Open certificate from browser keystore

dear all
i my application need to open certificate from windows key store to show the user. i can open certificate in .cer file using .exec("cmd .cer file name"). but i don't know how to open a certificate in keystore(say "Windows-MY").
thanks for ur help.

Sorry I'm not a Windoze user, but maybe you can look at this MS document to see if any of these tools suit your need.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dscj_mcs_ooiy.mspx?mfr=true

Similar Messages

  • Applet does not get client certificate from browser (Firefox, IE7)

    I'm writing a web service which runs Tomcat through Apache. One critical requirement is that the service be able to invoke certain device drivers on the end user's machine. Fortunately, there is a Java API for this, so this requirement can be fulfilled using an applet.
    Here's the problem. This is a B2B application, so we're using SSL and requiring client authentication. I'm no web security guru, but I managed to get SSL set up through Apache (with a self-signed certificate for now; we'll get a real one from a real CA when we're ready to go to production). I also managed to set up client authentication by creating my own CA and generating a client certificate, which I then copied to my test client (Win XPSP2) and imported into both Firefox (2.0.0.15) and IE (6.0.2900). The applet is signed with a real certificate, and that causes no problems. And all of the pages for my web service work as expected.
    All except one. The page which is supposed to load the applet pops a dialog stating 'Identification required. Please select certificate to be used for authentication', and presents a list of zero certificates.
    Actually, I get this dialog in Firefox on my XPSP2 box, and also when I test on a Vista Home Premium box running IE 7.0.6000. Puzzlingly, this behavior does NOT occur on my XPSP2 box when running through IE 6.0. It seems that with XPSP2 and IE 6.0, the JVM can manage to obtain the required client certificate from the browser and pass it along to Apache, but the JVM can't do this when running in Firefox or in IE 7.0 on Vista.
    I have gone to the Java Control Panel and verified that the 'Use certificates and keys in browser keystore' option is selected on both boxes.
    I've done a fair amount of research for this (including in this forum) and see that this appears to be a chronic difficulty with applets. What makes it worse is that I don't think I can use the standard workaround, which is to download the applet from a different host/virtual host, because the applet needs to communicate with the web service. Since we have the additional layer of Tomcat container-managed user authentication, the applet needs to be communicating with the server using the same session token as everything else.
    So at this point, I'm stuck. Does anyone know a solution to this problem? Two thoughts (I'm reaching at straws here):
    1) I have the certificate imported in both Firefox and IE as a 'personal' certificate. Is there someplace else I can put it so the JVM will know how to find it? A rather old thread in this forum mentioned something about setting properties in the Java Control Panel, but I see no place in the JCP to specify such properties, so I'm guessing that solution is no longer operative.
    2) I'm using a trick I found on the internet to make the applet load cleanly with both Firefox and IE, namely, I'm using the <OBJECT> tag to specify the applet class and codebase for IE, and then using <COMMENT><EMBED ... /></COMMENT> within the <OBJECT> declaration to specify the information for Firefox. Is there some other way of doing the markup that will give the JVM a hint that it should get a certificate from the browser?
    BTW . . . I would hate to drop support for Firefox, but if someone has an IE-only solution, I'll take it. Unfortunately, I reckon a Firefox-only solution would not fly.
    Thanks all.

    My applet is also signed by a valid certificate. The question of whether the applet is signed/self-signed/unsigned >isn't an issue --- I just wanted you to make sure the Applet runs because it is a know valid Java2 Applet that is 100% signed properly and verified to run.
    This eliminates the possibility that it is a JVM issue. However after reading your message further I am afraid
    it is not relevant to your issue.
    due to the client authentication, my browser (Firefox, IE7) refuses to even download the applet.
    I went to your site, and I can see your applet in both Firefox and IE6. However, I don't believe your site is set up >quite like mine, because it appears I can run your applet whether I have imported your X509 certificate or not. What I >did was:If that is true we are all dead :) No I think you just missed the cert in the IE databse. It doesn't have to be in the
    Applet database to function. Surprise!
    Check your IE/tools/internet options/content tab/certificates/trusted root certification authorities.
    I then opened the Java control panel and verified that the certificate isn't listed there, either. So unless the certificate >is being cached/read from some other location (which could be, this certificate stuff is largely black magic to me), >then your server isn't requiring client authentication, either accidentally or by design.No HyperView is a valid java2 Applet and actually writes to a file "hyperview.dat" though it is probably empty.
    If you click on a component in the view and then on the view and type "dumpgobs" it shoud write out some data about the current graphics objects so you can see it has complete read/write access..
    Further it opens up a complete NIO server ands starts listening for connections on a random port
    (Echoed in your java console) You can connect to it with telnet and watch impressive ping messages all day :)
    This all goes back to a few years BTW back before there was a plugin and there was only Netscape & IE.
    There are actually 2 certificate databases and what loads where depends on which type of cert you are using. Now self signed or not doesn't matter but what does matter is the type of certificate. IE: is it RSA/DSA/Sha1
    etc. The Netscape DB was a Berkley DB and MS used whatever they use. The Cert is a DSA/Sha1 cert
    which I like the best ATM as it (X fingers it stays so) always has worked.
    Sadly that tidbit doesn't help you either I am afraid.
    What I'm trying to do is require client authentication through Apache by including the following markup in a virtual >host definition:
    SSLCACertificateFile D:/Certificates/ca.crt
    SSLVerifyClient require
    SSLVerifyDepth 1You got me there I avoid markup at all costs and only code in C java and assembler :)
    Now unless I am wrong I think you are saying that you want the Applet to push the certificate to the server
    automatically and I don't think this happens. Least I have never heard of this happening from an Applet automatically.
    On my client machine, I have a certificate which was generated using OpenSSL and the ca.crt file listed. Testing >shows that the server is requiring a certificate from the client, and the web browser is always providing it.
    The problem is that when the browser fires up the Java plugin to run an applet, there is not sufficient communication >between the browser and the plugin so that the plugin can obtain the certificate from the browser and provide it to >the server.
    So the server refuses to send the applet bytecode to the JVM, and we're stuck.In terms of implementation ease I think you may have the cart before the horse because I think it would be far easier to run an Applet in the first place to do the authentication, and then send, for example, a jar file to bootstrap and run
    (or some classes) in the event the connection is valid. Then again one never knows it all and there may be some classes which enables the plugin as you wish. I have never heard of this being done with the plugin the way you suggest.
    I am thinking maybe there is another method of doing this I do not know.
    Did you try pushing the cert via JavaScript/LIveConnect?? That way it could run before the Applet and do the authentication.
    Maybe someone else has other ideas; did you try the security forum??
    Sorry but I am afraid that is not much help.
    I did snarf this tidbit which may have some relevance
    The current fix for this bug in Mantis and 1.4.1_02 is using JSSE API, Here are the step:
    In Java control panel, Advanced tab -> Java Runtime Parameters, specify:
    -Djavax.net.ssl.keyStore=<name and path to client keystore file>
    -Djavax.net.ssl.keyStorePassword=<password to access this client keystore file>
    If it is a PKCS12 format keystore, specify:
    -Djavax.net.ssl.keyStoreType=PKCS12
    In our future JRE release 1.5, we will create our own client authentication keystore file for JPI and use that for client authentication, for detail info, please see RFE 4797512.
    Dennis
    Posted Date : 2005-07-28 19:55:50.0Good Luck!
    Sincerely:
    (T)
    Edited by: tswain on 23-Jul-2008 10:07 AM

  • How to remove a certificate from JVM keystore ?

    I want to remove a certificate from JVM cacerts.
    I know its alias is quacert and password is quadra
    How do I remove this cert from JVM cacerts ?
    Whats the correct flag need to use with keytool to remove a certificate by its alias name ?

    sabre150 wrote:
    Err ... does 'keytool -h' not tell you how to do this?There is no "keytool -h"
    I find this though ..
    user@box1:~$ keytool -h
    Illegal option: -h
    Try keytool -help
    user@box1:~$ keytool -help
    keytool usage:
    -delete [-v] [-protected] -alias <alias>
    [-keystore <keystore>] [-storepass <storepass>]
    [-storetype <storetype>] [-providername <name>]
    [-providerclass <provider_class_name> [-providerarg <arg>]] ...
    [-providerpath <pathlist>]
    I think I need these ...
    [-storepass <storepass>]
    and
    [-keystore <keystore>]
    What is square bracket and nested angular bracket doing here ? I dont understand this notation. How do I put values for this type of notation ?

  • Applet won't get client certificate from browser

    Hi,
    We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
    I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
    This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
    Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
    Thanks for any pointers or suggestions you might have.
    JpGuy

    Hi,
    We have an applet that runs fine as long as we don't have the web server require a client certificate. This applet runs inside a protected Intranet with a standard client JRE version 1.4.2 The rules of the intranet state that client certificates are required. So we registered our certificates with the JRE plug in in the browser and NaDa...
    I have read all sorts of things out there on the web that says the end user must register a personal Keystore and then we must code the applet to look into the end user's keystore for the certificate and the user must type in their personal password for the keystore into some sort of a form for the applet to read the keystore certificate.
    This sounds illogical and I strongly suspect that I am mis-interpreting what is being said...
    Can anyone help me understand what I am missing? (or perhaps point to a tutorial that has some better info in it...) I have looked at the Sun Java tutorial for applets didn't see any specific info regarding this type of problem- solution.
    Thanks for any pointers or suggestions you might have.
    JpGuy

  • Opening PDF from browser gets black page with white message box containing question mark in blue circle and an OK box that does nothing

    Both reader XI and acrobat pro 9 installed on computer.  Same error in both IE and Chrome.  Using 'save as' the document can be saved to desk top and opened from there.  There is a little flicker as if the document tried to open when black page first appears.

  • I can't see all my open tabs from browser 1 in browser 2

    I expected that one the first computer I leave my session, and after the sync on the second computer I will see the same state. I also expected that if I open 1 new and close 1 old tab on the second one, going back to the first computer I will see the changes there.
    Instead what happens: I have around 800 tabs open in firefox on computer1.
    After sync, on computer2 I can open a list called Tabs from other computers, this contains only 82 of the 800. I can't find the rest.
    Also if I open one of this 82 and then close it, this does not sync back at all.

    When you have more than 10 tabs open a double arrow appears in the farthest right tab. It looks like this >>
    Tab that double arrow to see a drop down menu of the remaining open tabs. You can select one from that menu.

  • Sing text with certificate from Firefox keystore

    Hi,
    I need to sign a text with a certificate stored in Firefox keystore using an applet (online signature). Has someone achieved this before?
    Thanks in advance.

    http://finger-in-the-eye.blogspot.com/2007/03/cmo-acceder-al-keystore-de-firefox-con.html

  • Get certificate from the browser

    Hi friends!,
    I am working with an application to get files from the client machine, to sign those files with the client's certificate and send those sign to the server.
    The application get the client's certificate from a key store, but I want the applet will get the certificate from the browser.
    Is that possible?.
    Thanks and sorry for my little english. Greetings from Venezuela.

    If all you're looking for is Client SSL Authentication, then you don't need to access the digital certificates through an applet; just enable ClientAuth on your web-server and let the browser handle it for you. While I haven't tried this with Chrome, Safari or Opera, I know for a fact that this works on Firefox and IE.
    If you're trying to access the digital certificates/keys in the browser-keystore for digitally signing some content that the applet creates, you're going to have far more difficulty. About 10-12 years ago, Netscape provided an API that allowed you to digitally sign text-content through JavaScript. That died a quiet death, I think, since I don't know of anyone who used that capability (outside of test environments).
    Years later, Mozilla added the ability to digitally sign XML content using XForms; there is even an add-on for Thunderbird (which uses the same libraries as Firefox for PKCS work): https://addons.mozilla.org/en-US/thunderbird/addon/4522/.
    However, to the best of my knowledge, the only way you can get an applet to access the borwser's keystore today is to have the security policy on the client-machine modified to provide access to the local file-system, and the applet then pretty much deals with the keystore and its objects through JCE.
    But, if I'm reading your post correctly, I think all you're looking for is SSL ClientAuth, for which you don't need to do anything other than enable it on your web-server that hosts the applets, and let the browser do the heavy lifting.
    Arshad Noor
    StrongAuth, Inc.

  • Open URL from Java in a new browser tab

    Hi OTN,
    Surprisingly can't find the implimintation.
    In an ADF managed bean I retrieve String url. I need to open a new browser tab with this url.
    Found this thread Open a url in a new window in the backing bean which shows using javascript "service.addScript(facesContext, "window.open(http://www.google.coml)");".
    But in my case in doesn't work. The code is executed, but nothing happens. Maybe because the bean is called from a taskflow inline popup.
    ADF 11.1.1.4
    Thanks.

    Well, I'm afraid that is not an option.
    The goButton is in a table row. There are lots of rows so if I use EL for Destination attribute the URL would be retrieved for each of rows.
    The method of URL retreiving is heavyweight operation which includes calling plsql functions, working with strings and others. So if I do it for each table row my application hungs and then I receive an exception of CPU usage.
    That's why I switched to normal commandButton witch actionListener which retrieves url on click - only once. So I need to open URL from Java.

  • How to open a new browser window without toolbar, location, and menu bars from AIR?

    I have the following problem in my Flex+AIR application. I need to embed an ActiveX component that has JavaScript API inside my application. I tried to embed it inside <mx:HTML> component but unfortunately, AIR doesnot support plug-ins or ActiveX controls. So I've decided to open it in a new browser window. I tried navigateToURL(...) method but it has two problems - it is opening a new tab in the existing browser window and there is no way for me to configure the new browser window appearance, like removing toolbar, menu bar, location bar, etc. Then I tried to open a new window from JavaScript running inside <mx:HTML> component using window.open(...) API but it doesn't open a new window at all.
    Is there any way for me to open a new browser window without toolbar, location bar, etc. (which will run ActiveX control, so it cannot be AIR window) from inside AIR?
    Best regards,
    Arkady.

    Is it possible to open a new browser window using JSP?a JSP page is also an HTML page, this is client side stuff, you can do it with JavaScript.

  • How to open a new browser window from a JSP page?

    Hi,
    I am picking up records from the database and displaying each record in a seperate text area field using the JSP code. I should be able to display the content ( available in the text area) in a seperate window if the user clicks on one icon.
    Is it possible to open a new browser window using JSP? If yes, how can I write information on the new browser window?
    Thanks in advance.

    Is it possible to open a new browser window using JSP?a JSP page is also an HTML page, this is client side stuff, you can do it with JavaScript.

  • How can I stop Firefox from opening (to "File Not Found") when opening my Opera browser?

    Ever since I installed Opera 10.61 on my new computer (Windows 7 Ultimate operating system), whenever I open Opera, Firefox opens one second later with the following error message:
    '''File not found '''
    Firefox can't find the file at /C:/Users/Nasheed/AppData/Local/Opera/Opera/temporary_downloads/client-en.xml.
    * Check the file name for capitalization or other typing errors.
    * Check to see if the file was moved, renamed or deleted.
    TRY AGAIN.
    <nowiki>****************************************************</nowiki><br />
    This happens EVERY TIME I OPEN THE OPERA BROWSER. How can I stop this from happening? I'm stumped.
    [EXTRA INFO - I was unable to enable Firefox to access my previous profile on the new computer (despite putting the old profile in the appropriate Mozilla Firefox folder. So, there are now two profiles in that location.
    After reading the answer to another forum member's question, I attempted to resolve the problem using Profile Manager, but I was unable to locate the Profile Manager. The Windows "Search" feature is not enabled on my new computer (nor can it be enabled from the Customize Start Menu options).]

    Thank you for your response, Cor-el.
    I had Opera set as my default browser since this began happening. I changed my default browser back to Firefox mainly because having Firefox open one or two seconds every time I open Opera was/is such a nuisance.
    I believe this problem began because I attempted to manually transfer the files from my old computer to the new one (via the backed up files in my external drive). I was unfamiliar with Windows 7 when I did this. Microsoft changed the file set up from what I had been used to in Windows XP. I used XP for six years before being exposed to Windows 7 (I never had Vista).
    I'm almost sure this problem has something to do with where I placed the application data when I was trying to reestablish the program set up on the new computer.

  • Since upgrading to v 4.01 I am unable to print from a .pdf opened in the browser. How can I fix this?

    Since upgrading to v 4.01 I am unable to print from a .pdf opened in the browser. How can I fix this?
    I can save the page, open in Adobe Reader and print. When in the browser the File - Print command does nothing. Printer screen does not open.
    Windows XP, all updates installed.

    Hi,
    One thing to slow it down: low ink. Please check ink cartridges and replace if required.
    Regards.
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • I opened a file on my desktop that I don't remember putting there.  It turned out to be a keychain certificate from a client of ours.  Does this mean that they were spying on me?  What is the deal with that?  Any ideas?

    I opened a file on my desktop that I don't remember putting there. We use many photos and I thought it was a photo file I was looking for. It turned out to be a keychain certificate from a client of ours.  Does this mean that they were spying on me?  What is the deal with that?  Any ideas?

    Interesting tid bit.  I created an AAC of the original file, deleted the original MP3 from my library and also deleted the Clean matched track from the icloud.
    Result is that it matched with the explicit version of Mrs. Officer this time.
    What I am curious about is which songs this is happening for. I've went thru a few batched of about 500 songs at a time and redownloaded in 256k for many tracks. Sadly we don't have people to bring this to our attention and I have so much music that it's impossible to go thru every song to make sure I am getting the right version.

  • InfoPath form opens in the browser instead of InfoPath Filler when a link is clicked from the Approval Task email

    I have an admin approved InfoPath 2010 form that is web enabled. It is published to a SharePoint 2010 Forms library and an Approval Workflow is attached to it.
    The form needs to open up in the InfoPath Filler with the Workflow Task bar at the top so users can approve the task from within the form and not go to Tasks list to do so.
    Here's a problem I am experiencing: sometimes the form opens in InfoPath Filler and sometiems it opens in the browser when the link to approve the form is clicked form the email that is sent by the workflow.
    Windows 7, IE 9, MS Office 2010:
    The form opens up in InfoPath filler like it supposed to. The Workflow task bar is there for users to approve the form.
    Surface Pro with Windows 8.1, IE 11 and MS Office 2013
    The form opens up in the browser and there is no Workflow task bar at the top.
    Things that I've already looked at and tried which didn't solve the issue:
    - The forms library is exclusivly set to open documents/forms in the Client Application
    - Set the browser compatibility mode in IE 11, that doesn't work too well, because you have to do it every time you open the browser.
    - Setting browser compatility in IE 11 reintroduced another issue, of multiple login promts, which was fixed by entering the SharePoint site in question into the Trusted sites by a group policy. Adding the site to trusted sites made the forms open up in the
    browser.
    - Researched compatibility issues with InfoPath and Windows 8.1, cannot find anything.
    - Researched compatibility issues with InfoPath 2010, Windows 8.1 and SharePoint 2010, also didn't find anything.
    Can someone offer a suggestion on how to fix this problem, preferably with no code, because we are not allowed to put custom code on the server?
    I need to force InfoPath form to open in InfoPath Filler when the link to the form is clicked from the Workflow email. Also the login prompts should not pop up. Need it to work on all the platforms: Windows 7, and Surface Pro Windows 8.1.
    Thank you.

    Hi,
    Thank you for your response.
    [Steps about how to capture the capture the fiddler log]
    ===========================================
    1. Download fiddler from
    http://fiddler2.com/
    2. Install fiddler and launch fiddler.
    3. When the fiddler be launched, the log will be enabled automatically.
    4. You can click “X” to remove all the records before you reproduce the issue.
    5. If the web site has been configured to https. Please enable https option:
                 Click “Tools” -> “Fiddler Options”            
    Switch to HTTPS tab, then check “Capture HTTPS CONNECTs” and “Decrypt HTTPS traffic”.
    6. Then repro the issue.
    7. Click “File”->”Capture Traffic”, uncheck the Option “Capture Traffic” to make sure the “
    ” is not shown, that mean the logs has been stopped.
    8. Click “File”->”Save” ->”All sessions”, save the file.
    Any quesitons, please let me know.
    Best Regards,
    Dats Luo

Maybe you are looking for

  • F-28 BAPI

    Dear all, Im looking for BAPI to post incoming payment for TCode F-28. Do you know there is any? Please comment. Thanks in advance.

  • IOS7 Bug: Why is that i can only making an call works from notification area without unlocking the Phone using the passcode

    Hi, After upgrading to iOS7, I was asked by the system to set an passcode. When i try to swipe from the notification area, it navigates me to the passcode lock screen which is expected but the same behaviour is not shown for a call - when i swipe fro

  • ALE: Org unit name not in first field

    Hi All, We are maintaining our CRM org structure from R/3 and are getting close to implementing our system and have come accross a problem. When the BP is created (in CRM) for the Org units it puts the code of the org unit in the first line of the 'N

  • Fact table loading

    Hi all, We have two dimensions and one fact table as Dim 1 Geography Dim2 consumer geo_id town cons_id cons_name geo_id G1 ABC C1 A1 G1 G2 DEF C2 B1 G2 G3 GHI C3 C1 G2 G4 JKL C4 D1 G2 G5 MNO C5 E1 G1 C6 F1 G1 Fact FACT1 FACTI_ID GEO_ID CONS_ID F1 G1

  • CS5.5 to CS6

    I saw that I can upgrade from CS5.5 Web & Design to CS6 Web & Design, but how do I actually do that?