Keystore problem

Hi,
I have the following error when my portal is starting. I am on ep6 sp2 patch5. Could anyone help me resolve the problem
Loading service: com.sap.portal.license.runtime|license
Jun 29, 2006 6:15:47 PM # System_Thread_48 Fatal Fatal error, keystore stuff couldn't be handled (2)
java.io.IOException: File not found: javax.naming.NameNotFoundException: [Xfs] Object not found [Root exception is javax.naming.NamingException: [Xfs] Object not found]
Thanks a lot
Renaud

Was the keystore created with the same JVM version as with which you try to fetch the key?
Cheers,
--Arnout

Similar Messages

Openldap, jndi, ssl openssl keystore problem

I am trying to get a connection between openldap and a java application using jndi. The connection needs to be secure so I want to use ssl. I only want the server to have to have a certificate.
I am having troubles creating the right certificates (self-signed) .
When I create a certificate that works with openldap (see this howto: http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#4.2 )
I can only import the cacert.pem into my java keystore, the other to files i can not import. Even when I have converted the servercrt.pem to servercrt.der.
When I use this openldap works and I can connect to it use ldapbrowser (also written in Java)
If I only import the cacert.pem java gives the error:
"AWT-EventQueue-0, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"
when trying to connect.
Otherwise if I create a certificate with the java keystore I can't get openldap to work with it.
I used this howto to do that: http://www.churchillobjects.com/c/11201g.html.
So my question is. Does somebody know how to create a certificate that I can use with openldap and also be able to import into the java keystore?

Hello, I had a similar problem: when I tried to connect, a javax.net.ssl.SSLHandshakeException arose. To solve the problem I:
1) Import into my JNDI keystore the certifictate of the CA that had signed my openLDAP certificate (I did not import the server's certificate).
2) Nothing else. I think the problem was in the certificates and not in the java code...
This is what I wrote:
String dirServidor = request.getParameter("dirserver");
String clave = request.getParameter("clave");
String uid = request.getParameter("uid");
System.setProperty("javax.net.debug","all");
System.setProperty("javax.net.ssl.trustStore", YOUR_KEYSTORE?S_PATH);
System.setProperty("javax.net.ssl.trustStorePassword", YOUR_KEYSTORE?S_PASSWORD);
Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, dirServidor);
props.put(Context.SECURITY_PROTOCOL, "ssl");
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.SECURITY_PRINCIPAL, uid);
props.put(Context.SECURITY_CREDENTIALS, clave);
DirContext ctx = null;
try{
ctx = new InitialDirContext(props);
catch(NamingException e){......}
Bye

Soa-infra not start - keystore problem

I am trying to upload soa-infra and I am getting an error because the keystore path is bad.
How can I change the keystore path value or start the soa-infra ignoring this error.
Kind regards,

OK.
Could u pls take a look to the output when u start the servers??
For example:
java -jrockit -Xms10240m -Xmx10240m -Dweblogic.Name=soa_server1 -Djava.security.policy=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.security.SSL.trustedCAKeyStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/cacerts -da -Dplatform.home=/tcgeoo/fmw/product/111/wlserver_10.3 -Dwls.home=/tcgeoo/fmw/product/111/wlserver_10.3/server -Dweblogic.home=/tcgeoo/fmw/product/111/wlserver_10.3/server -Dcommon.components.home=/tcgeoo/fmw/product/111/oracle_common -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=/tcgeoo/admin/soa_domain/aserver/soa_domain -Djrockit.optfile=/tcgeoo/fmw/product/111/oracle_common/modules/oracle.jrf_11.1.1/jrocket_optfile.txt -Doracle.server.config.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/servers/soa_server1 -Doracle.domain.config.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig -Digf.arisidbeans.carmlloc=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/carml -Digf.arisidstack.home=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/arisidprovider -Doracle.security.jps.config=/tcgeoo/admin/soa_domain/aserver/soa_domain/config/fmwconfig/jps-config.xml -Doracle.deployed.app.dir=/tcgeoo/admin/soa_domain/aserver/soa_domain/servers/soa_server1/tmp/_WL_user -Doracle.deployed.app.ext=/- -Dweblogic.alternateTypesDirectory=/tcgeoo/fmw/product/111/oracle_common/modules/oracle.ossoiap_11.1.1,/tcgeoo/fmw/product/111/oracle_common/modules/oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol|oracle.fabric.common.classloaderurl.handler|oracle.fabric.common.uddiurl.handler|oracle.bpm.io.fs.protocol -Dweblogic.jdbc.remoteEnabled=false -Doracle.security.jps.policy.migration.validate.principal=false -da:org.apache.xmlbeans... -Dbpm.enabled=true -Dsoa.archives.dir=/tcgeoo/fmw/product/111/soa_111/soa -Dsoa.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dsoa.instance.home=/tcgeoo/admin/soa_domain/aserver/soa_domain -Dtangosol.coherence.clusteraddress=227.7.7.9 -Dtangosol.coherence.clusterport=9778 -Dtangosol.coherence.log=jdk -Djavax.xml.soap.MessageFactory=oracle.j2ee.ws.saaj.soap.MessageFactoryImpl -Dweblogic.transaction.blocking.commit=true -Dweblogic.transaction.blocking.rollback=true -Djavax.net.ssl.trustStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/DemoTrust.jks -Dem.oracle.home=/tcgeoo/fmw/product/111/oracle_common -Djava.awt.headless=true -Dbam.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dums.oracle.home=/tcgeoo/fmw/product/111/soa_111 -Dweblogic.management.discover=false -Dweblogic.management.server=http://140.85.99.187:40501 -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/tcgeoo/fmw/product/111/patch_wls1035/profiles/default/sysext_manifest_classpath:/tcgeoo/fmw/product/111/patch_ocp360/profiles/default/sysext_manifest_classpath -Dweblogic.management.username=ohsadmin -Dweblogic.management.password=simple4u weblogic.Server
Pls check this: -Dweblogic.security.SSL.trustedCAKeyStore=/tcgeoo/fmw/product/111/wlserver_10.3/server/lib/cacerts
I think, that is coming from the Scripts that starts Weblogic.
best

Creating keystore problem

Hello, I'm a little new to this and have been working on creating a keystore programmatically. This is code so far: It compiles fine, but it won't run - just the "Press any key to continue" shows up on the command window. I'm sure I've probably made some stupid mistake that's staring at me in the face, but since it's past 1am I can't exactly ask anyone for a fresh set of eyes to see if they spot anything. Could someone please have a quick look at the code below, I'd greatly appreciate it. (by the way all the printlns are just for testing)
try{
Security.addProvider(new com.sun.crypto.provider.SunJCE());
String homedir = System.getProperty("user.home");
System.out.println("Home Directory: "+ homedir);
String fileSep = System.getProperty("file.separator");
String stringKeyStore = homedir + fileSep + ".keystoreF";
System.out.println("StringKeyStore = " + stringKeyStore);
File fileKeyStore = new File(stringKeyStore);
System.out.println("FileName:" + fileKeyStore);
String javaHome = System.getProperty("java.home");
System.out.println("Java Home = " + javaHome);
String keyStoreType=KeyStore.getDefaultType();
System.out.println("KeyStoreType:" + keyStoreType);
     if (fileKeyStore.exists() == false){
System.out.println("Creating keystore...");
     String [] arstringCommand = new String []{
     System.getProperty("java.home") + fileSep + "bin"+fileSep
"keytool",
"-genkey",
     "-alias", stringId,
     "-keyalg", "RSA",
     "-keysize", "1024",
     "-dname", "CN=" + stringName,
     "-keystore", homedir + fileSep + "keystoreF",
     "-keypass", stringPassword,
"-storetype", "JKS",
"-storepass", stringPassword};
Process process = Runtime.getRuntime().exec(arstringCommand);
process.waitFor();
BufferedReader reader = new BufferedReader(                         new InputStreamReader(process.getInputStream()));
     while (true)
     try {
     String lineStr = reader.readLine();
     if (lineStr == null)
                                             break;
                                        System.out.println(lineStr);
     } catch (Exception e) { break; }
     }//end while
     try {
     process.waitFor();
     catch (InterruptedException e) {}
     System.out.println("");*/
     passW = stringPassword.toCharArray();
     FileInputStream fis = new FileInputStream(homedir + fileSep +
                              "keystoreF");
     keyStore = KeyStore.getInstance(keyStoreType);
     System.out.println("KeyStore:" + keyStore);
if (fileKeyStore.exists()) {
     FileInputStream fis = new FileInputStream(homedir + fileSep +
                         "keystoreF");
     keyStore.load(fis, passW);
     fis.close();
     }else {
     System.out.println("New KeyStore ("+fileKeyStore+") ...");
     keyStore.load(null, passW);
}catch (Exception e)
System.out.println("Cannot load keystore");
}//end constructor

it's ok, i found my stupid mistake in another part of the program!!

AuthSSLProtocolSocketFactor could not load the certificate from key store

Hello,
I am trying to use this to the mutual authentication.
I create a self signed cert and and imported to a key store. I tried a couple ways to create the cert, but all of them failed when creating AuthSSLProtocolSocketFactory
new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword")
One of the store which is used for ssl by the Jetty server which is approved works.
The exception is like this:
java.io.IOException: Keystore was tampered with, or password was incorrect
     at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
     at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
     at java.security.KeyStore.load(KeyStore.java:1185)
     at org.apache.commons.ssl.KeyStoreBuilder.tryJKS(KeyStoreBuilder.java:519)
     at org.apache.commons.ssl.KeyStoreBuilder.parse(KeyStoreBuilder.java:365)
     at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:240)
     at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:232)
     at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:220)
     at org.apache.commons.ssl.TrustMaterial.<init>(TrustMaterial.java:214)
     at org.apache.commons.ssl.SSL.<init>(SSL.java:170)
     at org.apache.commons.ssl.SSLClient.<init>(SSLClient.java:62)
     at org.apache.commons.ssl.HttpSecureProtocol.<init>(HttpSecureProtocol.java:57)
     at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.<init>(AuthSSLProtocolSocketFactory.java:175)
Any help will be greatly appreciated!

Hello,
I am using the same way as that in this post:
Re: apache commons httpclient - keystore problem
However, it seems the client did not send the cert to sever. BTW, the server is Jetty.
Here is the way how to generate the client cert:
keytool -genkey -alias client-alias -keyalg RSA -keypass password -storepass password -keystore clientStore.jks
keytool -export -alias client-alias -keypass password -storepass password -file client.cer -keystore clientStore.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keypass password -storepass password -keystore cacerts.jks
Here is the exception:
WARNING: EXCEPTION
javax.net.ssl.SSLHandshakeException: null cert chain
     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:177)
     at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1206)
     at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:148)
     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
     at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:630)
     at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
2011-02-03 11:05:31,914 [main] granteeId=2 ERROR sms.SendSmsTextsProcess$2 - A unexpected exception occurred processig sms AlertMessage 2
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
     at org.jboss.resteasy.client.core.ClientInvoker.invoke(ClientInvoker.java:101)
     at org.jboss.resteasy.client.core.ClientProxy.invoke(ClientProxy.java:72)

Problem with Content Server 4 keystore access on Ubuntu 8.04

Hello,
Setting up the Content Server I encounter this problem with the fulfillment server Status check-up:
exception
javax.servlet.ServletException: Servlet execution threw an exception
root cause
java.lang.Error: Problem reading key and certificate from keystore
     com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:201)
     com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
     com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
     com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
     com.adobe.adept.common.servlet.Status.doGet(Status.java:421)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
     javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
I've created operator.p12 according to the instructions in the Quickstart guide
and placed it in /etc where it is accessible by the server. I used OpenSSL 0.9.8k
for this.
I can use "openssl pkcs12 -in operator.p12 -out file.pem" to view the contents of
the file.
My Content Server fulfillment configuration is as follows:
com.adobe.adept.init1=com.adobe.adept.shared.util.SharedInitialization
com.adobe.adept.log.level=trace
com.adobe.adept.log.file=/var/log/fulfillment.log
com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
com.adobe.adept.persist.sql.dialect=mysql
com.adobe.adept.persist.sql.user=ereading
com.adobe.adept.persist.sql.password=********
com.adobe.adept.fulfillment.security.licensesignURL=https://eusigningservice.adobe.com/licensesign
com.adobe.adept.fulfillment.security.keystore.user=operator
com.adobe.adept.fulfillment.security.keystore.password=********
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
com.adobe.adept.serviceURL=http://******.dmz.******.org/fulfillment
Any ideas?
Best regards,
Teemu

for solve this, change this
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
for this
com.adobe.adept.fulfillment.security.pkcs12.file=/etc/operator.p12

Problem with Java keystore and certificates (unable to find valid cert path

Our program is made so that when a certificate is not signed by a trusted Certification Authority, it will ask the user if he/her wishes to trust the certificate or not. If they decide to trust the certificate, it will accept the self signed certificate and import it into the keystore and then use that certificate to log the user in. This works fine. It will import the certificate into the keystore and use the specified ip address to establish a connection with the LDAP server (Active Directory in our case) and authenticate properly. However, the problem arises when we then try and connect to a different ip address (without restarting tomcat, if we restart tomcat, it works fine...). It imports the certificate into the keystore fine, but always gives the exception
"Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
and does not authenticate with our LDAP server (which is Active Directory). The problem seems to be that it is no longer looking at the System.setProperty("javax.net.ssl.trustStore", myTrustStore);
I have tried multiple times to just reset this property and try and "force" it to read from my specified trust file when this error happens. I have also imported the certificates directly into the <java_home>/jre/lib/security/cacerts and <java_home>/jre/lib/security/jssecacerts directories as the java documentation says that it will look at those directories first to see if it can find a trusted certificate. However, this does not work either. The only way that I can get this to work is by restarting tomcat all together.
If both of the certificates are already in the keystore before tomcat is started up, everything will work perfect. Again, the only problem is after first connecting to an IP address using TLS and importing the certificate, and then trying to connect to another IP address with a different certificate and import it into the keystore.
One of the interesting features of this is that after the second IP address has failed, I can change the IP address back to the first one that authenticated successfully and authenticate successfully again (ie
I use ip 1.1.1.1, import self signed certificate, authenticates successfully
login with ip 2.2.2.2 import self signed certificate, FAILS
login again with 1.1.1.1 (doesn't import certificate because it is already in keystore) successfully authenticates
Also, I am using java 1.5.0_03.
Any help is greatly appreciated as I've been trying to figure this out for over a week now.
Thanks

Please don't post in threads that are long dead and don't hijack other threads. When you have a question, start your own topic. Feel free to provide a link to an old post that may be relevant to your problem.
I'm locking this thread now.

Problem inputting a SecretKey object into a KeyStore

i am having some problem storing my secretkey object in a key store, i keep getting the error shown below
cannot resolve symbol - class SecretKeyEntry.
the whole class is shown below. i have tried to import the SecretKeyEntry class but i still get an error. can anybody help.
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.KeyStore.*;
//import java.security.KeyStore.SecretKeyEntry;
import java.security.spec.*;
import java.util.*;
public class Encrypt {
public static void main(String args[]) {
File desFile = new File("Saving a text document as an image file.doc");
// Create data to encrypt
Map map = new TreeMap(System.getProperties());
int number = map.size();
try {
// Create Key
KeyGenerator kg = KeyGenerator.getInstance("DES");
SecretKey secretKey = kg.generateKey();
// key store code start
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
char[] password = {'f','r','a','n','k'};
System.out.println("my password" + password.toString());
ks.load(null, password);
// save my secret key
KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mySecretKey);
ks.setEntry("secretKeyAlias", skEntry, password);
//keystore code end
// Create Cipher
Cipher desCipher =
Cipher.getInstance("DES/ECB/PKCS5Padding");
desCipher.init(Cipher.ENCRYPT_MODE, secretKey);
// Create stream
FileOutputStream fos = new FileOutputStream(desFile);
BufferedOutputStream bos = new BufferedOutputStream(fos);
CipherOutputStream cos = new CipherOutputStream(bos,
desCipher);
ObjectOutputStream oos = new ObjectOutputStream(cos);
// Write objects
oos.writeObject(map);
oos.writeInt(number);
oos.flush();
oos.close();
} catch (NoSuchPaddingException e) {
System.err.println("Padding problem: " + e);
} catch (NoSuchAlgorithmException e) {
System.err.println("Invalid algorithm: " + e);
} catch (InvalidKeyException e) {
System.err.println("Invalid key: " + e);
} catch (KeyStoreException e) {
System.err.println("Problem getting Keystore instance" + e);
} catch (IOException e) {
System.err.println("I/O Problem: " + e);
} catch (Exception e) {
System.err.println("All other exceptions" + e);
} finally {
if (desFile.exists()) {
//desFile.delete();
}

You need to change your setEntry() line to this:ks.setEntry("secretKeyAlias", skEntry, new KeyStore.PasswordProtection(password));You also need to insure that you're running under 1.5 - this API didn't exist before that. If you're picking up a 1.4 JVM/libs, it would explain your compilation error.
Grant

Problem with keystore

Good morning.
I have a certificate issued by Thawte.
The problem is that i lost the keystore that i used to create the certificate request.
I import certificate in a new keystore.
So that originates when I attempt start tomcat, i have the following error:
No available certificate or key corresponds to the SSL cipher suites which are enabledIs there any way to solve this?

Alejandro77 wrote:
Good morning.
I have a certificate issued by Thawte.
The problem is that i lost the keystore that i used to create the certificate request.
I import certificate in a new keystore.
So that originates when I attempt start tomcat, i have the following error:
No available certificate or key corresponds to the SSL cipher suites which are enabledIs there any way to solve this?Your Thwarte signed certificate contains only the public key of the key-pair you generated. Since you need both the private and public keys then unless you have the original keystore or you exported from the original keystore the private key then you are stuffed.

Problem while generating an entry for a keystore on SCA-6000

Hi everybody,
this is my first message.....
i need to develop a sw to adding entry on a keystore that is on a SCA-6000
when i try to add an entry witn method KeyStore.setKeyEntry i have this error:
java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCONSISTENT
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1067)
at sun.security.pkcs11.P11KeyStore.engineSetKeyEntry(P11KeyStore.java:443)
at java.security.KeyStore.setKeyEntry(KeyStore.java:848)
at TestProvider.main(TestProvider.java:160)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCONSISTENT
at sun.security.pkcs11.wrapper.PKCS11.C_CopyObject(Native Method)
at sun.security.pkcs11.P11KeyStore.updateP11Pkey(P11KeyStore.java:1518)
at sun.security.pkcs11.P11KeyStore.storePkey(P11KeyStore.java:1678)
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1063)
i don't find anything on documentation.....
this is my code:
Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(fis);
Security.addProvider(pkcs11Provider);
char [] pin = args[1].toCharArray();
KeyStore smartCardKeyStore;
smartCardKeyStore = KeyStore.getInstance("PKCS11");
smartCardKeyStore.load(null, pin); //ALL OK
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", pkcs11Provider);
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
Certificate[] cc = {cer};
smartCardKeyStore.setKeyEntry("[email protected]", kp.getPrivate(), "dlozzi".toCharArray(), cc);PS fis is an FileInputStream that is the file for configuring SunPKCS11 and this is
name = SunCryptoAccelerator6000
library = /usr/lib/libpkcs11.so
thanks for your help
Ad Maiora,
Daniele Lozzi

"IN UPDATE TASK" resolved by myself. The one should explicitly call 'COMMIT WORK' from Z-program after CALL FUNCTION '...' IN UPDATE TASK in order to get changes in the CDHDR/CDPOS commited. The key in this issue for me was to check the documentation of CALL FUNCTION :-).
Regards,
Ivo

Problema with Keystore entry in SOAP Adapter

Hi all,
I have a RFC to SOAP scenario wich uses a certicate X.509. I import the certificate in Visual Admin in Key Storage node following this steps:
/people/varadharajan.krishnasamy/blog/2007/05/11/how-to-use-digital-certificates-for-signing-encrypting-messages-in-xi
In Integration Directory, in SOAP Adapter receiver, I want to place the certificate in Keystore view but does'nt appear, there are two entries, service_ssl an TicketStore but I dont find my certificate.
Any suggestions???
Regards,
Pablete

Hi.
Look this links below:
PI 7.1 SOAP scenario with SSL certificate
SOAP adapter - digital signature
Digital signed File Upload to XI (PI)
http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/40f6fee6-9316-2a10-d2a9-954d4df7dd33
I hope it helps you.
Regards.
Bruno

Problems securing WSRP portlet with Java keystore

Hi.
I am following the tutorial in the webcenter developer guide to secure my WSRP (jsr-168) portlet using WS-security.
I have set-up my Java keystore for the producer and consumer with a trial CA certificate from verisign.
The producer.jks looks like this:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
consumer, Apr 19, 2007, trustedCertEntry,
Certificate fingerprint (MD5): 09:0E:0B:B9:62:A7:87:E8:A1:6F:10:A3:2D:75:12:2D
The producer store contains one alias, namely consumer.
I have copied the producer.cer and jks to a sub-dir of the application directory in the embedded Oracle webcenter OC4J server dir:
C:\jdevs\jdev10132\jdev\extensions\oracle.adfp.seededoc4j.10.1.3.2.0\j2ee\home\applications\webcenter-advanced\jks
In the EM console I want to configure the keystore (application-scoped) and signature settings for the WSRP markup service. However, after I specify the right keystore settings and alias for the signature (consumer) and click on ok I get the error message that the alias consumer does not exists in the keystore...
Am I missing a crucial step here or am I doing something wrong.
Hope you can help me
Kind regards
-Tom

Hello
I am not sure to see what could be the issue...
Do you have a simple portlet not secured in the provider ? And does this one works ?
If not you probably have a issue with the Registration URL, is this URL is correct ? Does the Portal middle tier can access the provider server ? (proxy, FW, ... can be installed between the portal and the provider and do not allow the portal to call this provider)
Regards
Tugdual Grall

Problem in creating keystore

I was trying to follow the instructions on this link http://e-docs.bea.com/wls/docs81/admin_ref/utils.html#1184336
when I was trying to do step 4: D:\bea2\weblogic700\samples\server\src>cat testcert.pem
CertGenCA.pem >> newcerts.pem
I don't know where that cat command is. I cannot find it in WLW 8.1. this instruction
seems to work in 7.0. I'm wondering whether this command has been replaced by
another one.
anybody can help me with this?

Thank you. Thank you so much. This problem is solved. However, when I was doing
the next step:
java utils.ImportPrivateKey mykeystore mypasswd mykey mykeypass newcerts.pem
testkey.pem
I got the following error messages:
ImportPrivateKey will create mykeystore
ImportPrivateKey failed, java.lang.NoClassDefFoundError: javax/security/cert/Cer
tificateException
java.lang.NoClassDefFoundError: javax/security/cert/CertificateException
at weblogic.security.utils.SSLContextWrapper.getInstance(SSLContextWrapp
er.java:25)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:66)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:35)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:21)
I think I need to add some jar file in the classpath, but I don't know which one
to add. Any suggestions? :)
Bruce Stephens <[email protected]> wrote:
Hello,
The goal of this step is to simply put the two files together into one;
to add the certificate and the Certificate Authority (CA) into a single
pem file. The 'cat' command is a generic unix command for concatenate.
If you are using windows, in a cmd shell just use something like "copy
testcert.pem + CertGenCA.pem newcerts.pem" should do the same thing.
HTHs,
Bruce
Yan wrote:
I was trying to follow the instructions on this link http://e-docs.bea.com/wls/docs81/admin_ref/utils.html#1184336
when I was trying to do step 4: D:\bea2\weblogic700\samples\server\src>cattestcert.pem
CertGenCA.pem >> newcerts.pem
I don't know where that cat command is. I cannot find it in WLW 8.1.this instruction
seems to work in 7.0. I'm wondering whether this command has been replacedby
another one.
anybody can help me with this?

Keystore tampered with problems on Linux

Hi,
I am running a couple of java applications that communicate via HTTPS/SSL. When these applications are run under Win32, they run perfectly with no errors. However, if they are run under Linux, with the exact same certificate files that worked just fine under Windows, I get an exception error that states that the keystore has been tampered with or the password is incorrect. Has anyone seen this before?

These are ascii files, are they not? (The ones with ---BEGIN CERTIFICATE---/---END CERTIFICATE--- lines?)
If so, try stripping the DOS newlines (^Ms) from the file (if you have just copied the file over). Don't know if this has any effect.

How to strore keys in KeyStores..of JCE Api..

Hi ,
i'm trying to implement a program mySignature that creates and verifies digital signatures using Java Cryptography Extension.
I am using the DSA Algorithm for encryption.
Now the problem is once i create the private keys and public keys i am not able to store them to the KeyStore.
here is the code I wrote
package my.security.test;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Certificate;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
* @author sandeepk
* To change this generated comment edit the template variable "typecomment":
* Window>Preferences>Java>Templates.
* To enable and disable the creation of type comments go to
* Window>Preferences>Java>Code Generation.
public class MySignature {
     public static void main(String[] args) {
          KeyPairGenerator keyGen = null;
          FileOutputStream sigfos = null;
          try {
               Signature signature = Signature.getInstance("SHA1withDSA", "SUN");
               keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
               keyGen.initialize(1024);
               KeyPair keyPair = keyGen.generateKeyPair();
               PrivateKey privateKey = keyPair.getPrivate();
               PublicKey publicKey = keyPair.getPublic();
               KeyStore ks = KeyStore.getInstance("JKS", "SUN");
               System.out.println("Here1");
               ks.setKeyEntry("privkey", privateKey, "pass".toCharArray(), null);
               System.out.println("Here2");
               ks.setKeyEntry("pubkey", publicKey, "pass".toCharArray(), null);
               System.out.println("Here3");
               sigfos = new FileOutputStream("C:\\keystore");
               ks.store(sigfos, "pass".toCharArray());
               signature.initSign(privateKey);
               // Reading the contents of them message file
               FileInputStream fis = new FileInputStream("C:\\message.txt");
               BufferedInputStream bufin = new BufferedInputStream(fis);
               byte[] buffer = new byte[1024];
               int len;
               while (bufin.available() != 0) {
                    len = bufin.read(buffer);
                    signature.update(buffer, 0, len);
               bufin.close();
               // Writng the signature to a file
               byte[] realSig = signature.sign();
               sigfos = new FileOutputStream("C:\\sig.txt");
               sigfos.write(realSig);
               sigfos.close();
          } catch (InvalidKeyException e) {
               e.printStackTrace();
          } catch (NoSuchAlgorithmException e) {
               e.printStackTrace();
          } catch (FileNotFoundException e) {
               e.printStackTrace();
          } catch (SignatureException e) {
               e.printStackTrace();
          } catch (IOException e) {
               e.printStackTrace();
          } catch (NoSuchProviderException e) {
               e.printStackTrace();
          } catch (KeyStoreException e) {
               e.printStackTrace();
          }catch(CertificateException e){
               e.printStackTrace();
I get an error while i try to store the key on to the KeyStore, if I comment out these lines of code the program runs without any probs.
Can any one help me with this issue, i'ld be thank full to them
-Chau
Sandy

We use 'PDDocCreateWordFinder' , 'PDWordFinderEnumWords' to extract the text from Adobe Reader document through Code, Not tool.
But, by using these APIs, I can't see any difference in 'new line/row' or 'paragraph' if exists in PDF doc.
I need such API which can give the exact format of Adobe Reader doc according to the content exists in that PDF doc.
Thanks!

Keystore problem

Similar Messages

Maybe you are looking for