KeystoreException : Cannot overwrite own certificate

Similar Messages

• Java.security.KeyStoreException: Cannot store non-PrivateKeys

  I have been getting this exception:
  Exception in thread "main" java.security.KeyStoreException: Cannot store non-PrivateKeys
       at sun.security.provider.JavaKeyStore.engineSetKeyEntry(Unknown Source)
       at java.security.KeyStore.setKeyEntry(Unknown Source)
       at KeyStoreExample.encrypt(KeyStoreExample.java:89)
       at KeyStoreExample.main(KeyStoreExample.java:39)
  while running this code:
  private static void encrypt(char[] password, String plaintext)
    throws Exception
      System.out.println("Generating a TripleDES key...");
      // Create a Blowfish key
      KeyGenerator keyGenerator = KeyGenerator.getInstance("TripleDES");
      keyGenerator.init(168);
      Key key = keyGenerator.generateKey();
      System.out.println("Done generating the key.");
      // Create a cipher using that key to initialize it
      Cipher cipher = Cipher.getInstance("TripleDES/ECB/PKCS5Padding");
      cipher.init(Cipher.ENCRYPT_MODE, key);
      byte[] plaintextBytes = plaintext.getBytes();
      // Perform the actual encryption
      byte[] cipherText = cipher.doFinal(plaintextBytes);
      // Now we need to Base64-encode it for ascii display
      BASE64Encoder encoder = new BASE64Encoder();
      String output = encoder.encode(cipherText);
      System.out.println("Ciphertext: "+output);
      /* Create a keystore and place the key in it
       * We're using a jceks keystore, which is provided by Sun's JCE.
       * If you don't have the JCE installed, you can use "JKS",
       * which is the default keystore. It doesn't provide
       * the same level of protection however.
      KeyStore keyStore = KeyStore.getInstance("JKS", "SUN");
      // This initializes a blank keystore
      keyStore.load(null, null);
      // Now we add the key to the keystore, protected
      // by the password.
      keyStore.setKeyEntry("LuisTest", key, password, null);
      // Store the password to the filesystem, protected
      // by the same password.
      FileOutputStream fos = new FileOutputStream(FILENAME);
      keyStore.store(fos, password);
      fos.close();The error fires when it gets to this line
      keyStore.setKeyEntry("LuisTest", key, password, null);

  Maybe you should try defining the type of entry that
  you want stored into the KeyStore, i.e. privateKey,
  SecretKey, TrustedCertificateEntry. The setKeyEntry
  method that you're using expects a certificate chain
  to accompany the Key if it is used as a private key.
  If you don't want to use the key as one of the
  available types, perhaps you need to use the
  CertStore object as opposed to the KeyStore object.Hi,
  I've got the same exception althought I specified the type of entry. Here is my test code :
  public void createKeyStore() {
       try {
            KeyGenerator keyGen = KeyGenerator.getInstance("DES");
            SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
            keyGen.init(56, random);
            SecretKey secretKey = keyGen.generateKey();
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            char password[] = {'j', 's', 'd', '4', '9', '4' };
            // Create an empty keystore
            ks.load(null, password);
            KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(secretKey);
            ks.setEntry("symKey", skEntry, new KeyStore.PasswordProtection(password));
            // store away the keystore
            java.io.FileOutputStream fos =
                 new java.io.FileOutputStream("mystore");
            ks.store(fos, password);
            fos.close();
       } catch (NoSuchAlgorithmException nsaex) {
            nsaex.printStackTrace(System.err);
       } catch (NoSuchProviderException nspex) {
            nspex.printStackTrace(System.err);
       } catch (KeyStoreException ksex) {
            ksex.printStackTrace(System.err);
       } catch (CertificateException cex) {
            cex.printStackTrace(System.err);
       } catch (IOException ioex) {
            ioex.printStackTrace(System.err);
  } ... and what I don't understand is that the main idea of this code is taken from the Java API documentation itself. See this url for reference
  http://java.sun.com/j2se/1.5.0/docs/api/java/security/KeyStore.html

• *cannot overwrite or remove $ORACLE_HOME/rdbms/admin/externaljob.ora while

  Hi,
  I have trying to apply 10.2.0.4 patch on oracle home i.e. i am trying to upgrade my oracle software from 10.2.0.3 to 10.2.0.4
  But whil applying patch i am getting following message:
  cannot overwrite or remove $ORACLE_HOME/rdbms/admin/externaljob.ora while upgrading
  kindly help.

  This file is used for scheduling external jobs. It should be owned by root:dba and have 644 permissions. Temporarily change the owner to be oracle:dba, perform the upgrade, then change back to root:dba.
  Clarification on Externaljob.ora and Permissions (Doc ID 979186.1)
  Guide to External Jobs on 10g with dbms_scheduler e.g. scripts,batch files
  HTH
  Srini

• I have multiple devices with the same cerificate, once I have a an exception for one, FF denys access to the others. I cannot change the certificates, I need to stop FF blocking them.

  I have multiple devices with the same cerificate, once I have an exception for one, FF denys access to the others. I cannot change the certificates, I need to stop FF blocking them.
  == This happened ==
  Every time Firefox opened
  == I attempt to access a web front end on an IBM SVC device

  You can't use the same certificate more than once.
  See also [[Certificate contains the same serial number as another certificate]]

• I have 2 different accounts at the same websites. Whenever I go to that website, one of my usernames prefills the UN field and I can't access the other account. I cannot overwrite my pre-filled username. Ideas?

  I have 2 different accounts at the same websites. Whenever I go to that website, one of my two user names (always the same one) pre-fills the user-name field and I can't access the other account. The website rightfully rejects my password. I cannot overwrite my pre-filled user-name because the second I hit enter to logon, the original user-name rewrites itself into it's field. Neither of the user names is being saved by firefox anywhere in the "tools"; Options, security, advanced or privacy menu fields.
  I did notice that that website has installed a cookie onto my computer called "_rememberme" which contains the user-name that is plaguing me.
  This is a website that I access for very sensitive and important information and I must have both accounts accessible at different times.
  Thanks, Joshua
  XP, sp3; FF3.6.3
  == This happened ==
  A few times a week
  == I added the second account on this website.

  You need to clear that remember me cookie and make sure that you remove a check mark to remember you on that website.
  Tools > Options > Privacy > Cookies: "Show Cookies"
  You can disable the automatic fill of a name and password.
  See:
  http://kb.mozillazine.org/Password_only_filled_after_entering_user_name
  http://kb.mozillazine.org/signon.autofillForms
  To open the ''about:config'' page, type '''about:config''' in the location (address) bar and press the Enter key, just like you type the url of a website to open a website.
  If you see a warning then you can confirm that you want to access that page.

• MDM Exception: Key mapping value must be unique. You cannot overwrite key

  "ServerException: Key mapping value must be unique. You cannot overwrite key mapping values."
  I received such exception when code tried to manipulate Key Mappings of the record.
  error was not happen on mdm 5.5 but on 7.1 it sometimes appears.
  What is probable reason of this?
  How to resolve this ?
  Code is approximate so:
                                       String[] keys = keyMapping.getKeys();
                      if (recordKeyMapping.containsKeyMapping(remoteSystem)) {
                  recordKeyMapping.replace(remoteSystem, keys);
            else {
                 recordKeyMapping.addKeyMapping(keyMapping);
            //Persist
            targetRecord.update();
  //where methods are:
       public void replace(RemoteSystem remoteSystem, String[] keys) {
            KeyMapping keyMapping = getKeyMapping(remoteSystem);
            if (keyMapping == null) throw new IllegalArgumentException("Can't update keys: key mapping for the system '" + remoteSystem + "' is not found");
            else {
                 keyMapping.setKeys(keys);
       public void addKeyMapping(KeyMapping keyMapping) {
            RemoteSystem remoteSystem = keyMapping.getRemoteSystem();
            for(int i = 0; i < keyMapping.size(); i++) {
                 addKey(remoteSystem, (String) keyMapping.get(i));
  Edited by: Vladimir Grigoryev on Oct 5, 2010 11:26 AM

  Hello -
  I am not sure on that coding part. but is it like are you trying to retrive Key Mapping from Memory accelerator. Here this information always needs to be read from Database.
  I am sure you also maintained  the required attribute for key mapping as in Property in Console should be set as "Yes" and other relevant things properly .
  Here also go through the below link for more insight from tools perspective.
  http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/30843106-5539-2b10-75a9-da483911b0d9
  http://help.sap.com/javadocs/mdm/sp06/com/sap/mdm/data/KeyMapping.html
  It may help
  Rgds
  Deep

• I cannot display own website that has developed flash program

  hi dear support team and member of this site ;
  I am having a bit problem ,thus,
  I cannot view own website corretly via iphone safari
  I am using iphone 5 and version is 6.02  and my website is http://www.artibilisim.com  I ask to still apple does not support website that has coded flash program

  firstly thanks for quick respond ,Actually I already using dead technology but just need to When want to use banner ,you said apple never support and Adobe never developed actually this is a actual problem who have purchased mobile devices .anyway , Thanks in advance

• What do these SSL error messages mean?  How do I fix this problem? (SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT) & (SSL_ERROR_BAD_CERT_ALERT - SSL client cannot verify your certificate.)

  In my error log files for iPlanet Web server 4.1SP9 (running on Solaris) I am seeing the following errors sporadically dispersed seemingly at random throughout the day.
  Error receiving connection (SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT)
  Error receiving connection (SSL_ERROR_BAD_CERT_ALERT - SSL client cannot verify your certificate.)
  Error receiving connection (Not connected)

  Hi,
  Are you trying to install a certificate in iWS.
  When did you get this error messages ?
  For more infomartion about error codes. Please look the below link.
  http://www.mozilla.org/projects/ security/pki/nss/ref/ssl/sslerr.html
  http://knowledgebase.iplanet.com/ikb/kb/ articles/4811.html
  Regards,
  Dakshin.
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support.

• Printing my own certificate in landscape

  I have been searching for hours and can't find out how to print my own certificate in landscape mode the wdget is printing in portrait mode which in captivate is useless because 99.9% of captivate project have the width much greater than the height.
  The only way I found how to do this is by purchasing a $20 widget to print this way.
  Is there a different solution than me spending $20 to print the certificate?

  None that I know of.  If your time is worth more than $10 per hour, you'd be well advised to buy the widget by now.

• Cannot sign with certificate when packaging from descriptor and fileset - ADT

  Hi,
  I'm trying to use ADT to package my AIR 2.5 application as a native installer and use my own certificate to sign it. However, when I run the following command:
  adt -package -target native -storetype pkcs12 -storepass password -keystore certificate.p12 -keypass password -tsa none IDA-shell.exe shell-app.xml shell-0.5-RELEASE.swf classes
  it doesn't build an executable and gives the following message:
  Signing options required to package from descriptor and fileset.
  I'm just following the Adobe docs on this, so why isn't it working?
  Thx in advance

  Lisa, 
  I've tested edge with www.testocsconnectivity.com. When I enter true credentials, It responds :
  Testing remote connectivity to Microsoft Lync server through the Lync Access Edge server sip.contoso.com on port 5061 to verify user [email protected] can connect remotely.
  Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
   <label for="testSelectWizard_ctl12_ctl06_ctl03_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Couldn't sign in. Error: Error Message: Unable to establish a connection..
  Error Type: ConnectionFailureException.
  And I entered wrong credentials, it responds same result. I think there is a problem with DC? But edge can ping to DC, DC have edge A record..

• Entity with key cannot be owned by another row

  Hi All,
  I have a master detail relationship between 2 VOs using Entity level association. When I try to create details rows using createAndInitRow(), I am getting below error. The Association has composition association, cascade delete, cascade update key attributes selected
  Entity with key:oracle.jbo.Key[ XXXXXXX ] cannot be owned by another row:oracle.jbo.Key[ XXXXXXX ]
  Code -
  RowSetIterator rsi = (RowSetIterator)((ParentVORowImpl)parentCurrentRow).getChildVO();
  NameValuePairs nvp = null;
  Row row = null;
  for (ExpressionObject obj : objectList) {
  nvp = new NameValuePairs();
  nvp.setAttribute("AAA", "AAA");
  nvp.setAttribute(<Attributes>, <Attribute Values>);
  row = rsi.createAndInitRow(nvp);
  rsi.insertRow(row);
  The moment createAndInitRow is called for first item I get the error and other items does not get associated with parent properly.
  Any clue what wrong am I doing??

  Copying from [http://www.packtpub.com/oracle-application-development-framework-real-world-developers-guide/book|Oracle ADF Real World Developers Guide]
  Creating child rows in composition association
  Creating a new child row is a bit tricky when the master-child entity association
  type is composition. When you mark an association between master and child entity
  objects as composition, the framework takes the necessary steps to ensure that the
  child entity object row does not exist without the master entity row. If you try to
  create a new child row by calling createRow() on the view object, the framework
  will throw the oracle.jbo.InvalidOwnerException: JBO-25030: Failed to
  find or invalidate owning entity exception.
  There are two possible ways to create child entity rows in this case:
  • Find the master row by using findByKey() or calling executeQuery() with
  a proper condition and then get the RowIterator for the child collection
  by accessing the view link accessor attribute. Now you can use the child
  RowIterator to call createRow() for creating the child row. The following
  code snippet illustrates the creation of the child entity row for the
  Country-Location composition association:
  //In application module implementation class
  * This custom method defined in application module
  * creates child location rows for a master
  * country entity through accessor iterator
  public void createChildRowsThruIter() {
  //Find the parent view object
  ViewObject countries = findViewObject("Countries");
  //IN is the Key value for a specific Country row
  Key key = new Key(new Object[] { "IN" });
  //Find the country for 'IN', maxNumOfRows=1
  Row rows[] = countries.findByKey(key, 1);
  //Access the RowIterator for Location
  RowIterator locIter = (RowIterator)rows[0].
  getAttribute("LocationVO");
  //Create and init location row
  Row row = locIter.createRow();
  row.setAttribute("LocationId", 2200);
  row.setAttribute("City", "Bangalore");
  locIter.insertRow(row);
  • Alternatively, you can directly create a new row in the child view object,
  using createAndInitRow() by passing an appropriately constructed instance
  of oracle.jbo.NameValuePairs, which includes the foreign key attribute
  that provides the context for a child row. Here is an example:
  //In application module implementation class
  * This custom method defined in application module
  * creates child location rows for a master
  * country entity using createAndInitRow()
  public void createChildRowsThruNameValuePairs() {
  ViewObject locations = findViewObject("Locations");
  //Initialize Attributes and Values
  String[] attributes = new String[] { "CountryId" };
  Object[] values = new Object[] { "IN" };
  //Pass the foreign key value for Country while
  //initializing new location row
  Row locRow = locations.createAndInitRow(new
  NameValuePairs(attributes, values));
  //Set other attributes
  locRow.setAttribute("LocationId", 2200);
  locRow.setAttribute("City", "Bangalore");
  locations.insertRow(locRow);
  }

• Cannot complete the certificate chain: No trusted cert found

  Hi:
  I am currently working on a application that makes a web service call to a third party service provider. I am using weblogic 10 application server and session bean makes a call to the gateway class which in turn initiates a web service call using SSL layer. I get the following error when gateway class is trying to make a SSL connection with the third party server. I have set the keystore to be custom and java standard and both Identity key store and turst key store points to C:\bea10\jdk160_05\jre\lib\security\cacerts key store. The interesting thing is when I tried with different other URLs www.bankofamerica.com and www.freshdirect.com
  I get the same error. I am not sure why certificate validation fails even if it is a trusted CA and I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net
  Can someone shed me somelight whats going on here? I also took a look at thread Re: SSL issues tried to import the server certificates into java keystore. but nothing worked out. Appreciate your help.
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Cannot complete the certificate chain: No trusted cert found
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 0 in the chain: Serial number: 805312903
  Issuer:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Subject:C=CA, ST=Ontario, L=Toronto, O=Givex Corp., CN=*.givex.com
  Not Valid Before:Wed Nov 21 09:56:03 EST 2007
  Not Valid After:Sat Nov 20 09:56:03 EST 2010
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: Validating certificate 1 in the chain: Serial number: 1116160170
  Issuer:C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
  Subject:C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  Not Valid Before:Sun Oct 01 01:00:00 EDT 2006
  Not Valid After:Tue Nov 26 13:25:48 EST 2013
  Signature Algorithm:SHA1withRSA
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: NEW ALERT with Severity: FATAL, Type: 42
  java.lang.Exception: New alert stack
       at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: write ALERT, offset = 0, length = 2
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: close(): 16720915
  Sep 16, 2009 6:18:17 PM weblogic.diagnostics.debug.DebugLogger debug
  FINE: SSLIOContextTable.removeContext(ctx): 29310343
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220048> <A exception was thrown from the client handler sending a JAXM message.>
  <Sep 16, 2009 6:18:17 PM EDT> <Info> <WebService> <BEA-220034> <A stack trace associated with message 220048 follows:
  javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
       at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
       at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
       at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
       at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
       at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
       at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
       at com.certicom.tls.record.WriteHandler.write(Unknown Source)
       at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
       at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
       at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
       at weblogic.webservice.binding.soap.HttpClientBinding.writeToStream(HttpClientBinding.java:436)
       at weblogic.webservice.binding.soap.HttpClientBinding.send(HttpClientBinding.java:224)
       at weblogic.webservice.core.handler.ClientHandler.handleRequest(ClientHandler.java:38)
       at weblogic.webservice.core.HandlerChainImpl.handleRequest(HandlerChainImpl.java:144)
       at weblogic.webservice.core.ClientDispatcher.send(ClientDispatcher.java:235)
       at weblogic.webservice.core.ClientDispatcher.dispatch(ClientDispatcher.java:146)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:473)
       at weblogic.webservice.core.DefaultOperation.invoke(DefaultOperation.java:459)
       at weblogic.webservice.core.rpc.StubImpl._invoke(StubImpl.java:306)
       at com.freshdirect.client.TransPortType_Stub.getBalance(TransPortType_Stub.java:254)
       at com.freshdirect.payment.ejb.GivexPaymentServiceImpl.getBalance(GivexPaymentServiceImpl.java:59)
       at com.freshdirect.payment.ejb.GivexServerGateway.getBalance(GivexServerGateway.java:211)
       at com.freshdirect.payment.ejb.GivexServerGateway.main(GivexServerGateway.java:388)
  >

  I would believe java keystore should contain all valid Certificate authorities such as verisign, Secure Trust etc. The third party certificate is issued by secure trust CA which in turn issued by Entrust.net<You can list the contents of your cacerts file to see if exact matching version of the SecureTrust signer cert is present.
  You can also use a simple java program to test whether you can connect to the 2 servers that your're having issues with:
  import java.net.*;
  import java.io.*;
  public class SSL_Test {
  public static void main(String[] args) throws Exception {
  URL sslURL = new URL("https://someserver.com/someservice.wsdl");
  BufferedReader in = new BufferedReader( new InputStreamReader( sslURL.openStream()));
  String inputLine;
  while ((inputLine = in.readLine()) != null)
  System.out.println(inputLine);
  in.close();
  compile and run with something like:
  javac SSL_Test.java
  # all on one line
  java -D -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts -Djavax.net.ssl.trustStorePassword=***** -Djavax.net.debug=ssl,handshake SSL_Test
  This just tests whether your truststore can trust the server cert.

• How do I set up my own certificate authority

  I tried google on the above question, and the most recent thing I found was 7 years old. replacing the phrase used generates a lot of hits with a very poor signal to noise ratio.
  I have OpenSSL (in the cygwin distribution), which is quite recent, but frankly its documentation leaves just about everything to be desired. I found pyca, but it has no documentation at all (and it is a couple years old).
  I tried the steps appended below, but invariably the attempt to sign the certificates fails with an obscure error message about OpenSSL not finding one thing or another.
  At this stage, I just don't care whether I do this using something in the J2SDK such as keytool or OpenSSL, as long as I can get it done. Or if there is some other opensource software tool I can use, terrific. This is primarily for the purpose of securing communications within an Intranet, and secondarily for signing applets and applications distributed through WebStart. If I am not mistaken, I'll need a certificate for each of my servers. Right?
  If you know of an URL where this is well explained and illustrated, great. Give that to me.
  Otherwise, a simple illustration (or a correction of what I've appended below) would be appreciated. I believe I understand what ought to be happening. It ought to be rather simple to do, but there are these irritating and frustrating minor details getting in the way. For example, the steps I show below seem simple, but everything appears to get messed up by some of the contents of openssl.cnf in 'usr/ssl', in the cygwin directory, and there is no explanation of how to set things up for the first time you use OpenSSL within Cygwin (or on unix for that matter).
  Any assistance would be appreciated.
  Thanks,
  Ted
  ========failed attempt=====================
  # Generation of Certificate Authority(CA)
  openssl req -new -x509 -keyout cakey.pem -out cacert.pem -config /usr/ssl/openssl.cnf
  # Create server request and key
  openssl req -new -keyout server-key.pem -out server-req.pem -days 36502 -config /usr/ssl/openssl.cnf
  # Remove the passphrase from the key
  openssl rsa -in server-key.pem -out server-key.pem
  # Sign server cert
  openssl ca -policy policy_anything -out server-cert.pem -infiles server-req.pem -config /usr/ssl/openssl.cnf
  # Create client request and key
  openssl req -new -keyout client-key.pem -out client-req.pem -days 36502 -config /usr/ssl/openssl.cnf
  # Remove a passphrase from the key
  openssl rsa -in client-key.pem -out client-key.pem
  # Sign client cert
  openssl ca -policy policy_anything -out client-cert.pem -infiles client-req.pem -config /usr/ssl/openssl.cnf

  The following works for me:
  NB: Some of the output has been removed in the interests of privacy (this will not affect the outcome)
  1. Create CA key and certificate
  1.1 Create a new file called "serial" containing the value "01".
  1.2 Create an empty file "index.txt"
  1.3 Create a subdirectory "newcerts"
  1.4 Execute.... create a key for your CA
  [ben@localhost ca]$ openssl genrsa -out ca.key 2048
  Generating RSA private key, 2048 bit long modulus
  .....................................+++
  ..........................................................+++
  e is 65537 (0x10001)
  1.5 Execute... create a certificate for your own CA
  [ben@localhost ca]$ openssl req -config ./openssl.cnf -new -x509 -key ca.key -out cacert.pem -days 365
  You are about to be asked to enter information that will be incorporated
  into your certificate request.
  What you are about to enter is what is called a Distinguished Name or a DN.
  There are quite a few fields but you can leave some blank
  For some fields there will be a default value,
  If you enter '.', the field will be left blank.
  Country Name (2 letter code) [GB]:
  County or State (full name) []:
  City or town (eg, Hitchin) []:
  Organization Name (eg, company) []:
  Organizational Unit Name (eg, section) []:
  Common Name (eg, your name or your server's hostname) []:
  Email Address []:
  2. Create PK key and .csr
  2.1 Execute...
  [ben@localhost ca]$ keytool -genkey -alias PK
  Enter keystore password: password
  What is your first and last name?
  [Unknown]:
  What is the name of your organizational unit?
  [Unknown]:
  What is the name of your organization?
  [Unknown]:
  What is the name of your City or Locality?
  [Unknown]:
  What is the name of your State or Province?
  [Unknown]:
  What is the two-letter country code for this unit?
  [Unknown]:
  Is CN=, OU=, O=, L=, ST=, C=GB correct?
  [no]: yes
  Enter key password for <PK>
  (RETURN if same as keystore password):
  2.2 Create .csr
  [ben@localhost ca]$ keytool -certreq -alias PK -file PK.csr
  Enter keystore password: password
  3. Sign PK with CA cert
  [ben@localhost ca]$ openssl ca -config ./openssl.cnf -in PK.csr -out PK.pem -keyfile ca.key -days 365
  Using configuration from ./openssl.cnf
  Check that the request matches the signature
  Signature ok
  Certificate Details:
  Serial Number: 0 (0x0)
  Validity
  Not Before: Jan 5 19:48:33 2006 GMT
  Not After : Jan 5 19:48:33 2007 GMT
  Subject:
  countryName = GB
  stateOrProvinceName =
  organizationName =
  organizationalUnitName =
  commonName =
  X509v3 extensions:
  X509v3 Basic Constraints:
  CA:FALSE
  Netscape Comment:
  OpenSSL Generated Certificate
  X509v3 Subject Key Identifier:
  D6:2D:7E:71:77:9E:1A:BB:54:69:98:63:6A:6A:E2:BA:12:C4:D7:DD
  X509v3 Authority Key Identifier:
  keyid:92:7C:33:7C:EC:1D:76:C5:B8:F0:30:6D:10:12:40:E5:E7:EA:24:31
  DirName:/C=GB/ST=/L=/O=/OU=/CN=/emailAddress=
  serial:F0:D1:38:36:65:6D:71:D5
  Certificate is to be certified until Jan 5 19:48:33 2007 GMT (365 days)
  Sign the certificate? [y/n]:y
  1 out of 1 certificate requests certified, commit? [y/n]y
  Write out database with 1 new entries
  Data Base Updated
  4. Convert PK certificate into DER format
  [ben@localhost ca]$ openssl x509 -in PK.pem -out PK.der -outform DER
  5. Import CA certificate into keystores
  [ben@localhost ca]$ keytool -import -alias ca -file cacert.pem
  Enter keystore password: password
  Owner: EMAILADDRESS=, CN=, OU=, O=, L=, ST=, C=GB
  Issuer: EMAILADDRESS=, CN=, OU=, O=, L=, ST=, C=GB
  Serial number: f0d13836656d71d5
  Valid from: Thu Jan 05 19:41:09 GMT 2006 until: Fri Jan 05 19:41:09 GMT 2007
  Certificate fingerprints:
  MD5: AF:3D:8E:25:12:24:04:1F:40:70:BC:A0:9E:0E:44:84
  SHA1: B8:E8:0B:A5:86:33:21:0C:B5:3C:6E:F2:DE:7B:31:0F:59:AE:21:E4
  Trust this certificate? [no]: yes
  Certificate was added to keystore
  6. Import signed PK into keystore
  [ben@localhost ca]$ keytool -import -alias pk -file PK.der
  Enter keystore password: password
  Certificate reply was installed in keystore
  REF:
  http://www.yorku.ca/dkha/docs/jsse_cert/jsse_cert.htm
  http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca
  http://www.openssl.org/docs/apps/ca.html#
  openssl.cnf:#
  # OpenSSL example configuration file.
  # This is mostly being used for generation of certificate requests.
  # This definition stops the following lines choking if HOME isn't
  # defined.
  HOME               = .
  RANDFILE          = $ENV::HOME/.rnd
  # Extra OBJECT IDENTIFIER info:
  #oid_file          = $ENV::HOME/.oid
  oid_section          = new_oids
  # To use this configuration file with the "-extfile" option of the
  # "openssl x509" utility, name here the section containing the
  # X.509v3 extensions to use:
  # extensions          =
  # (Alternatively, use a configuration file that has only
  # X.509v3 extensions in its main [= default] section.)
  [ new_oids ]
  # We can add new OIDs in here for use by 'ca' and 'req'.
  # Add a simple OID like this:
  # testoid1=1.2.3.4
  # Or use config file substitution like this:
  # testoid2=${testoid1}.5.6
  [ ca ]
  default_ca     = CA_default          # The default ca section
  [ CA_default ]
  dir          = .               # Where everything is kept
  certs          = $dir/certs          # Where the issued certs are kept
  crl_dir          = $dir/crl          # Where the issued crl are kept
  database     = $dir/index.txt     # database index file.
  #unique_subject     = no               # Set to 'no' to allow creation of
                           # several ctificates with same subject.
  new_certs_dir     = $dir/newcerts          # default place for new certs.
  certificate     = $dir/cacert.pem      # The CA certificate
  serial          = $dir/serial           # The current serial number
  #crlnumber     = $dir/crlnumber     # the current crl number must be
                           # commented out to leave a V1 CRL
  crl          = $dir/crl.pem           # The current CRL
  private_key     = $dir/private/cakey.pem# The private key
  RANDFILE     = $dir/private/.rand     # private random number file
  x509_extensions     = usr_cert          # The extentions to add to the cert
  # Comment out the following two lines for the "traditional"
  # (and highly broken) format.
  name_opt      = ca_default          # Subject Name options
  cert_opt      = ca_default          # Certificate field options
  # Extension copying option: use with caution.
  # copy_extensions = copy
  # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
  # so this is commented out by default to leave a V1 CRL.
  # crlnumber must also be commented out to leave a V1 CRL.
  # crl_extensions     = crl_ext
  default_days     = 365               # how long to certify for
  default_crl_days= 30               # how long before next CRL
  default_md     = md5               # which md to use.
  preserve     = no               # keep passed DN ordering
  # A few difference way of specifying how similar the request should look
  # For type CA, the listed attributes must be the same, and the optional
  # and supplied fields are just that :-)
  policy          = policy_match
  # For the CA policy
  [ policy_match ]
  countryName          = match
  stateOrProvinceName     = match
  organizationName     = match
  organizationalUnitName     = optional
  commonName          = supplied
  emailAddress          = optional
  # For the 'anything' policy
  # At this point in time, you must list all acceptable 'object'
  # types.
  [ policy_anything ]
  countryName          = optional
  stateOrProvinceName     = optional
  localityName          = optional
  organizationName     = optional
  organizationalUnitName     = optional
  commonName          = supplied
  emailAddress          = optional
  [ req ]
  default_bits          = 1024
  default_keyfile      = privkey.pem
  distinguished_name     = req_distinguished_name
  attributes          = req_attributes
  x509_extensions     = v3_ca     # The extentions to add to the self signed cert
  # Passwords for private keys if not present they will be prompted for
  # input_password = secret
  # output_password = secret
  # This sets a mask for permitted string types. There are several options.
  # default: PrintableString, T61String, BMPString.
  # pkix      : PrintableString, BMPString.
  # utf8only: only UTF8Strings.
  # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
  # MASK:XXXX a literal mask value.
  # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
  # so use this option with caution!
  # we use PrintableString+UTF8String mask so if pure ASCII texts are used
  # the resulting certificates are compatible with Netscape
  string_mask = MASK:0x2002
  # req_extensions = v3_req # The extensions to add to a certificate request
  [ req_distinguished_name ]
  countryName               = Country Name (2 letter code)
  countryName_default          = GB
  countryName_min               = 2
  countryName_max               = 2
  stateOrProvinceName          = County or State (full name)
  stateOrProvinceName_default     =
  localityName               = City or town (eg, Hitchin)
  localityName_default          =
  0.organizationName          = Organization Name (eg, company)
  0.organizationName_default     =
  # we can do this but it is not needed normally :-)
  #1.organizationName          = Second Organization Name (eg, company)
  #1.organizationName_default     = World Wide Web Pty Ltd
  organizationalUnitName          = Organizational Unit Name (eg, section)
  organizationalUnitName_default     =
  commonName               = Common Name (eg, your name or your server\'s hostname)
  commonName_max               = 64
  emailAddress               = Email Address
  emailAddress_max          = 64
  # SET-ex3               = SET extension number 3
  [ req_attributes ]
  challengePassword          = A challenge password
  challengePassword_min          = 4
  challengePassword_max          = 20
  unstructuredName          = An optional company name
  [ usr_cert ]
  # These extensions are added when 'ca' signs a request.
  # This goes against PKIX guidelines but some CAs do it and some software
  # requires this to avoid interpreting an end user certificate as a CA.
  basicConstraints=CA:FALSE
  # Here are some examples of the usage of nsCertType. If it is omitted
  # the certificate can be used for anything *except* object signing.
  # This is OK for an SSL server.
  # nsCertType               = server
  # For an object signing certificate this would be used.
  # nsCertType = objsign
  # For normal client use this is typical
  # nsCertType = client, email
  # and for everything including object signing:
  # nsCertType = client, email, objsign
  # This is typical in keyUsage for a client certificate.
  # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  # This will be displayed in Netscape's comment listbox.
  nsComment               = "OpenSSL Generated Certificate"
  # PKIX recommendations harmless if included in all certificates.
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid,issuer:always
  # This stuff is for subjectAltName and issuerAltname.
  # Import the email address.
  # subjectAltName=email:copy
  # An alternative to produce certificates that aren't
  # deprecated according to PKIX.
  # subjectAltName=email:move
  # Copy subject details
  # issuerAltName=issuer:copy
  #nsCaRevocationUrl          = http://www.domain.dom/ca-crl.pem
  #nsBaseUrl
  #nsRevocationUrl
  #nsRenewalUrl
  #nsCaPolicyUrl
  #nsSslServerName
  [ v3_req ]
  # Extensions to add to a certificate request
  basicConstraints = CA:FALSE
  keyUsage = nonRepudiation, digitalSignature, keyEncipherment
  [ v3_ca ]
  # Extensions for a typical CA
  # PKIX recommendation.
  subjectKeyIdentifier=hash
  authorityKeyIdentifier=keyid:always,issuer:always
  # This is what PKIX recommends but some broken software chokes on critical
  # extensions.
  #basicConstraints = critical,CA:true
  # So we do this instead.
  basicConstraints = CA:true
  # Key usage: this is typical for a CA certificate. However since it will
  # prevent it being used as an test self-signed certificate it is best
  # left out by default.
  # keyUsage = cRLSign, keyCertSign
  # Some might want this also
  # nsCertType = sslCA, emailCA
  # Include email address in subject alt name: another PKIX recommendation
  # subjectAltName=email:copy
  # Copy issuer details
  # issuerAltName=issuer:copy
  # DER hex encoding of an extension: beware experts only!
  # obj=DER:02:03
  # Where 'obj' is a standard or added object
  # You can even override a supported extension:
  # basicConstraints= critical, DER:30:03:01:01:FF
  [ crl_ext ]
  # CRL extensions.
  # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
  # issuerAltName=issuer:copy
  authorityKeyIdentifier=keyid:always,issuer:always

• Build 141 overwrites own custom window presets!

  Hello folks,
  in this release i have recognize the following bug or bad change!
  Szenario:
  You create your own Window workaround while save it within a windowpreset. ( I use 3 Monitors, one for preview, one for timeline and one projectwindow )
  So on so good, but if you make a temporary change on it and leave the program you get this temporary change on a next program start and also if you select your own saved preset while change from standard preset to your own preset!
  This must be a bug, because in build 105 this is like all the time. You open the program and the program is opening with standard preset
  and you can select your own preset and this preset is looking like you have saved it and not like you temporary changed it. (Or it opens with your own preset while you select this as a feature, but in this term built 105 opens it correct as you have saved it! )
  So if Adobe means that this is a new feature, i must say than the complete Windowpreseting is obsolete!
  Please redo it like in build 105!
  Have anyone collect some experience with that bad feature ;-)?
  Thanks and Regards
  Guido

  I don´t know on what base you say that while in 105 and before it is also not so. In every Version you came back to your old layout or to a standart (reseted) layout! Than you can use your own and it is like on the first day as you made it and not like the last leave where temporary changed it.
  Why did you mean that it make sence, that a program overwrites your own saved layout? Than this feature makes absolutely no sense, than there is no need to have the abbility to save it, if it is any time an other.
  Why should i save a layout when it is tommorow not so same. Than i can make one for each session.
  I thought that you misunderstud that the fact of leaving the program and having the layout on the next start is not the problem, the problem is that if you choose your preset after programstart, the preset is not that that you have saved! So PLEASE tell me for what should i use an presetmanagement than???
  Thanks and Regards
  Guido

• MSN messenger error - cannot sign in - certificates

  Ok it's like this:
  Every time i try to sign in it sas either my date and time is incorrect (it is correct!) or my digital certificate is not valid.
  Now gues it's the second one, since i basicly tryed everything else and i cannot find the answer. I have two certificates in my keychain folder and i dont know if they are only ones tat should be: MicrosoftIntermediateCertificates and Lorenzo (which is my computers name)
  I am not behind proxy, i am in my company, everybody that uses winows here messenger works and i deleted messenger and the preferences and reinstall many times. SO PLZ HEEEEELP!!!

  I had exaclty the same problem. First time install and all.
  am now running aMSN avaialable on source forge.