn't their certificates
    containing their public keys get automatically
    exchanged during the connection request? It's a pain
    to publish a web service and expect a manual public
    certificate import for each client wanting to use the
    service.Certificates are sent only when the keyReferenceType is "Direct" which is the default. It's possible that our code is checking the certificate sent with one found in the KeyStore, but a quick scan of the code doesn't show it. If that's what's happening it's a bug. All of the other key reference strategies send only a referece to the sender's certificate in which case the reciever must have a copy of that certificate in its keystore.
    2) I use Tomcat to run the sample application and did
    set up the SSL connector to point to the keystores.
    When the client connects to the server, it uses a
    http endpoint not https. I'm aware that htpps is
    needed for SSL support but not clear on where does
    https come into play during the client's
    request/server's response process.We share the SSL keystore so that certificates don't have to be stored in more than one place. The functionality of XWS-Security and SSL is logically the same so it make sense to use the same keystore. XWS-Security operates completely separately from the transport and never knows whether HTTPS is in use or not.
    Phil Goodwin
    Technical Lead
    XWS-Security

  • Jwsdp-1.4 xws-security

    Hi, I got the xws-security/samples/simple application working successfully with my own keystores. I have 2 questions regarding this sample application.
    1) When running the application with the encrypt-server.xml and encrypt-client.xml configuration, why is it necessary to import the client's certificate into the server's truststore and the server's certificate into client's truststore when their certificates have already been signed by a trusted root CA (e.g. Verisign), whose certificate is in both truststores? Shouldn't their certificates containing their public keys get automatically exchanged during the connection request? It's a pain to publish a web service and expect a manual public certificate import for each client wanting to use the service.
    2) I use Tomcat to run the sample application and did set up the SSL connector to point to the keystores. When the client connects to the server, it uses a http endpoint not https. I'm aware that htpps is needed for SSL support but not clear on where does https come into play during the client's request/server's response process.

    Hi, I got the xws-security/samples/simple application
    working successfully with my own keystores. I have 2
    questions regarding this sample application.
    1) When running the application with the
    encrypt-server.xml and encrypt-client.xml
    configuration, why is it necessary to import the
    client's certificate into the server's truststore and
    the server's certificate into client's truststore when
    their certificates have already been signed by a
    trusted root CA (e.g. Verisign), whose certificate is
    in both truststores? Shouldn't their certificates
    containing their public keys get automatically
    exchanged during the connection request? It's a pain
    to publish a web service and expect a manual public
    certificate import for each client wanting to use the
    service.Certificates are sent only when the keyReferenceType is "Direct" which is the default. It's possible that our code is checking the certificate sent with one found in the KeyStore, but a quick scan of the code doesn't show it. If that's what's happening it's a bug. All of the other key reference strategies send only a referece to the sender's certificate in which case the reciever must have a copy of that certificate in its keystore.
    2) I use Tomcat to run the sample application and did
    set up the SSL connector to point to the keystores.
    When the client connects to the server, it uses a
    http endpoint not https. I'm aware that htpps is
    needed for SSL support but not clear on where does
    https come into play during the client's
    request/server's response process.We share the SSL keystore so that certificates don't have to be stored in more than one place. The functionality of XWS-Security and SSL is logically the same so it make sense to use the same keystore. XWS-Security operates completely separately from the transport and never knows whether HTTPS is in use or not.
    Phil Goodwin
    Technical Lead
    XWS-Security

  • Xws-security web service

    Hi guys,
    I finished running the xws-security samples in the JWSDP, and start trying to build a web services with xws-security feature.
    I copied the "config" folder containing config xml files, and the build.properties file from the sample to my own netbeans project folder. The build file was modified as well. I simply added the "-security" option followed by the path of the config file to the <wscompile> tag in the build file.
    <wscompile sourceBase="${build.generated.dir}/wsservice" features="${wscompile.service.sec.features}" config="${sec.config.name}"
    mapping="${build.web.dir.real}/WEB-INF/${sec.mapping}" classpath="${wscompile.classpath}:${build.classes.dir.real}:${javac.classpath}"
    nonClassDir="${build.web.dir.real}/WEB-INF/wsdl"
    verbose="true" xPrintStackTrace="true" base="${build.generated.dir}/wsbinary"
    keep="true"
    fork="true"
    define="true"
    security="${client.security.config}"/>No errors came out during the Build process. However, I looked in to the wsdl file created, and found that it seemed the xws-security did not take any effects.
    Did I miss something? Is adding the -security option of the wscompile command the only step I should take while deploying the xws-security?

    Hi,
    i am a new user of xws security.Since you have already done the simple example,I rather ask you a question about it.i am getting the following message..........wher'e build is failed!!!! i am using jdk1.5, app server 8....if you know the solution plz help me.
    C:\Sun\jwsdp-1.6\xws-security\samples\simple>asant run-sample
    Buildfile: build.xml
    clean:
    [delete] Deleting directory C:\Sun\jwsdp-1.6\xws-security\samples\simple\buil
    d
    [delete] Deleting directory C:\Sun\jwsdp-1.6\xws-security\samples\simple\dist
    as8-check:
    [mkdir] Created dir: C:\Sun\jwsdp-1.6\xws-security\samples\simple\build\clie
    nt\classes
    [mkdir] Created dir: C:\Sun\jwsdp-1.6\xws-security\samples\simple\build\serv
    er\WEB-INF\classes
    [mkdir] Created dir: C:\Sun\jwsdp-1.6\xws-security\samples\simple\dist
    ws-check:
    tc-check:
    compile-handler-code:
    [echo] Compiling the handler source code
    [javac] Compiling 1 source file to C:\Sun\jwsdp-1.6\xws-security\samples\sim
    ple\build\server\WEB-INF\classes
    [javac] C:\Sun\jwsdp-1.6\xws-security\samples\simple\src\sample\SecurityEnvi
    ronmentHandler.java:44: package com.sun.org.apache.xml.internal.security.utils d
    oes not exist
    [javac] import com.sun.org.apache.xml.internal.security.utils.RFC2253Parser;
    [javac] ^
    [javac] C:\Sun\jwsdp-1.6\xws-security\samples\simple\src\sample\SecurityEnvi
    ronmentHandler.java:351: cannot find symbol
    [javac] symbol : variable RFC2253Parser
    [javac] location: class sample.SecurityEnvironmentHandler
    [javac] RFC2253Parser.normalize(x509Cert.getIssuerDN().g
    etName());
    [javac] ^
    [javac] C:\Sun\jwsdp-1.6\xws-security\samples\simple\src\sample\SecurityEnvi
    ronmentHandler.java:410: cannot find symbol
    [javac] symbol : variable RFC2253Parser
    [javac] location: class sample.SecurityEnvironmentHandler
    [javac] RFC2253Parser.normalize(x509Cert.getIssuerDN().g
    etName());
    [javac] ^
    [javac] 3 errors
    BUILD FAILED
    C:\Sun\jwsdp-1.6\xws-security\samples\simple\build.xml:68: Compile failed; see t
    he compiler error output for details.
    Total time: 10 seconds

  • Xws-security returns always HTTP 200

    Hi,
    I am using libraries of JWSDP 2.0, jaxws and xws-security.
    My web service was generated from a WSDL schema and works so
    far fine. I need to secure the transportation with a xml signature.
    For that I am using the xws libraries.
    My problem is that xws-security and jaxws returns always HTTP 200. I
    would expect a negative HTTP status code if the signature validation
    fails, such as HTTP 401 or HTTP 500 or whatever.
    Is this a bug or any idea what my problem might be ?
    Thanks,
    Simel.

    Hi,
    I am using libraries of JWSDP 2.0, jaxws and xws-security.
    My web service was generated from a WSDL schema and works so
    far fine. I need to secure the transportation with a xml signature.
    For that I am using the xws libraries.
    My problem is that xws-security and jaxws returns always HTTP 200. I
    would expect a negative HTTP status code if the signature validation
    fails, such as HTTP 401 or HTTP 500 or whatever.
    Is this a bug or any idea what my problem might be ?
    Thanks,
    Simel.

  • Certificate for Portal and BackendSystems. What do I have to take careAbout

    Hello,
    I would like to buy a certificate for the secured HTTP but I don't know what I have to take care about?
    Where do you buy your certificates? Can I use "wildcards"-certificates for the portal and the backend-systems.
    Is there a good shop for buying a certificate in Germany?
    Thanks, Vanessa

    Vanessa,
    You can approach both Verisign and Thawte and collect information.
    In case of Thawte, you can just go their site and there is an option for an online free chat with a Thawte associate. He/she will then guide you further.
    They will also share the details required for the certificate to get authorized.
    Plus before ordering, you can also check the correctness of ur certificate for free on their site.
    Hope this helps.
    Regards,
    Ritu

  • Certificate for code signing expires soon

    Hi
    since several days I am getting a warning message from my OS X server telling me that the Certificate for code signing will expire soon
    Certificate Expires Soon -servername.xx Signierungszertifikate für Code
    The following certificate is about to expire on your server,servername.xx:
    Name: servername.xx Signierungszertifikate für Code
    Expiration Date: 15. Mai 2013 10:30:44 MESZ
    I looked under Certificates in Server app but this certificate does not appear. It's visible only in Key Chain under System and I suppose it is one which was created automaticely when I set up the server running under Mountain Lion. How can I renew this certificate ? Thanks for help
    Carlotta

    problem solved - Jonathan Melville's answer gave me the hint. Thanks
    Jonathan Melville Atlanta, GA
    This solved my questionRe: Configuration Profile Code-Signing Certificates 
    24.07.2012 12:19 (in response to Larry Goldman)

  • [svn:bz-trunk] 19459: Security API change for auth sync sample/ concept to work in WebLogic, WebSphere.

    Revision: 19459
    Revision: 19459
    Author:   [email protected]
    Date:     2010-12-17 10:15:23 -0800 (Fri, 17 Dec 2010)
    Log Message:
    Security API change for auth sync sample/concept to work in WebLogic, WebSphere.
    Adding the PrincipalConverter interface
    Implement the converting principal in WebLogic and WebSphere login command
    Modified Paths:
        blazeds/trunk/modules/opt/src/weblogic/flex/messaging/security/WeblogicLoginCommand.java
        blazeds/trunk/modules/opt/src/websphere/flex/messaging/security/WebSphereLoginCommand.jav a
    Added Paths:
        blazeds/trunk/modules/core/src/flex/messaging/security/PrincipalConverter.java

    Thanks for the reply dood... i've found the solution after several tries... i had to set the channel from the actionscript instead of depending on the Service-config.xml file like the following.. then it worked..
    var cs:ChannelSet = new ChannelSet();
    var chnl:Channel = new Channel();
    var customChannel:Channel = new AMFChannel("my-amf", "http://localhost:8080/somehting/messagebroker/amf");
                    cs.addChannel(customChannel);
    consumer = new Consumer();
    consumer.channelSet = cs;

  • Security Certificate for BizTalk server

    Hello,
    We need to have a party certificate for EDI communication for ourselves, as required by some of our trading partners. Currently we have EDI implemented but moving to BizTalk platform. So we do have a certificate for our party in our current AS2 software.
    My question is, can we use the same certificate for our party once moved to BizTalk (different computer, different environment). And if not, where would you go to obtain one?
    Thanks a lot!
    Galina

    Hi Galina,
    You can use the same certificate which you used in non-BizTalk to BizTalk EDI integration. Security by using certificate is not specific to BizTalk; it’s all related to cryptography and digital signature.
    BizTalk just provides a way to support those security implementations. So you can very well use the same certificates used in non BizTalk to BizTalk environment as part of your migration.
    For party resolution, you have to use the public certificate of your trading partner. So this certificate must have been shared to you by your trading partner. In your non-BizTalk EDI communication for party
    resolution you would have used this public key/certificate. This certificate (public key) is not related to BizTalk or non-BizTalk EDI products. This is used to implement public-private key pair of digital signature. For BizTalk you have to install this public
    certificate in “Other People store”
    Just and additional info, if you don’t have this (or misses this in future) you have to get this public key from your trading partner to whom you exchange EDI messages.
    If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful.

Maybe you are looking for

  • Getting someone else's emails-del​ete my email address please

    My Best Buy {removed per forum guidelines} Member ID: {removed per forum guidelines} View Account › UP TO $5000 IN CERTIFICATES COULD BE YOURS - Thanks for being a My Best Buy™ member. Redeem your Mystery Rewards certificate worth $5 to $5000 in stor

  • Search option in status report

    Hi, I have a requirement where I need to add a search option for date range to a CRM report that is fetching a list of mails along with their statuses and associated processing time. Now, currenty the list is too long and as a result the report is ti

  • How To Add Serial Number  Dynamically

    Dear all, In a dynamic form I require to add cosecutive serial no to the dynamically generated fields.How can I do it?If any body can please help me. Thanking you Rakesh

  • How do change security questions and rescue email ( Forgot! )

    Help me Please This wil mean so much thx

  • Will WAAS be worth it?

    Hello, We have our headquarters in New York and a remote office in Chennai India. The circuit between the offices is a 10mbps MPLS with a big provider. The performance of web applications is fine. Users start to complain when it comes to Windows file