OpenSSL cert client distro

Hello everyone,
I have recently installed OS X server one one of my machines and I am getting ready to host secure websites. I have fumbled through cmd line and GUI creation of my first SSL cert until I finally got one that worked. My question is how do I distribute the self-signed key to other users since it will not be a 'trusted' cert? Thank you for any help on this issue.

Found a solution

Similar Messages

OpenSSL certs

Had a recent install with Veisign certs thats was fun.
Therefore looking at some questions before I deploy the openssl cert for guest access.
Reading the docs it says the following
"Ensure that the host name that is used to create the certificate (Common Name) matches the Domain Name System (DNS) host name entry for the virtual interface IP on the WLC and that the name exists in the DNS as well"
However IF we use 1.1.1.1 as the usual virtual interface IP address and asscociate this with the CName in DNS it would publish this, now I am not a DNS expert but recall you can have an internal/external lookup so it woiuld be on the internal lookup?
Also in the Verisign product page it does not list the Cisco WLC as server type for SSL certs. Which should I go for?
Any help appreciated

Pete, did you get this taken care of buddy? Do you still need a hand?

TLS not working with Openssl Certs

Hi I have been struggleing with a certificate problem for about two weeks now with no joy. Almost all the forums, tutorials and examples etc. I have tried are simply not working. Without fail I get the following exception or similar:
[Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found]
Basically I know I have a valid certificate, because when I use an ldap client with just the self generated cacert.pem there are no problems and a TCP dump shows the encrypted data.
My setup is as follows I have an openLDAP server running on Debian. I generated my own certificates as per: http://www.openldap.org/faq/data/cache/185.html
All I want to do now is import these generated certs/keys with keytool, and be able to use theme with TLS.
When importing the certs via java ldap browsers they work fine, but as soon as I try use my own TLS client like the StartTLS.java sample provided by the java tutorial I get the above exception. I'm probably missing some piece of the puzzle.
Please if anyone else knows how to set this up correctly using the certs I have generated via the openldap example above I would really appreciate your help. There are alot of examples pertaining to app servers etc. but nothing I could find to talk to OpenLDAP.
regards
ed

On a similar occation i did extend the javax.net.ssl.X509TrustManager and upon generating the connecton I first did initialized the ssl context with that trust manager.
something like
SSLContext sslContext = SSLContext.getInstance("SSLv3");
MyTrustManager tm = new MyTrustManager(....);
TrustManager tms[] = {tm};
sslContext.init(null, tms, null); HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); //or on ur corresponding tls connection classdo that before getting any https connection or alike tls connections
In case that does not bring you further, post some stack trace and further settings.

ACS 5.1 - EAP-PEAP - Imported public cert - Clients still get cert error

We have ACS 5.1 up and running. Our company has a SuperCert purchsed with Thwarte so we requested a Certificate. Once we figured out the formatting we were able to successuflly get the certificate to bind to the CSR. For some reason our windows 7 users will be prompted the first time they connect with an option to terminate or continue. If they continue they are able to connect to the WLAN just fine. Our MAC users are always prompted with the cert error, even if they install the ceritificate. Unlike ACS 4.x and earlier I do not see where I can import the Root CA so we are thinking about purchasing another certificate from another public CA but who? Any thoughts are idea's would be greatly appreciated.

Hi,
Adverstisement apart, Verisign is widely used and trusted.
However, even using your current CA, you should be able to install the Root CA and the ACS cert on the client machines under the trusted CAs and then the warning should not popup anymore.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

Unable to import signed cert in keystore

Hi everybody !
I've been using keytool for years to generate client certificates that I would send to an enrollment server to get it signed by the CA.
Here is the sequence :
(1) Generating the key pair :
keytool.exe -genkey -alias client-cert -keyalg RSA -keystore keystore   (2) Extracting the certificate request :
keytool.exe -certreq -alias client-cert -file client-cert.csr -keystore keystore (3) Sending the request to the enrollment server, getting in return a signedcert.der
(4) Importing CA certificate in keystore :
keytool.exe -import -alias caroot -file ca.der -keystore keystore (5) Importing the signed client certificate in the keystore : keytool.exe -import -alias cert-client -file signedcert.der -keystore keystoreNow we'd like to use openssl to generate the CA certificate and sign the client-cert (which is still generated by keytool).
So instead of (3), we just have :
     openssl ca -config ca-sign.cnf -out signedcert.crt -infiles client-cert.csr
     openssl verify -CAfile ca.crt signedcert.crt
     openssl x509 -in signedcert.crt -out signedcert.der -outform DER     Everything runs fine for (4), but when we finally try to import the signedcert, we get this :
     keytool error: java.security.cert.CertificateException: IOException: X509.Object
     Identifier() -- data isn't an object ID (tag = 48)Some people here have already had the problem but got no answer.
What I'd like to know first is what does such an error MEAN exactly, then how can I manage to put my cert into the keystore.
FYI, we use keytool from JDK 1.3.0 and openssl 0.9.7
(I can post config file ca-sign.cnf if needed)
Thanks for your help
Valerien

I got no answer either, so here's the solution for other unlucky people : use keytool from the latest JDK (1.4.1_01 ran fine).
Thank me very much.

Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938

I am trying to deploy the clientcert sample applcation that comes with the platform edition of SunOne V7.
I have used openssl as a CA and have created client and server certs.
I get the following problem.
     Sun ONE Application Server - HTTP Status 403 Error
     Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
     Type: Status Report
     Message: Access to the requested resource has been denied.
As can be seen from the server.log below, some form of authentication succeeds:
     [12/Aug/2004:08:56:11] FINE ( 2392): X.500 name login succeeded for : CN=tweekes, O=tester, C=ie
Note, common name is that of my client cert.
However there is a severe error:
     [12/Aug/2004:08:56:09] SEVERE ( 2392): for host 169.254.111.12 trying to GET /cert, Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938
Also, HTTPS works with server side authentication and I signed both client and server certs with same private "CA" certification.
Question: Do I need any special extentions in the certs for use with SSL?
Thanks in advance.
server.log fragment:
[12/Aug/2004:08:56:09] FINE ( 2392): for host 169.254.111.12 trying to GET /cert, ntrans-j2ee reports: directory listing for context "/cert"
[12/Aug/2004:08:56:09] FINE ( 2392): Attaching to JVM thread service-j2ee-4
[12/Aug/2004:08:56:09] FINE ( 2392): context = StandardEngine[null].StandardHost[server1].StandardContext[cert]
[12/Aug/2004:08:56:09] FINE ( 2392): contextPath = /cert
[12/Aug/2004:08:56:09] FINE ( 2392): wrapper = null
[12/Aug/2004:08:56:09] FINE ( 2392): servletPath = null
[12/Aug/2004:08:56:09] FINE ( 2392): pathInfo = null
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Process request for '/cert'
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Checking for SSO cookie
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: SSO cookie is not present
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Security checking request GET /cert
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Checking constraint 'SecurityConstraint[clientcert security test]' against GET --> true
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Subject to constraint SecurityConstraint[clientcert security test]
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling checkUserData()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: User data constraint has no restrictions
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling authenticate()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Looking up certificates
[12/Aug/2004:08:56:09] FINEST ( 2392): Requesting client certificate from core.
[12/Aug/2004:08:56:09] SEVERE ( 2392): for host 169.254.111.12 trying to GET /cert, Client-Auth reports: HTTP4031: Unexpected error receiving data: -5938
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: No certificates included with this request
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Failed authenticate() test
[12/Aug/2004:08:56:09] FINE ( 2392): for host 169.254.111.12 trying to GET /cert, ntrans-j2ee reports: directory listing for context "/cert"
[12/Aug/2004:08:56:09] FINE ( 2392): Attaching to JVM thread service-j2ee-5
[12/Aug/2004:08:56:09] FINE ( 2392): context = StandardEngine[null].StandardHost[server1].StandardContext[cert]
[12/Aug/2004:08:56:09] FINE ( 2392): contextPath = /cert
[12/Aug/2004:08:56:09] FINE ( 2392): wrapper = null
[12/Aug/2004:08:56:09] FINE ( 2392): servletPath = null
[12/Aug/2004:08:56:09] FINE ( 2392): pathInfo = null
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Process request for '/cert'
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: Checking for SSO cookie
[12/Aug/2004:08:56:09] FINE ( 2392): SingleSignOn[server1]: SSO cookie is not present
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Security checking request GET /cert
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Checking constraint 'SecurityConstraint[clientcert security test]' against GET --> true
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Subject to constraint SecurityConstraint[clientcert security test]
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling checkUserData()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: User data constraint has no restrictions
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Calling authenticate()
[12/Aug/2004:08:56:09] FINE ( 2392): Authenticator[cert]: Looking up certificates
[12/Aug/2004:08:56:09] FINEST ( 2392): Requesting client certificate from core.
[12/Aug/2004:08:56:11] FINEST ( 2392): Processing login with credentials of type: class sun.security.x509.X500Name
[12/Aug/2004:08:56:11] FINE ( 2392): Processing X.500 name login.
[12/Aug/2004:08:56:11] FINEST ( 2392): Certificate realm setting up security context for: CN=tweekes, O=tester, C=ie
[12/Aug/2004:08:56:11] FINE ( 2392): X.500 name login succeeded for : CN=tweekes, O=tester, C=ie
[12/Aug/2004:08:56:11] FINE ( 2392): Authenticator[cert]: Authenticated 'CN=tweekes, O=tester, C=ie' with type 'CLIENT-CERT'
[12/Aug/2004:08:56:11] FINE ( 2392): SingleSignOn[server1]: Registering sso id '6264FF86CB3151E572951CB77D0C515F' for user 'CN=tweekes, O=tester, C=ie' with auth type 'CLIENT-CERT'
[12/Aug/2004:08:56:11] FINE ( 2392): Authenticator[cert]: Calling accessControl()
[12/Aug/2004:08:56:11] FINEST ( 2392): PRINCIPAL : CN=tweekes, O=tester, C=ie hasRole?: staffmember
[12/Aug/2004:08:56:11] FINEST ( 2392): PRINCIPAL TABLE: {staff=[staffmember], C=ie, O=tester, CN=tweekes=[staffmember]}

The below one is the correct configurations
<If $uri =~ "/my(/passo.*)">
NameTrans fn="restart" from="$uri" uri="/my/jsp$1"
</If>
<Object ppath="/my/jsp/passo/*">
PathCheck fn="get-client-cert" dorequest="1"
</Object>

Openssl: how to find out version installed

Hi,
I am looking into installing Webmin only for the purpose of being a frontend to MySql.
The Webmin install preamble mentions to check Perl + OpenSSL versions.
Perl version installed is OK but following the instruction,
< OpenSSL: 0.9.7b to see version open terminal cd /usr/bin then type OpenSSL version >
no satisfactory answer is returned, ie,
[PowerBook:/usr/bin] patrickh% OpenSSL --version
==//==
/Previous Systems/Previous System 1/usr/share/man/man3/UI_OpenSSL.3ssl
/sw/share/man/man3/OpenSSLadd_allalgorithms.3
/System/Library/OpenSSL
/System/Library/OpenSSL/certs
/System/Library/OpenSSL/lib
/System/Library/OpenSSL/misc
/System/Library/OpenSSL/misc/CA.pl
/System/Library/OpenSSL/misc/CA.sh
/System/Library/OpenSSL/misc/c_hash
/System/Library/OpenSSL/misc/c_info
/System/Library/OpenSSL/misc/c_issuer
/System/Library/OpenSSL/misc/c_name
/System/Library/OpenSSL/misc/der_chop
/System/Library/OpenSSL/openssl.cnf
/System/Library/OpenSSL/private
/usr/share/man/man3/DH_OpenSSL.3ssl
/usr/share/man/man3/DSA_OpenSSL.3ssl
/usr/share/man/man3/OpenSSLadd_allalgorithms.3ssl
/usr/share/man/man3/OpenSSLadd_allciphers.3ssl
/usr/share/man/man3/OpenSSLadd_alldigests.3ssl
/usr/share/man/man3/OpenSSLadd_sslalgorithms.3ssl
/usr/share/man/man3/UI_OpenSSL.3ssl
[PowerBook:/usr/bin] patrickh% cd /System/Library/OpenSSL
[PowerBook:/System/Library/OpenSSL] patrickh% OpenSSL --version
tcsh: OpenSSL: Command not found.
[PowerBook:/System/Library/OpenSSL] patrickh%
=====
Of course < tcsh: OpenSSL: Command not found. > is the important bit here I guess.
The other question is, any other suitable mysql (open source) frontends?
Looked at rekall but did not much like its feel, look.
Patrick

Not quite the answer you are looking for but if you only want a GUI for mysql you might want to try phpmyadmin instead http://www.phpmyadmin.net/home_page/index.php
Webmin is a great admin tool for numerous applications but phpadmin is a great tool for mysql administration that does not require you to learn all of the nuances of Webmin.
FWIW I have both installed and really like Webmin for it's versatility but find phpmyadmin much simplere to learn and use.

SSL or TLS client configure problems !!

Hello,
I am using Solaris native DS5.1, configured to use ssl certificate based authentication (server now running ssl configured.
Using OpenSSL created certificate and certutil tools I created cert7.db for client solaris 9 and even redhat 7.3 client.
How I can tel the client to authenticate through ssl (port 636) and to use cert7.db (where to put cert7.db file now at /var/ldap ).
Also how I can test if ssl port 636 is working and accepting ldap queries.
N.B. The system is working fine with normal port 389 fine, all clients are happy without ssl.
Thanks
Farah

Sorry, I should have mentioned that you need to use the version of ldapsearch that comes with Directory Server - mine is located in /usr/iplanet/ds5/shared/bin/. So you will probably want to amend your PATH. You will also need to add the relevant libraries to your LD_LIBRARY_PATH - mine being /usr/iplanet/ds5/lib:$LD_LIBRARY_PATH.
I've successfully used OpenSSL to create my directory server certificate & have (finally!) got OpenSSL-created client certificates to work. All I can say is make sure the server certificate is trusted.
Incidently, you do not use the "-n" flag with the tstclnt command unless you are using a client certificate. My advice to use this command was probably misleading. Maybe the better way of testing your SSL connection is simply to run the relevant ldapsearch command, e.g.
ldapsearch -v -Z -p 636 -P /var/ldap -b "ou=people,o=myorg" "cn=*"

Patches not patching, error occurred "Error is:"

Hello! I am patching a SLES 11 SP2 server with ZCM 11.2.4 with Monthly Update 1 applied. The majority of my patches are applied appropriately, however there are 5 patches that will not apply and I get this unhelpful message in the message log - "An error occurred while executing the program. Error is:" with no error listed after the colon. I have tried clearing the cache on the agent, rebooting, checking and unchecking the "Resolve all RPM dependencies" box, all with no change. For testing purposes, I downloaded the one of the patch RPMs from Novell's web site and was able to to install it without any errors (interestingly enough the ZCM server does not see it as being patched). The patches I am having problems with are as follows...
Novell SUSE 2014:8791 kernel security update for SLE 11 SP2 x86_64
Novell SUSE 2013:8701 libpixman-1-0 security update for SLE 11 SP2 x86_64
Novell SUSE 2013:8681 openssl-certs security update for SLE 11 SP2 x86_64
Novell SUSE 2013:8621 curl security update for SLE 11 SP2 x86_64
Novell SUSE 2013:8656 cifs-mount security update for SLE 11 SP2 x86_64
and attached is a copy of the zmd-messages.log file from the affected client.
Thanks for the help!

ahilton,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://forums.novell.com/

Roundcube not working after last php update [SOLVED]

After the last php update my roundcubemail stopped working. The log-in page loads and after attempting to log in I get the following error:
IMAP Error in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap.php (184): Login failed for [email protected] from 192.168.1.1. Could not connect to ssl://localhost:993: Unknown reason (fsockopen() function disabled?)
Last edited by whahn1983 (2014-09-19 18:46:11)

I fixed it yesterday. I modified the PKGBUILD to get the upstream fix.
# $Id$
# Maintainer: Sergej Pupykin <[email protected]>
pkgname=roundcubemail
pkgver=1.0.2.3b55da
pkgrel=1
pkgdesc="A PHP web-based mail client"
arch=('any')
url="http://www.roundcube.net"
license=('GPL')
depends=('php')
optdepends=('python2')
backup=('etc/webapps/roundcubemail/.htaccess'
'etc/webapps/roundcubemail/apache.conf')
install=roundcubemail.install
options=('!strip' 'emptydirs')
source=("${pkgname}::git+https://github.com/roundcube/roundcubemail.git#commit=9a498212446f6c9a186df5652a7625526b590b78"
apache.conf)
md5sums=('SKIP'
'f11b17e2a80b383cde4af963fb307541')
prepare() {
cd ${srcdir}/${pkgname}
sed -i \
-e "s|RCUBE_INSTALL_PATH . 'temp.*|'/var/cache/roundcubemail';|" \
-e "s|RCUBE_INSTALL_PATH . 'logs.*|'/var/log/roundcubemail';|" \
config/defaults.inc.php \
program/lib/Roundcube/rcube_config.php
package() {
mkdir -p ${pkgdir}/etc/webapps/roundcubemail
mkdir -p ${pkgdir}/usr/share/webapps
mkdir -p ${pkgdir}/var/log
cd ${pkgdir}/usr/share/webapps
cp -ra ${srcdir}/${pkgname} roundcubemail
cd roundcubemail
mv .htaccess $pkgdir/etc/webapps/roundcubemail/
ln -s /etc/webapps/roundcubemail/.htaccess .htaccess
mv config $pkgdir/etc/webapps/roundcubemail/
ln -s /etc/webapps/roundcubemail/config config
install -dm0750 $pkgdir/var/{log,cache}/roundcubemail
install -Dm0644 $srcdir/apache.conf $pkgdir/etc/webapps/roundcubemail/apache.conf
# install -dm0755 $pkgdir/etc/php/conf.d/
# cat <<EOF >$pkgdir/etc/php/conf.d/$pkgname.ini
#open_basedir = ${open_basedir}:/etc/webapps/roundcubemail:/usr/share/webapps/roundcubemail:/var/log/roundcubemail:/var/cache/roundcubemail
#EOF
rm -rf temp logs
Then I added these values to my roundcube config:
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verfify_peer_name' => false,
// SMTP connection timeout, in seconds. Default: 0 (use default_socket_timeout)
// Note: There's a known issue where using ssl connection with
// timeout > 0 causes connection errors (https://bugs.php.net/bug.php?id=54511)
$config['smtp_timeout'] = 5;
// SMTP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation, and
// requires 'smtp_timeout' to be non zero.
// $config['smtp_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'verify_peer_name' => false,
It works like a charm.

Import a signed public key into a keystore

Hai all,
When I followed the steps listed at the end of the email, to create a cert request using keytool (from jdk 1.3.0), make it signed by a CA and import the signed public key into a keystore,
I got the following error when I did step 9: keytool error: java.security.cert.CertificateException: IOException: data is not sufficient
Could you please give me a help? Thanks in advance. ---
1.Generate the CA key
$ openssl genrsa -rand -des -out ca.key 1024
2.Create a self signed certificate
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3.Setup the OpenSSL CA tools
$ mkdir demoCA $ mkdir demoCA/newcerts $ touch demoCA/index.txt
$ cp ca.crt demoCA/ $ echo "01" > demoCA/serial
4.Create a new key store for the client application
$ keytool -keystore testkeys -genkey - alias client
5.Export the client's public key
$ keytool -keystore testkeys -certreq -alias client -file client.crs
6.Sign the client's key with our CA key
$ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key
7.Convert to DER format
$ openssl x509 -in client.crs.pem -out client.crs.der -outform DER
8.Import CA certificate into client's key store
$ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt
9.Import signed key into client's key store
$ keytool -keystore testkeys -alias client -import -file client.crs.der
(The above steps are available at <http://www.ddj.com/articles/2001/0102/0102a/0102a.htm>)
I have created CA and Server certificates using openssl and client certificate request using keytool and it is signed by our CA.
I am using openssl server (C++) and JSSE client (JAVA)...
to communicate these two what certificates i need to put in the client keystore (created using keytool).
I have imported CA into keytool ,but i am unable to import client cert into keystore.
Please tell me some way to sort out this problem...
Prasad.

The following script using openssl and keytool (JDK1.3)
works. Be sure to have the following in
your extension directory (/opt/java1.3/jre/lib/ext):
jcert.jar
jnet.jar
jsse.jar
sunrsasign.jar
Pierre
#!/bin/ksh
rm -f Keystore Config
rm -rf certs
mkdir certs
touch certs/index
echo "01" > certs/serial
chmod 600 certs/*
netstat > /tmp/.rnd
echo "Creating config file for openssl"
cat > Config <<EOCNF
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = certs
database = \$dir/index
serial = \$dir/serial
default_days = 365 # Duration to certify for
default_crl_days= 30 # Time before next CRL
default_md = SHA1 # Message digest to use.
preserve = no # Keep passed DN ordering?
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_value = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = CA
stateOrProvinceName_value = CA
localityName = Locality Name (eg, city)
localityName_default = Loc
localityName_value = Loc
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Org
0.organizationName_value = Org
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = OrgUnit
organizationalUnitName_value = OrgUni
commonName = Common Name (eg, YOUR name)
commonName_default = CN
commonName_value = CN
commonName_max = 64
emailAddress = Email Address
emailAddress_default = [email protected]
emailAddress_value = [email protected]
emailAddress_max = 40
[ req_attributes ]
EOCNF
echo "Creating DSA params"
openssl dsaparam -outform PEM -out DSAPARAM -rand /tmp/.rnd 1024
echo "Creating CA key pair and cert request"
openssl req -config Config -nodes -newkey DSA:DSAPARAM -keyout certs/caprivkey.pem -out certs/req.pem
echo "Signing own CA cert"
openssl x509 -req -in certs/req.pem -signkey certs/caprivkey.pem -out certs/cacert.pem
echo "Generating client key pair and cert in keystore"
keytool -genkey -alias myalias -keyalg DSA -keysize 1024 -keypass password -storepass password -keystore Keystore -dname "CN=Common Name, OU=Org Unit, O=Org, L=Locality, S=State, C=Country" -validity 365
echo "Generating cert request"
keytool -certreq -alias myalias -keypass password -storepass password -keystore Keystore -file certs/CertReq.csr
echo "Signing client cert"
openssl ca -config Config -policy policy_anything -batch -in certs/CertReq.csr -keyfile certs/caprivkey.pem -days 365 -cert certs/cacert.pem -outdir certs -out certs/public.pem -md SHA1
echo "Importing CA cert into keystore"
keytool -import -alias CA -keystore Keystore -storepass password -noprompt -file certs/cacert.pem
# Clean the certificate file, contains extra stuff from openssl
sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/!d" \
certs/public.pem > certs/tmp-public.pem
cp certs/tmp-public.pem certs/public.pem
rm certs/tmp-public.pem
echo "Importing client cert into keystore"
keytool -import -alias myalias -keystore Keystore -storepass password -noprompt -file certs/public.pem

Snow leopard and 3.2.6 xcode

To begin Snow leopard is 10.6.8 up to date.
Well, as I only been searching up and down the web for a solution to this problem, I have found alot of dead ends and unanswered problems.
Xcode 3.2.6 Seems to be the must rare thing in the universe to come across, or at least for myself it is.
I'm running Snow leopard hint the title.
It came with a disc, oh wait isn't that a wonder since thats the only way you can download it, as I'm aware of, and almost absurd you can digitally download mavericks.
Anyways the xcode that comes with the optional install on the disc only is up to date to 3.0, isn't that shocking since i wasted my time and money getting snow leopard because of the many problems apple has with almost everything (leopard & openssl cert.) which was a pain in the *** to begin with.
Warning: Xcode is not installed
Most formulae need Xcode to build.
It can be installed from https://developer.apple.com/downloads/
As the above is pretty ******* obvious what the problem is, where the real problem lies is that i can't install it.
When i go to install: xcode_3.2.6_and_Ios_sdk_4.3.dmg everything appears to be fine until it actually starts to verify it and in less then about ten second everytime it is denied.
I've gone through **** trying to figure this out and even the programmers at my local business are unable to figure this problem out because there is absolutely no explanation to why it won't install. It does not give me a hint of any sort, it is simply put "verification unable to process"
Now before I thought of actually coming here and looking for help i have reinstalled xcode and snow leopard numerous times to recieve the same problem.
Quite frankly I do not wanna put more money into lion as I heard first off its a waste, and secondly why should I keep spending money and getting the same **** results.
I heard about getting Xcode 4.2 but I'm not even sure this is compatible with Snow leopard let alone the link is busted and access is denied due to having to be a paid member on the apple site, (which at this rate will never happen)
I don't mean to be rude, I'm just a twenty one year old kid with a bit of furious attitude who doesn't like to waste his time and money.
But please if this at all gets answered (which I'm almost positive it won't from everywhere else i searched no answers are being given) that it at least be related to the cause, as I can see alot of people are in the same situation and therefore i believe a REAL solution should not be left unheard.
If any more information is needed, please feel free to ask. I will be checking in so often to to hopefully come back to a fix.
Thank you for letting me waste your time.

Okay so after reinstalling everything and running brew doctor
I'm getting this now
arning: Unbrewed dylibs were found in /usr/local/lib.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.
Unexpected dylibs:
    /usr/local/lib/libexslt.0.dylib
    /usr/local/lib/libexslt.dylib
    /usr/local/lib/libhistory.6.0.dylib
    /usr/local/lib/libhistory.6.dylib
    /usr/local/lib/libhistory.dylib
    /usr/local/lib/libreadline.6.0.dylib
    /usr/local/lib/libreadline.6.dylib
    /usr/local/lib/libreadline.dylib
    /usr/local/lib/libruby.1.8.7.dylib
    /usr/local/lib/libruby.1.8.dylib
    /usr/local/lib/libruby.dylib
    /usr/local/lib/libsqlite3.0.8.6.dylib
    /usr/local/lib/libsqlite3.0.dylib
    /usr/local/lib/libsqlite3.dylib
    /usr/local/lib/libxml2.2.dylib
    /usr/local/lib/libxml2.dylib
    /usr/local/lib/libxslt.1.dylib
    /usr/local/lib/libxslt.dylib
Warning: Unbrewed .la files were found in /usr/local/lib.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.
Unexpected .la files:
    /usr/local/lib/libexslt.la
    /usr/local/lib/libsqlite3.la
    /usr/local/lib/libxml2.la
    /usr/local/lib/libxslt.la
Warning: Unbrewed .pc files were found in /usr/local/lib/pkgconfig.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.
Unexpected .pc files:
    /usr/local/lib/pkgconfig/libexslt.pc
    /usr/local/lib/pkgconfig/libxml-2.0.pc
    /usr/local/lib/pkgconfig/libxslt.pc
    /usr/local/lib/pkgconfig/sqlite3.pc
Warning: Unbrewed static libraries were found in /usr/local/lib.
If you didn't put them there on purpose they could cause problems when
building Homebrew formulae, and may need to be deleted.
Unexpected static libraries:
    /usr/local/lib/libexslt.a
    /usr/local/lib/libhistory.a
    /usr/local/lib/libreadline.a
    /usr/local/lib/libruby-static.a
    /usr/local/lib/libsqlite3.a
    /usr/local/lib/libxml2.a
    /usr/local/lib/libxslt.a
Warning: Your Xcode (3.2) is outdated
Please update to Xcode 3.2.6.
Xcode can be updated from https://developer.apple.com/downloads/

Need help on how to programmatically pass the Binary Security Token from C# code in visual studio 2012

Hi All,
Below is my signed SOAP request. I don't have any web.config configuration for this also no idea on how to implement message level security. Could you please suggest on implementation.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:v1="http://www.notification/V1.0"
xmlns:v11="http://www./effectivity/V1.0">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:BinarySecurityToken
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
wsu:Id="X509-9B329C3CD7BD01ABE81422559607628108">MIIKZTCCCE2gAwIBAgIKXdo6EQACAAXqazANBgkqhkiG9w0BAQUFADB3MRMwEQYKCZImiZPyLGQBGRYDbmV0MRowGAYKCZImiZPyLGQBGRYKYm9tYmFyZGllcjEUMBIGCgmSJomT8ixkARkWBGFlcm8xFDASBgoJkiaJk/IsZAEZFgRhZXJvMRgwFgYDVQQDEw9BZXJvLUlzc3VpbmctQ0EwHhcNMTUwMTIzMTkzMzIyWhcNMTcwMTIyMTkzMzIyWjCBvzELMAkGA1UEBhMCQ0ExDzANBgNVBAgTBlF1ZWJlYzERMA8GA1UEBxMITW9udHJlYWwxGDAWBgNVBAoTD0JvbWJhcmRpZXIgSW5jLjESMBAGA1UECxMJQWVyb3NwYWNlMScwJQYDVQQDEx5jb2xsYWItZGV2LmFlcm8uYm9tYmFyZGllci5uZXQxNTAzBgkqhkiG9w0BCQEWJm10bF9pdF9vcHNfd2luZG93c0BhZXJvLmJvbWJhcmRpZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlzvsKg9LVifnEtxq947BXIcMV14ivIOvBgcoTdH6cw44ZUErp8MCSVBZnzJCmaRl4Qb1zUBrIjJk0h5omQPbFTUcpE84oHfvlJzNLknCVirks94RAvqtQFl0RgCl6EKiT3yNNncSI1OjPlL1wmebtghTyyRH3mqixWn2L43AF114nH/uIm5zozxCCIqW4biwx7PaHbuT6Kj3UzmarTXoGCDE8mbwUfCaQowaNWSCphU9BIqXUE2sW0FzNQnyjg0Z64FvSI07fJXCxb9URw61uQ3M5HCj8OqR5yQsiDuAnmw1AIccaoEBZu5yIhcY0xMVoNOKo3901xVEExBjbFJSwIDAQABo4IFqDCCBaQwCwYDVR0PBAQDAgWgMIIC!
CwYDVR0RBIICAjCCAf6CHmNvbGxhYi1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIkY3Jhd2wtY29sbGFiLWRldi5hZXJvLmJvbWJhcmRpZXIubmV0giJhZG0tY29sbGFiLWRldi5hZXJvLmJvbWJhcmRpZXIubmV0gh5teXNpdGUtZGV2LmFlcm8uYm9tYmFyZGllci5uZXSCImFkbS1teXNpdGUtZGV2LmFlcm8uYm9tYmFyZGllci5uZXSCJGNyYXdsLW15c2l0ZS1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIiYWRtLWVudHNydi1kZXYuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDEuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDIuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIiTVRMV1dNU1M2MDMuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIlc2VhcmNoZmFzdC1kZXYuY2EuYWVyby5ib21iYXJkaWVyLm5ldIIpc2VhcmNoZmFzdC1hZG0tZGV2LmNhLmFlcm8uYm9tYmFyZGllci5uZXSCI210bHdhc21zcDYwMS5jYS5hZXJvLmJvbWJhcmRpZXIubmV0giFjbWlzc3AtZGV2LmNhLmFlcm8uYm9tYmFyZGllci5uZXQwHQYDVR0OBBYEFDa9eetNyQfJSvGWMqLM6PUY5Pe/MB8GA1UdIwQYMBaAFPcL/75Iad8EnXpbXm/8o/81NQHJMIIBYgYDVR0fBIIBWTCCAVUwggFRoIIBTaCCAUmGgc1sZGFwOi8vL0NOPUFlcm8tSXNzdWluZy1DQSxDTj1NVExXSVBLSTAwMixDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hZXJvLERDPWFlcm8s!
REM9Ym9tYmFyZGllcixEQz1uZXQ/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hkNodHRwOi8vbXRsd2lwa2kwMDMuYWVyby5hZXJvLmJvbWJhcmRpZXIubmV0L3BraS9BZXJvLUlzc3VpbmctQ0EuY3JshjJodHRwOi8vY2RwLmFlcm8uYm9tYmFyZGllci5jb20vQWVyby1Jc3N1aW5nLUNBLmNybDCCAW0GCCsGAQUFBwEBBIIBXzCCAVswgcEGCCsGAQUFBzAChoG0bGRhcDovLy9DTj1BZXJvLUlzc3VpbmctQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9YWVybyxEQz1hZXJvLERDPWJvbWJhcmRpZXIsREM9bmV0P2NBQ2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MFIGCCsGAQUFBzAChkZodHRwOi8vbXRsd2lwa2kwMDMuYWVyby5hZXJvLmJvbWJhcmRpZXIubmV0L3BraS9BZXJvLUlzc3VpbmctQ0EoMikuY3J0MEEGCCsGAQUFBzAChjVodHRwOi8vY2RwLmFlcm8uYm9tYmFyZGllci5jb20vQWVyby1Jc3N1aW5nLUNBKDIpLmNydDA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiFoPNlhYL3Xob1lTKCsPMIguTeGxOD/oINhsufMAIBZAIBDTATBgNVHSUEDDAKBggrBgEFBQcDATAbBgkrBgEEAYI3FQoEDjAMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4ICAQCtFw4FKpzNr8gpnpHHJvgjUfe7FbXvzuf8qENJQA
+5KJjD6rqeSGpDJcvSwiFblZobFswFb7OABrxfpvDnmDbBfvozHPhAWBnmISz0t2ydb7R/SY1cl8NihamCPrtVN/azVDVqvj1kHkrVRM18BGSFowqGixMFQr4rDgB75214FN69a85AnxV5O5ip
+U9g/JdW2qRSGcfUd1np2QActllDimc+33rp/nXIaoXjRlXhkm+WxCt3Ca5OgwnVm3a4Ceiljj
+1i5
+8XV2zngv6eq4HlrBg0sFPaHWdjrIGcNyaWW0h0dPQUuv4Gm3zKDkQ3AQSC3cV5qCqmh6fCaCsI3us2kSJjHMZa
+OSDLI7K01pDP85TieHeoONBo8mRKsOQ0e1FGXH2BkbXSN1DgfJ1IzddaBbSsnjR5gNrRMmZJnCXnluT8Gmwyv9EKjMit6yt0sWwrADd5ZIjYUnxnrkgfXpPY2kqK2gOl12IHjFK6d5vUsGTlIv9H3OmtCWVBHpR125C0CZvU987z3u9Gv4Jiuv/LpDuv1bNuqNHsQfSqSYsjEreGIP
+DapzhMOefiv+kN4nLj3Owk4VdQm9
+dxekwaS7HFwAQGOVik877mXxmjRhwxtZPW0ZrWs3fZ2z90Ppki4cGN/rtaLGz
+WwicrPt1B34296kQkkIolWtiGjkpnQ==</wsse:BinarySecurityToken>
<ds:Signature Id="SIG-9B329C3CD7BD01ABE81422559607628111"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="soapenv v1 v11"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference URI="#id-CF533499567BE717AA1422396248543100">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="v1 v11"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AYy1/Ni9XTOZy4F3AFagcxkLnws=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>B/psgt7s4dcnlAFK9HWPYSPRQi
+B75tj7zv6KCG2IFd3y3kE0k4DjNyK17ZcqhXkUdxcmDoydbnH
4WUq7XmeG05w/VTbwn8g8RIoY48NaCOCQsXl6RztxhzRxbeocwngebUclJPnEPw3Nr0zguvNFuPa
wBkqcYFAgwG2dlwl/B8QVjvu1xjeXlVP5uHfubdpP
+tG0OnCWztG16108ORqtA2Df3Aj/JnXk2jt
RcIx6fPNna
+mv/MtCGOpSO4vDOf66He/UunkKjo/O5OvO9wuRhZOMJcSEkwVHCBAr9qbRGR72snq
C15GRcCpFyZIP7tElyY1WhBppKNi9j+YA0w9cQ==</ds:SignatureValue>
<ds:KeyInfo Id="KI-9B329C3CD7BD01ABE81422559607628109">
<wsse:SecurityTokenReference
wsu:Id="STR-9B329C3CD7BD01ABE81422559607628110">
<wsse:Reference
URI="#X509-9B329C3CD7BD01ABE81422559607628108"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body wsu:Id="id-CF533499567BE717AA1422396248543100"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<v1:sendNotificationRequest>
<v1:notificationHeader>
<sourceAppID>PORTAL</sourceAppID>
<creationTimestamp>2015-01-27T23:27:16.932Z</creationTimestamp>
</v1:notificationHeader>
<v1:notificationTarget>

<userID>?</userID>

<v1:emailChannel>

<v1:fromAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:fromAddress>

<v1:toAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:toAddress>

<v1:CCAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:CCAddress>

<v1:BCCAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:BCCAddress>
</v1:emailChannel>

<v1:SMSChannel>
<message>?</message>
<phoneNumber>?</phoneNumber>
</v1:SMSChannel>

<v1:portalNotifChannel>
<creationDate>?</creationDate>
<expiryDate>?</expiryDate>
</v1:portalNotifChannel>
</v1:notificationTarget>

<v1:company>
<companyId>?</companyId>

<sourceSystemId>?</sourceSystemId>
</v1:company>

<v11:aircraftEffectivity>

<v11:aircraftFamily>
<aircraftFamilyName>?</aircraftFamilyName>

<v11:aircraftModel>
<aircraftModelName>?</aircraftModelName>

<v11:aircraft>
<aircraftSerialNumber>?</aircraftSerialNumber>
</v11:aircraft>
</v11:aircraftModel>
</v11:aircraftFamily>
</v11:aircraftEffectivity>

<v11:userEffectivity>


<role_DN>?</role_DN>

<role_CN>?</role_CN>
</v11:userEffectivity>


<v1:forcedNotify>


<v1:notificationTarget>

<userID>?</userID>

<v1:emailChannel>

<v1:fromAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:fromAddress>

<v1:toAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:toAddress>

<v1:CCAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:CCAddress>

<v1:BCCAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:BCCAddress>
</v1:emailChannel>

<v1:SMSChannel>
<message>?</message>
<phoneNumber>?</phoneNumber>
</v1:SMSChannel>

<v1:portalNotifChannel>
<creationDate>?</creationDate>
<expiryDate>?</expiryDate>
</v1:portalNotifChannel>
</v1:notificationTarget>

<notificationChannel>

<userID>?</userID>
<forcedNotifyChannel>?</forcedNotifyChannel>

<v1:fromAddress>
<v1:emailAddress>?</v1:emailAddress>

<v1:name>?</v1:name>
</v1:fromAddress>
</notificationChannel>

<v11:userEffectivity>
<role_DN>cn=owner_purchasing,cn=owner,cn=eservices_basic_access,ou=eservices,ou=groups,dc=bombardier,dc=com</role_DN>
<role_DN>cn=owner_broker,cn=owner,cn=eservices_basic_access,ou=eservices,ou=groups,dc=bombardier,dc=com</role_DN>
</v11:userEffectivity>
</v1:forcedNotify>
<subject>AHMS Notification</subject>
<payload>You are receiving an AHMS notification</payload>
<v1:isGroupingAllowed>false</v1:isGroupingAllowed>
<v1:emailAttachment>
<v1:fileName>?</v1:fileName>

<v1:fileSize>?</v1:fileSize>

<Content>cid:354298590057</Content>

<ContentEncoding>?</ContentEncoding>

<ContentEncodingType>?</ContentEncodingType>
</v1:emailAttachment>

<priority>?</priority>
</v1:sendNotificationRequest>
</soapenv:Body>
</soapenv:Envelope>
Any help would be great.
I need to programmatically send the token to the webservice and initiate request and response accordingly
Thanks in advance.

Hi Shawn,
Thanks for your help. I am still struggling. There is a Binary security token element which will contain the public version of the certificate,
with the certificate itself sent along as base64 encoded data.
Below is my code, if you can suggest:
ClientSection clientSection = ClientSection)WebConfigurationManager.GetSection("system.serviceModel/client");
ChannelEndpointElement endpoint = clientSection.Endpoints[0];
string endpointStr = string.Format("Address: {0}; BindingConfiguration: {1}; Contract: {2}", endpoint.Address.ToString(), endpoint.BindingConfiguration, endpoint.Contract);
EndpointAddress remoteAddress = new EndpointAddress(endpoint.Address.ToString());
NotificationServiceClient client = new NotificationServiceClient(endpoint.BindingConfiguration, remoteAddress);
X509Store store = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly);
X509Certificate2 cert = new X509Certificate2();
for (int i = 0; i < store.Certificates.Count; i++)
if (store.Certificates[i].Subject == "E=[email protected], CN=collab-dev.aero.bombardier.net, OU=Aerospace, O=Bombardier Inc., L=Montreal, S=Quebec, C=CA")
cert = store.Certificates[i];
//byte[] rawdata = cert.GetRawCertData();
//BinarySecretSecurityToken token = new BinarySecretSecurityToken(rawdata);
X509SecurityToken token = new X509SecurityToken(cert);
client.ClientCredentials.ClientCertificate.Certificate = cert;
// instead of certificate the enoced token needs to be sent.
Any help would be great. I am totally new to wcf.
Thanks.

Applet fails to render

Developing an applet based on java sound demo. Signing, certs, client access all working great MOST of the time. Issue: sometimes, after clicking yes on the cert dialog, the applet comes up blank(grey- the bgcolor). No error is shown in the plugin console so I am left to think it may be an issue with request time-out, but just guessing as there is seemingly no way to debug. Sure would like a tip from the Duke.
all help appreciated.
Mike D.
HormannAmerica, Inc.

Enable a full trace and check that out.
Put some System.out.prinln in your code to see where your code hangs, since
it doesn't produce an exception it probably has some blocking code. (like
reading from a socket that doesn't produce any data and isn't closed by the
sender)
Or you cought an exception without printing the stacktrace.
To turn the full trace on (windows) you can start the java console, to be found here:
C:\Program Files\Java\j2re1.4...\bin\jpicpl32.exe
In the advanced tab you can fill in something for runtime parameters fill in this:
-Djavaplugin.trace=true -Djavaplugin.trace.option=basic|net|security|ext|liveconnect
if you cannot start the java console check here:
C:\Documents and Settings\userName\Application Data\Sun\Java\Deployment\deployment.properties
I think for linux this is somewhere in youruserdir/java (hidden directory)
add or change the following line:
javaplugin.jre.params=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
for 1.5:
deployment.javapi.jre.1.5.0_03.args=-Djavaplugin.trace\=true -Djavaplugin.trace.option\=basic|net|security|ext|liveconnect
The trace is here:
C:\Documents and Settings\your user\Application Data\Sun\Java\Deployment\log\plugin...log
I think for linux this is somewhere in youruserdir/java (hidden directory)
Print out the full trace of the exception:
try{...}catch(Exception e){e.printStackTrace();}

WriteNow to RTF on Tiger

My dad has purchased leopard but before we install it (since we will lose OS 9 capabilities) we would like to convert his old WriteNow files to RTF. Obviously we can do this manually but this would take a long time. Is there a good way to do this with AppleScript? I am not very learned with AppleScript, I can use automator to get all the files, but then I need to run a script for "Save As..." that automatically saves as RTF in the same location with preferably a similar name (but not replacing the file) is there an easy way to do this? Thanks!

At this point I'm not clear if it's the key generation, or it's the paths in the conf that are not allowing it to be used. At the moment, this is what I get when I verify the cert:
*error 18 at 0 depth lookup:self signed certificate*
I found this link which is helping me understand all this:
*http://www.madboa.com/geek/openssl/#cert-self*
So I end up starting over with the same results. Am I mad to think this can be done? I've not seen otherwise, other than I've seen people talk about self-signed certs.
Muchly appreciated!

OpenSSL cert client distro

Similar Messages

Maybe you are looking for