Keystore
hi
how do I create keystore file when my default keystore file(jks) does not exist?
regards
neda
hi
thank you for answering to my question
but don't work keytool ,I more explain my problem for you
I want create csr by keytool option but my computer not found default keystore implemention (jks) and don't work correct , so I decide create keystore and I do your work order (keytool -genkey -alias nedmas -keystore nedmas.ks -storetype JKS -keyalg rsa -storepass nedmas123 -keypass nedmas123"
)but dont work correct , for more your understand:
example:
I write C:\keytool -certreq
in answer: keytool error: keystore file does not exist:c:\window\.keystore
other example:
I write C:\keytool -genkey
in answer : not found jks
I write keytool -genkey -alias nedmas -keystore nedmas.ks -storetype JKS -keyalg rsa -storepass nedmas123 -keypass
in answer :show keytool options (such as -list -keypasswd -printcert and so on)
please guide me
thank you
regards
NEDA
Similar Messages
-
How to strore keys in KeyStores..of JCE Api..
Hi ,
i'm trying to implement a program mySignature that creates and verifies digital signatures using Java Cryptography Extension.
I am using the DSA Algorithm for encryption.
Now the problem is once i create the private keys and public keys i am not able to store them to the KeyStore.
here is the code I wrote
package my.security.test;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Certificate;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAKeyGenParameterSpec;
* @author sandeepk
* To change this generated comment edit the template variable "typecomment":
* Window>Preferences>Java>Templates.
* To enable and disable the creation of type comments go to
* Window>Preferences>Java>Code Generation.
public class MySignature {
public static void main(String[] args) {
KeyPairGenerator keyGen = null;
FileOutputStream sigfos = null;
try {
Signature signature = Signature.getInstance("SHA1withDSA", "SUN");
keyGen = KeyPairGenerator.getInstance("DSA", "SUN");
keyGen.initialize(1024);
KeyPair keyPair = keyGen.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
KeyStore ks = KeyStore.getInstance("JKS", "SUN");
System.out.println("Here1");
ks.setKeyEntry("privkey", privateKey, "pass".toCharArray(), null);
System.out.println("Here2");
ks.setKeyEntry("pubkey", publicKey, "pass".toCharArray(), null);
System.out.println("Here3");
sigfos = new FileOutputStream("C:\\keystore");
ks.store(sigfos, "pass".toCharArray());
signature.initSign(privateKey);
// Reading the contents of them message file
FileInputStream fis = new FileInputStream("C:\\message.txt");
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
signature.update(buffer, 0, len);
bufin.close();
// Writng the signature to a file
byte[] realSig = signature.sign();
sigfos = new FileOutputStream("C:\\sig.txt");
sigfos.write(realSig);
sigfos.close();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}catch(CertificateException e){
e.printStackTrace();
I get an error while i try to store the key on to the KeyStore, if I comment out these lines of code the program runs without any probs.
Can any one help me with this issue, i'ld be thank full to them
-Chau
SandyWe use 'PDDocCreateWordFinder' , 'PDWordFinderEnumWords' to extract the text from Adobe Reader document through Code, Not tool.
But, by using these APIs, I can't see any difference in 'new line/row' or 'paragraph' if exists in PDF doc.
I need such API which can give the exact format of Adobe Reader doc according to the content exists in that PDF doc.
Thanks! -
Problem with Content Server 4 keystore access on Ubuntu 8.04
Hello,
Setting up the Content Server I encounter this problem with the fulfillment server Status check-up:
exception
javax.servlet.ServletException: Servlet execution threw an exception
root cause
java.lang.Error: Problem reading key and certificate from keystore
com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:201)
com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
com.adobe.adept.common.servlet.Status.doGet(Status.java:421)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
I've created operator.p12 according to the instructions in the Quickstart guide
and placed it in /etc where it is accessible by the server. I used OpenSSL 0.9.8k
for this.
I can use "openssl pkcs12 -in operator.p12 -out file.pem" to view the contents of
the file.
My Content Server fulfillment configuration is as follows:
com.adobe.adept.init1=com.adobe.adept.shared.util.SharedInitialization
com.adobe.adept.log.level=trace
com.adobe.adept.log.file=/var/log/fulfillment.log
com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
com.adobe.adept.persist.sql.dialect=mysql
com.adobe.adept.persist.sql.user=ereading
com.adobe.adept.persist.sql.password=********
com.adobe.adept.fulfillment.security.licensesignURL=https://eusigningservice.adobe.com/licensesign
com.adobe.adept.fulfillment.security.keystore.user=operator
com.adobe.adept.fulfillment.security.keystore.password=********
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
com.adobe.adept.serviceURL=http://******.dmz.******.org/fulfillment
Any ideas?
Best regards,
Teemufor solve this, change this
com.adobe.adept.fulfillment.security.pkcs12.file=file:///etc/operator.p12
for this
com.adobe.adept.fulfillment.security.pkcs12.file=/etc/operator.p12 -
Private key password for Default DemoIdentity Keystore?
Hi
I am trying to Configure SSL in ALSB. I have created the PKI Credential mapping for the Default DemoIdentity Keystore
But it is asking for the password to access the Keypair.
The document states that i need to provide the password set during the creation of the keystore
but as i am using the default keystore i dont know where to look for the password.
Error :
[Security:090809|The key pair could not be retrieved from the keystore with the supplied alias demoidentity and its password
I tried using the KeyStorePassphrase but it didnt help me much ..
Can any one help me on this?
Regards
AnushaJay is right
To be more precise you can use something like
keytool -list -keystore ${wl_home}/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrasewhich leads to the following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
certgenca, Mar 22, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
wlsdemocanew2, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
wlsdemocanew1, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
wlscertgencab, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FEThe following list provides the location and passwords of the demo certificates:
Trust store location: ${WL_HOME}/server/lib/DemoTrust.jks
Trust store password: DemoTrustKeyStorePassPhrase
Key store location: ${WL_HOME}/server/lib/DemoIdentity.jks
Key store password: DemoIdentityKeyStorePassPhrase
Private key password: DemoIdentityPassPhrase -
I am creating a server and using JSSE. All the examples I see pass the Keystore and Keystore password as a java enviromnent variable when starting the server. Does this seem a little unsecure to pass the password on the command line? Is there any other way to pass the keystore password?
I am creating a server and using JSSE. All the
examples I see pass the Keystore and Keystore password
as a java enviromnent variable when starting the
server. Does this seem a little unsecure to pass the
password on the command line? Is there any other way
to pass the keystore password?Think hard on this one - what "more secure way" are you going to use? Sooner or later, somebody who knows has to give the code a password to use.
Most of the systems I've seen haven't even required it on the command line - it's been written down in a script or .properties file, so the app can start/restart without human intervention. The files containing the passwords are protected by whatever the host OS uses to keep files private (e.g., owned by root, owner-read-only perms on Unix).
No matter how much encryption you put in place, at the bottom of the chain there's a plain-text password entered SOMEwhere...
Grant -
Problem with Java keystore and certificates (unable to find valid cert path
Our program is made so that when a certificate is not signed by a trusted Certification Authority, it will ask the user if he/her wishes to trust the certificate or not. If they decide to trust the certificate, it will accept the self signed certificate and import it into the keystore and then use that certificate to log the user in. This works fine. It will import the certificate into the keystore and use the specified ip address to establish a connection with the LDAP server (Active Directory in our case) and authenticate properly. However, the problem arises when we then try and connect to a different ip address (without restarting tomcat, if we restart tomcat, it works fine...). It imports the certificate into the keystore fine, but always gives the exception
"Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
and does not authenticate with our LDAP server (which is Active Directory). The problem seems to be that it is no longer looking at the System.setProperty("javax.net.ssl.trustStore", myTrustStore);
I have tried multiple times to just reset this property and try and "force" it to read from my specified trust file when this error happens. I have also imported the certificates directly into the <java_home>/jre/lib/security/cacerts and <java_home>/jre/lib/security/jssecacerts directories as the java documentation says that it will look at those directories first to see if it can find a trusted certificate. However, this does not work either. The only way that I can get this to work is by restarting tomcat all together.
If both of the certificates are already in the keystore before tomcat is started up, everything will work perfect. Again, the only problem is after first connecting to an IP address using TLS and importing the certificate, and then trying to connect to another IP address with a different certificate and import it into the keystore.
One of the interesting features of this is that after the second IP address has failed, I can change the IP address back to the first one that authenticated successfully and authenticate successfully again (ie
I use ip 1.1.1.1, import self signed certificate, authenticates successfully
login with ip 2.2.2.2 import self signed certificate, FAILS
login again with 1.1.1.1 (doesn't import certificate because it is already in keystore) successfully authenticates
Also, I am using java 1.5.0_03.
Any help is greatly appreciated as I've been trying to figure this out for over a week now.
ThanksPlease don't post in threads that are long dead and don't hijack other threads. When you have a question, start your own topic. Feel free to provide a link to an old post that may be relevant to your problem.
I'm locking this thread now. -
Help : How to import .pfx file to keystore
Hi,
I need to generate digital signature for some data string. I got the pfx file with password blank.
it shows the following detailsusing keytool.
keytool -list -keystore rating/ebs/scripts/MPay_certificate_11072003.p12 -storetype pkcs12
unknown attr1.3.6.1.4.1.311.17.1
Enter keystore password:
unknown attr1.3.6.1.4.1.311.17.1
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
c1e673ff559b00e86a399a1b21e4aed2_6ee3fa08-8ba8-4ff1-a8fd-01031842a3a3, Aug 18, 2003, keyEntry,
How can I generate the keystore file and know the private key alias so that i can generate the sign using sign().
thanks in advance.
RanjanIt is possible to import a .p12 file into a keystore with a small Java program...
I found a sample to do this about a year ago, the source page is no longer valid. I have made some slight modifications to the original program, but left credit to the original author in the top (to the best of my knowledge).
Sample execution being:
$ java KeyStoreMove PKCS12 ~/igo.p12 p12-pas JKS ~/.keystore key-pas
Source alias: lester igo id #2
Rename alias to [<return> to keep original alias]: my-cert
New alias: my-cert
importing key lester igo id #2
keystore copy successful
* This code has been downloaded from the internet and contained no license.
* The Source for this was: http://home.istar.ca/~neutron/Thawte/KeystoreMove.txt
* The Page referencing it was: http://home.istar.ca/~neutron/Thawte/index.html
* The author appears to be:
* Michel I. Gallant
* [email protected]
import java.io.*;
import java.security.*;
import java.util.*;
public class KeyStoreMove {
public static void main(String args[]) throws Throwable {
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
if (args.length<6) {
System.out.println(
"\nKeyStoreMove Usage: \njava KeyStoreMove <source> <destination> where\n" +
" <source> and <destination> are " +
"<storetype> <keystore> <password>\n");
System.out.println(" - Requires jsse for PKCS12 keystore support \n" +
" - source storetype can be JKS or PKCS12\n" +
" - destination storetype must be JKS type (PKCS12 write not supported)\n") ;
System.exit(0);
FileInputStream in;
// -------- Load source keystore to memory ---------
in = new FileInputStream(args[1]);
KeyStore ksin = KeyStore.getInstance(args[0]);
char[] pwin = args[2].toCharArray();
if (pwin.length==0) { pwin = null; }
ksin.load(in,pwin);
in.close();
// -------- Load destination keystore initial contents to memory ---------
in = new FileInputStream(args[4]);
KeyStore ksout = KeyStore.getInstance(args[3]);
char[] pwout = args[5].toCharArray();
if (pwout.length==0) { pwout = null; }
ksout.load(in,pwout);
in.close();
//--------- Main Loop to get keys/certs from source keystore ------------
BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
Enumeration en = ksin.aliases();
while (en.hasMoreElements()) {
String alias = (String) en.nextElement();
if (ksout.containsAlias(alias)) {
System.out.println(args[4] + " already contains " + alias + " Key will not be copied.");
continue;
// ------- Ask user if alias of source key/cert should be renamed -----------
System.out.println("Source alias: " + alias);
System.out.print("Rename alias to [<return> to keep original alias]: ") ;
String newuseralias = stdin.readLine().trim() ;
if (newuseralias.equals("")){
newuseralias=alias;
System.out.println("Original alias used") ;
else {
System.out.println("New alias: " + newuseralias) ;
if (ksin.isCertificateEntry(alias)) {
System.out.println("importing certificate " + alias);
ksout.setCertificateEntry(newuseralias, ksin.getCertificate(alias));
if (ksin.isKeyEntry(alias)) {
System.out.println("importing key " + alias);
ksout.setKeyEntry(newuseralias, ksin.getKey(alias,pwin), pwout,ksin.getCertificateChain(alias));
//--------- End main loop ----------------------
//--------- Overwrite the destination keystore with new keys/certs --------------
FileOutputStream out = new FileOutputStream(args[4]);
ksout.store(out,pwout);
out.close();
System.out.println("keystore copy successful\n") ;
System.exit(0); -
JPS-06514: Opening of file based keystore failed.
I have a fresh install of JDeveloper 11.1.2.3.0 (Build JDEVADF_11.1.2.3.0_GENERIC_120914.0223.6276.1). When I try to start the integrated WebLogic Server from the Application Servers explorer tab, it fails and crashes with "JPS-06514: Opening of file based keystore failed." The entire output console content is pasted below for your reference. I am under time pressure, so the sooner somebody can help, the better. Thanks in advance!
*** Using HTTP port 7101 ***
*** Using SSL port 7102 ***
C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\bin\startWebLogic.cmd
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK160~3\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_12.1.1.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\xqrl.jar;.;c:\oracle\middleware\wlserver_10.3\server\lib;M:\dommgr\DomainManager\classes;M:\3rdparty\wls_10.3\weblogic.jar;M:\3rdparty\wls_10.3\wlfullclient.jar;M:\3rdparty\wls_10.3\wljmxclient.jar;M:\3rdparty\wls_10.3\wlclient.jar;
PATH=C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\native;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\native;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~3\jre\bin;C:\Oracle\MIDDLE~1\JDK160~3\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\IBM\RationalSDLC\ClearCase\bin;C:\Program Files\IBM\RationalSDLC\common;M:\etc;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\JDK160~3\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\Users\FCOCA~1.COR\AppData\Local\Temp\trustStore7654511046496503013.jks -Ddmsc_config_file=M:\etc\dommgr.properties -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -Djava.endorsed.dirs=C:\Oracle\MIDDLE~1\JDK160~3/jre/lib/endorsed;C:\Oracle\MIDDLE~1\WLSERV~1.1/endorsed -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.1 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.1\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.1\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1 -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\sysext_manifest_classpath weblogic.Server
<19-Dec-2012 2:37:23 o'clock PM EST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<19-Dec-2012 2:37:23 o'clock PM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<19-Dec-2012 2:37:24 o'clock PM EST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 20.4-b02 from Sun Microsystems Inc..>
<19-Dec-2012 2:37:24 o'clock PM EST> <Info> <Management> <BEA-141107> <Version: WebLogic Server Temporary Patch for 13340309 Thu Feb 16 18:30:21 IST 2012
WebLogic Server Temporary Patch for 13019800 Mon Jan 16 16:53:54 IST 2012
WebLogic Server Temporary Patch for BUG13391585 Thu Feb 02 10:18:36 IST 2012
WebLogic Server Temporary Patch for 13516712 Mon Jan 30 15:09:33 IST 2012
WebLogic Server Temporary Patch for BUG13641115 Tue Jan 31 11:19:13 IST 2012
WebLogic Server Temporary Patch for BUG13603813 Wed Feb 15 19:34:13 IST 2012
WebLogic Server Temporary Patch for 13424251 Mon Jan 30 14:32:34 IST 2012
WebLogic Server Temporary Patch for 13361720 Mon Jan 30 15:24:05 IST 2012
WebLogic Server Temporary Patch for BUG13421471 Wed Feb 01 11:24:18 IST 2012
WebLogic Server Temporary Patch for BUG13657792 Thu Feb 23 12:57:33 IST 2012
WebLogic Server 12.1.1.0 Wed Dec 7 08:40:57 PST 2011 1445491
WebLogic Server 10.3.2.0 Tue Oct 20 12:16:15 PDT 2009 1267925
WebLogic Server 10.3 Tue Nov 15 08:52:36 PST 2011 1441050
WebLogic Server 10.3 Tue Nov 15 08:52:36 PST 2011 1441050 >
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms, such as Windows.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00003. Log messages will continue to be logged in C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
19-Dec-2012 2:37:26 PM oracle.security.jps.internal.keystore.file.FileKeyStoreManager openKeyStore
WARNING: Opening of file based keystore failed.
<19-Dec-2012 2:37:26 o'clock PM EST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:148)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-06514: Opening of file based keystore failed.
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: JPS-06514: Opening of file based keystore failed.
at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2855)
at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based keystore failed.
at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:374)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:104)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:76)
at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:66)
at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
Truncated. see log file for complete stacktrace
>
<19-Dec-2012 2:37:26 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Warning> <Security> <BEA-090922> <Certicom SSL is available, however JSSE is being used for SSL, since JSSE has been selected by attribute SSLMBean.JSSEEnabled, either explicitly or by default.>
Process exited.I believe you can chmod back to your app user and correct the issue.
-ryan -
How to enter a Private key into a keystore
Hi,
We have a propriteary CA, developed by us. I need to use this CA for my Signed Applet. I would enter this CA's public key(a X509 certificate) into my cacerts file.
Following is what I have done :
1) I have generated my own keystore, public and private key for signing the applet.
2) Signed the applet with the private key in the keystore.
To Do :
Now, the self generated public key(with which applet was signed) has to be signed by the properitary CA, so that when applet is downloaded my certificate is authenticated by the proprietary CA.
The problem is :
1) To get my public key certificate authenticated by the proprietary CA, I need the private key of proprietary CA.(so that I shall sign my public key file by the CA's private key) . The CA could give the private key as a byte array file. ( Or we could write a program to format the private key file, if any format exists and required). jarsigner requires keystore to sign. How could I create a keystore and enter my private key and public key into this keystore?
2) Is there any other way to do this?
Please help to resolve this problem.
RajeshCheck this:
<A HREF="http://java.sun.com/j2se/1.4/docs/guide/pugin/developer_guide/rsa_signing.html -
Error while importing a PKCS12 file to keystore
When i try to load a PKCS12 file in keystore , i get the following error: java.io.IOException: Error in loading the keystore: Private key decryption error: (java.lang.SecurityException: Unsupported keysize or algorithm parameters).
Can anyone tell me what should I do now !Ok...I fixed that exception but now its a new one: Plz check the stack trace:
Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.Mac.getInstance(Unknown Source)
at com.ibm.security.pkcs12.BasicPFX.calculateMac(Unknown Source)
at com.ibm.security.pkcs12.BasicPFX.verifyMac(Unknown Source)
at com.ibm.security.pkcs12.PFX.verifyMac(Unknown Source)
at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:695)
at com.xxx.ebs.pa.disability.getdcdetail.transporter.TestEncrypyDecrypt.encrypt(TestEncrypyDecrypt.java:57)
at com.xxx.ebs.pa.disability.getdcdetail.appladapter.GetDCDetailApplicationAdapter.handleCBMessage1(GetDCDetailApplicationAdapter.java:253)
at com.xxx.ebs.pa.disability.getdcdetail.mdb.GetDCDetailCBListenerBean.localOnMessage1(GetDCDetailCBListenerBean.java:100)
at com.xxx.inte.ca.service.test.UnitTestGetDCDetail.main(UnitTestGetDCDetail.java:50)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
... 10 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.g(Unknown Source)
at javax.crypto.b$0.run(Unknown Source)
at java.security.AccessController.doPrivileged1(Native Method)
at java.security.AccessController.doPrivileged(AccessController.java:351)
... 11 more
What is the possible solution ! -
Sequence tag error while importing the SSL certificate into ".keystore" fil
I have created the ".keystore " file successfully and also imported the "root.cer".
but while importing the SSL certificate it says like
"keytool error: java.security.cert.CertificateException: IOException: Sequence ta
g error" (I got the certificate from Verisign)
How to resolve this Error?
can anyone help me?
mail to:: [email protected]
Thanks in AdvanceHi,
I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked. -
Problem while generating an entry for a keystore on SCA-6000
Hi everybody,
this is my first message.....
i need to develop a sw to adding entry on a keystore that is on a SCA-6000
when i try to add an entry witn method KeyStore.setKeyEntry i have this error:
java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCONSISTENT
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1067)
at sun.security.pkcs11.P11KeyStore.engineSetKeyEntry(P11KeyStore.java:443)
at java.security.KeyStore.setKeyEntry(KeyStore.java:848)
at TestProvider.main(TestProvider.java:160)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCONSISTENT
at sun.security.pkcs11.wrapper.PKCS11.C_CopyObject(Native Method)
at sun.security.pkcs11.P11KeyStore.updateP11Pkey(P11KeyStore.java:1518)
at sun.security.pkcs11.P11KeyStore.storePkey(P11KeyStore.java:1678)
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1063)
i don't find anything on documentation.....
this is my code:
Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(fis);
Security.addProvider(pkcs11Provider);
char [] pin = args[1].toCharArray();
KeyStore smartCardKeyStore;
smartCardKeyStore = KeyStore.getInstance("PKCS11");
smartCardKeyStore.load(null, pin); //ALL OK
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", pkcs11Provider);
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
Certificate[] cc = {cer};
smartCardKeyStore.setKeyEntry("[email protected]", kp.getPrivate(), "dlozzi".toCharArray(), cc);PS fis is an FileInputStream that is the file for configuring SunPKCS11 and this is
name = SunCryptoAccelerator6000
library = /usr/lib/libpkcs11.so
thanks for your help
Ad Maiora,
Daniele Lozzi"IN UPDATE TASK" resolved by myself. The one should explicitly call 'COMMIT WORK' from Z-program after CALL FUNCTION '...' IN UPDATE TASK in order to get changes in the CDHDR/CDPOS commited. The key in this issue for me was to check the documentation of CALL FUNCTION :-).
Regards,
Ivo -
The .keystore file now cannot be found (No such file or directory)
hi,
so, I'm trying to sign a JAR file connected to an applet.
I got to creating the keystore and had a "where do you want to store it? and what do you want to call it?" messages.
I saved it as '.keystore' and was warned by the system that files beginning with '.' are invisible.
I clicked ok (thinking the compiler should be able to 'see' it) and now whenever I try to sign anything the Terminal tells me:
jarsigner error: java.lang.RuntimeException: keystore load: /Users/spikenigma/.keystore (No such file or directory)
It doesn't matter how many other keystores I create, it looks for it in said directory and throws up an error.
I've tried everything
HELPOk, I'll be as specific as possible and maybe you can tell where I am going wrong. I am on a Mac.
1)
I have a JAR file called csvjdbc.jar . It is a driver that enables offline SQL operations of sorts on tabular data.
It works perfectly when loaded in the classpath both dynamically and at runtime.
The contents of it's manifest file are, as expected:
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.8.1
Created-By: 1.6.0_22-b04 (Sun Microsystems Inc.)
2)
A test of csvjdbc.jar to check if it is already signed returns that it is not, as expected:
(input)
jarsigner -verify csvjdbc.jar
(input)
(output from terminal)
jar is unsigned. (signatures missing or not parsable)
(output from terminal)
3)
I want to sign the jar file so that I can load said JAR file in an applet I have not yet created.
4)
My steps are:
(navigate to the folder via the terminal)
cd desktop
cd progamming
cd java
etc….
(navigate to the folder via the terminal)
(try to sign the jar)
jarsigner csvjdbc.jar spikenigma
(try to sign the jar)
(response from terminal)
Enter Passphrase for keystore:
(response from terminal)
(entered passphrase)
************** (censored)
(entered passphrase)
(response from terminal as previously mentioned)
/Users/spikenigma/.keystore (No such file or directory)
(response from terminal as previously mentioned)
(Ok, let's create another keystore in a different location)
keytool -genkey -alias signFiles -keystore thekeystore
(Ok, let's create another keystore in a different location)
(answer standard questions)
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
(answer standard questions)
(so, we try signing again)
jarsigner csvjdbc.jar spikenigma
(so, we try signing again)
(enter the passphrase)
Enter Passphrase for keystore:
(enter the passphrase)
(response from terminal as previously mentioned)
jarsigner error: java.lang.RuntimeException: keystore load: /Users/spikenigma/.keystore (No such file or directory)
(response from terminal as previously mentioned) -
Issue in free SSL cert installation on Weblogic using keytool and Keystore
Link which we used to follow below mentioned steps:-
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/secmanage/ssl.html#1167001
http://download.oracle.com/docs/cd/E13222_01/wls/docs81/plugins/nsapi.html#112674
Steps:
1) To generate keystore and private key and digital cerficate:-
keytool -genkey -alias mykey2 -keyalg RSA -keystore webconkeystore.jks -storepass webconkeystorepassword
2) To generate CSR
keytool -certreq -alias mykey2 -file webconcsr1.csr -keyalg RSA -storetype jks -keystore webconkeystore.jks -storepass webconkeystorepassword
3) CSR is uploaded on verisign site to generate free ssl certificate.All certificate text received is paste into file (cacert.pem)
4) Same certificate is put into same keystore using following command
keytool -import -alias mykey2 -keystore webconkeystore.jks -trustcacerts -file cacert.pem
5) Before step 4), we have also installed root /intermediate certificate to include chain using following command.
(intermediateCa.cer file is downloaded from verisign site)
keytool -import -alias intermediateca -keystore webconkeystore.jks -trustcacerts -file intermediateCa.cer
6) After this configuration we used weblogic admin module to configure Keystore and SSL.
7) For KeyStore tab in weblogic admin module, we have select option “Custom Identity And Custom Trust” provided following details under Identity and Trust columns:-
Private key alias: mykey2
PassKeyphrase: webconkeystorepassword
Location of keystore: location of webconkeystore.jks file on server
8) For SSL tab in weblogic admin module, we have select option “KeyStores” for “Identity and Trust locations”.
9) After this we have restarted the server, but it is giving following error on console as shown below:
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias privateKey from the JKS keystore file /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks.>
<Alert> <Security> <BEA-090716> <Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Error> <WebLogicServer> <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer>
<Emergency> <Security> <BEA-090034> <Not listening for SSL, java.io.IOException: Failed to retrieve identity key/certificate from keystore /home/cedera/bea9.0/weblogic90/server/lib/webconkeystore1.jks under alias privateKey on server AdminServer.>
<Emergency> <Security> <BEA-090087> <Server failed to bind to the configured Admin port. The port may already be used by another process.>
Please let me know if I am missing anything
Please help me to checkout and resolve this issue.Thankx for ur interest and reply.
It says meyKey2 is type "keyEntry" not privateKeyEntry..but i hv followed steps which were mentioned.
To give you details , I have executed listing command and appended its output below:
Please find output of following command
keytool -list -v -keystore webconkeystore.jks -storepass webconkeystorepassword >> output.txt
contents of output.txt is
Keystore type: jks
Keystore provider: SUN
Your keystore contains 5 entries
Alias name: intermediateca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Alias name: rootca
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey2
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 3
Certificate[1]:
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=TechProcess, L=Mumbai, ST=Maharashtra, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 232d382baddef6a3734984950d3505dc
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: F2:28:41:DB:58:F4:5B:F4:9E:14:A4:D1:C6:9A:54:FB
SHA1: 39:87:00:98:45:D3:30:C9:58:0D:A5:30:73:9B:10:19:B9:77:D0:F7
Certificate[2]:
Owner: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 7e3bb784bbc654abd2b8d677ecc394a8
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Mon Apr 01 05:29:59 IST 2019
Certificate fingerprints:
MD5: 71:13:D9:3A:CD:21:F2:EE:9F:59:17:8D:A6:F9:AE:14
SHA1: BE:D1:D1:4E:25:A7:94:36:83:9E:4B:A7:CD:84:48:96:B7:0A:7F:B0
Certificate[3]:
Owner: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Trial Secure Server Root CA - G2, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 168164a428ca12dfab12f19fb1b93554
Valid from: Wed Apr 01 05:30:00 IST 2009 until: Sun Apr 01 05:29:59 IST 2029
Certificate fingerprints:
MD5: E0:19:F5:FC:C0:9A:13:0E:38:B7:BF:0D:02:40:D3:C2
SHA1: 51:51:B8:63:8A:4C:1F:15:54:56:ED:37:C9:10:35:CA:D3:01:B9:36
Alias name: mykey1
Creation date: Nov 3, 2009
Entry type: trustedCertEntry
Owner: CN=linuxbox04, OU=Terms of use at www.verisign.com/cps/testca (c)05, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=VeriSign Trial Secure Server CA - G2, OU=Terms of use at https://www.verisign.com/cps/testca (c)09, OU="For Test Purposes Only. No assurances.", O="VeriSign, Inc.", C=US
Serial number: 353710f6c067ba67988004f2080eb4ac
Valid from: Tue Nov 03 05:30:00 IST 2009 until: Wed Nov 18 05:29:59 IST 2009
Certificate fingerprints:
MD5: 3C:C7:B1:DB:BB:A6:60:34:08:31:88:90:AE:EE:CB:7B
SHA1: 69:63:20:CB:BC:93:89:88:19:1F:37:C0:A3:EE:E5:50:5A:29:39:DA
Alias name: mykey
Creation date: Nov 3, 2009
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Issuer: CN=linuxbox04, OU=Tech, O=Techprocess, L=Mumbai, ST=MH, C=IN
Serial number: 4aefbcd1
Valid from: Tue Nov 03 10:47:05 IST 2009 until: Mon Feb 01 10:47:05 IST 2010
Certificate fingerprints:
MD5: 51:E7:52:7A:AA:1A:F6:E1:72:3C:BE:EF:D7:BF:92:85
SHA1: F3:7C:D2:18:2C:75:9D:A5:70:28:1F:3C:90:93:B9:E4:1F:57:3B:DC
Edited by: user1685139 on Nov 4, 2009 3:55 PM -
Keystore access in Java Mapping Program - user J2EE_GUEST
Dear Gurus,
I have the following problem:
I need to validate the digital signature of a XML document and I'm using some examples provided by SAP as follows:
InitialContext ctx = ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
KeyStore ks = manager.getKeystore("Serasa");
{/code}
But I get the error below, saying that user J2EE_GUEST is not authorized. How do I change the user who executes java mapping, because I granted permissions in Visual Admin to another user.
at com.sap.aii.ibrun.sbeans.mapping.MappingServiceObjectImpl0_0.processFunction(MappingServiceObjectImpl0_0.java:131)
at sun.reflect.GeneratedMethodAccessor267.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:62)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.sap.engine.services.ejb.session.stateless_sp5.ObjectStubProxyImpl.invoke(ObjectStubProxyImpl.java:187)
at $Proxy218.processFunction(Unknown Source)
at sun.reflect.GeneratedMethodAccessor266.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:62)
at java.lang.reflect.Method.invoke(Method.java:391)
at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.call(RFCDefaultRequestHandler.java:284)
at com.sap.engine.services.rfcengine.RFCDefaultRequestHandler.handleRequest(RFCDefaultRequestHandler.java:219)
at com.sap.engine.services.rfcengine.RFCJCOServer$J2EEApplicationRunnable.run(RFCJCOServer.java:254)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.sap.engine.services.keystore.exceptions.BaseKeystoreException: User is not authorized to execute keystore operation[{GET_VIEW Serasa }]
at com.sap.engine.services.keystore.impl.security.UserBasedSecurityConnector.checkUserPermission(UserBasedSecurityConnector.java:889)
at com.sap.engine.services.keystore.impl.security.SecurityRestrictionsChecker.checkUserPermission(SecurityRestrictionsChecker.java:52)
at com.sap.engine.services.keystore.impl.security.SecurityRestrictionsChecker.isUserAuthorized(SecurityRestrictionsChecker.java:148)
at com.sap.engine.services.keystore.impl.security.SecurityRestrictionsChecker.checkPermission(SecurityRestrictionsChecker.java:174)
at com.sap.engine.services.keystore.impl.ParameterChecker.checkPermission(ParameterChecker.java:35)
at com.sap.engine.services.keystore.impl.KeystoreManagerImpl.checkPermission(KeystoreManagerImpl.java:46)
... 28 more
Caused by: java.security.KeyStoreException: (thread: SAPEngine_Application_Thread[impl:3]_56,view:Serasa, entry: , user: J2EE_GUEST) - checkPermissions 'getView': com.sap.engine.services.security.exceptions.BaseSecurityException: Caller not authorized.
at com.sap.engine.services.keystore.impl.security.UserBasedSecurityConnector.checkFailed(UserBasedSecurityConnector.java:1097)
at com.sap.engine.services.keystore.impl.security.UserBasedSecurityConnector.checkPermissions_getView(UserBasedSecurityConnector.java:773)
at com.sap.engine.services.keystore.impl.security.UserBasedSecurityConnector.checkUserPermission(UserBasedSecurityConnector.java:823)
... 33 more
{/code}
Thank you very muchHi Fabio,
first of all have you checked if standard functions to verify digital signature for pi adpaters would work for you?
We have used the following code to access the Keystore in a custom adapter. It accesses the keystore with the access rights of a JEE application (it has a reference to the sample adapter "sap.com/com.sap.aii.adapter.sample.ra"). Check out if it works in your mapping, too.
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.util.HashMap;
import java.util.Map;
import javax.resource.ResourceException;
import com.sap.aii.af.service.resource.SAPSecurityResources;
import com.sap.aii.security.lib.KeyStoreManager;
import com.sap.aii.security.lib.PermissionMode;
public class XIKeystoreAccessor {
private static final XITrace TRACE = new XITrace(XIKeystoreAccessor.class.getName());
static XIKeystoreAccessor instance = null;
SAPSecurityResources securityResources;
KeyStoreManager keystoreManager;
Map<String, KeyStore> keystores = null;
private XIKeystoreAccessor() throws ResourceException {
final String SIGNATURE = "XIKeystoreAccessor()";
TRACE.entering(SIGNATURE);
keystores = new HashMap<String, KeyStore>();
securityResources = SAPSecurityResources.getInstance();
try {
keystoreManager = securityResources.getKeyStoreManager(PermissionMode.SYSTEM_LEVEL,
new String[] { "sap.com/com.sap.aii.adapter.sample.ra" });
} catch (KeyStoreException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
TRACE.exiting(SIGNATURE);
* Get a key from AS Java keystore
* @param view
* @param alias
* @param password
* @return
* @throws ResourceException
public Key getPrivateKey(String view, String alias, String password) throws ResourceException {
final String SIGNATURE = "getPrivateKey()";
TRACE.entering(SIGNATURE);
KeyStore keystore = getKeystore(view);
Key privateKey = null;
try {
privateKey = keystore.getKey(alias, password.toCharArray());
if (privateKey == null) {
throw new ResourceException("Key not found. alias=" + alias);
} catch (KeyStoreException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
} catch (NoSuchAlgorithmException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
} catch (UnrecoverableKeyException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
TRACE.exiting(SIGNATURE);
return privateKey;
public PublicKey getPublicKey(String view, String alias) throws ResourceException {
final String SIGNATURE = "getPublicKey()";
TRACE.entering(SIGNATURE);
KeyStore keystore = getKeystore(view);
PublicKey publicKey = null;
try {
publicKey = keystore.getCertificate(alias).getPublicKey();
if (publicKey == null) {
throw new ResourceException("Key not found. alias=" + alias);
} catch (KeyStoreException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
TRACE.exiting(SIGNATURE);
return publicKey;
* Get a keystore i.e. a view from AS Java
* @param view
* @return
* @throws ResourceException
public KeyStore getKeystore(String view) throws ResourceException {
final String SIGNATURE = "getKeystore()";
TRACE.entering(SIGNATURE);
KeyStore keystore;
try {
if (keystores.containsKey(view) == true) {
keystore = keystores.get(view);
} else {
keystore = keystoreManager.getKeyStore(view);
if (keystore == null) {
throw new ResourceException("Keystore not found. view=" + view);
keystores.put(view, keystore);
TRACE.exiting(SIGNATURE);
return keystore;
} catch (KeyStoreException e) {
TRACE.catching(SIGNATURE, e);
throw new ResourceException(e);
static public XIKeystoreAccessor getInstance() throws ResourceException {
if (instance == null) {
instance = new XIKeystoreAccessor();
return instance; -
How to use JKS-based Keystore in Oracle SOA 11g
I am trying to do FTPS on third party remote server(with UNIX OS) using SOA 11g FTP Adapter. I have Installed and Configured vsftpd and generated vsftpd.pem certificate file on remote server.
Followed the steps mentioned in http://download.oracle.com/docs/cd/E17904_01/integration.1111/e10231/adptr_file.htm#CIABDGCF
In one of the step "Setting Up the Oracle FTP Adapter" walletLocation is required, then I went through steps mentioned in http://download.oracle.com/docs/cd/E17904_01/core.1111/e10105/wallets.htm#CHDGIJDC
Tried to use both 1) JKS Keystore Management 2) Wallet Management
But unable to find both of them in em of Oracle SOA 11g as the steps are not matching.
Can anyone tell me how to use JKS Keystore Management or Wallet Management ?
Many Thanks!!
Regards
YogeshHi Yogesh,
I believe the wallet can be created from the FMW console only if the HTTP server is installed and available. If there is no Oracle HTTP server, please configure one as given under.
[ http://download.oracle.com/docs/cd/E12839_01/doc.1111/e14260/toc.htm | Oracle HTTP Server Installation ]
Reards,
Neeraj Sehgal
Maybe you are looking for
-
Upgrade to itunes 7.6 now error "network connection timed out"
Upgrade to itunes 7.6 now error "network connection timed out" when i try to connect to itunes store and podcast
-
System copy for ECC 6.0 system no j2ee process under MMC
Dear support, This has been observed in many of our clients system which are on ECC 6.0 abap+java system, that after we perform system copy from one system to another whether it is Oracle platform or mssql server platform ( system copy for oracle usi
-
Pllleeaasse help! Since loading SL and Office 2008 I have had no end of problems with this iMAC. It crashes. wont empty pen drives, and Word closes its self so often its driving me nutts. Now I am not particularly techy but I have tried to look for a
-
Somehow I lost my iphoto program, still have all my pictures in "all images". How can I download again, i photo 9?
-
Importing InDesign IDML results in blank chapter
I'm trying to import content into iBooks Author from InDesign. Apple's documentation says to export the InDesign document as an IDML file, then in iBooks Author go to Insert > Insert Chapter From... > InDesign File(IDML). However, when I try this, th