PDF Certificates and Trust Levels
Using Adobe Pro 9 9.2.0. As a developer, this is my first experience with PDF. The requirement is to harvest data from fillable PDF in XFDF format for parsing and input to a database, and save the filled PDF to a server. I am aware of the JavaScript API to export data in various formats. I am also aware of the app.trustedFunction and its use to perform non-privileged functions, like exporting and saveas functions. When I run the export/save script using the trustedFunction wrapper I still get a NotAllowedError. I rem'ed out the body of the function and found the error is occurring with the trustedFunction itself. Checking the security settings under the Advanced menu, Certificate Details, under my user ID (corporate environment), and Trust tab, I find the Trust Settings entries are red X'd out and that the certificate is not trusted.. The fillable forms we use are obtained from a government agency (FAA). My questions: Can the trust level of a document be altered once created? How are certificates involved in the process and/or can new ones be created or attached to a document?
I'd want a correct, current and valid certificate chain (and would likely set up a private CA, as is my wont), as bad certs can block some sorts of secure network access until either corrected or overridden, and as training the end-users to always "yeah, whatever" with certificate security can potentially lead to... well, other issues.
The software update server will certainly download new and updated changes, but shouldn't need to re-download everything. Disk images will need to be updated.
I'd verify proper local DNS services and correct certs as part of the initial validation of the configuration, yes.
That's entirely your call. Won't really help with the disk images, and will require a re-download of updates.
Similar Messages
-
Import and trust a self-signed CA certificate from the Terminal
Hello there,
i have a problem: I would like to import and trust a self-signed CA(root) certificate from the Terminal to the System.keychain.
My request is to create a installation script to install the Cisco AnyConnect VPN Client and the needed certificates.
For the import i have used the following command:
sudo security import certificate.cer -k "/Library/Keychain/System.keychain" -A
The Option "-A" says:
Allow any application to access the imported key without warning (insecure, not recommended!) <- From the Mac Developer Library
The command reportet: 1 certificate is importet ... but ... the certificate is not trusted.
What do i need to do to set this certificate as trustworthy at the terminal?
Thanks for your help and best regards
Benjamin
P.S. The command: sudo security add-trusted-cert -d -r trustRoot -k “/Library/Keychains/System.keychain” “/private/tmp/certs/certname.cer” doen't run, i get an error message. Found on http://derflounder.wordpress.com/2011/03/13/adding-new-trusted-root-certificates -to-system-keychain/Hello Linc Davis,
thanks for your answer and sorry for my mistake, because i had already changed the last argument but for this discussion i had only copy this example.
But your answer show me the right way, big thanks.
I had entred the following command (see the last argument):
sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "~/Downloads/mycert.cer"
... and i get the following message:
***Error reading file ~/Downloads/mycert.cer
Error reading file ~/Downloads/mycert.cer
Today i changed the last argument to:
/Users/User/Downloads/mycert.cer
and its run.
Many thanks!
Benjamin -
Difference between "trusted" certificate and "valid" certificate?
I have added a new system root certificate, but I am having problems with it. In Tiger, I would add certificates to the x509 Anchors keychain. Then, when I would select them in Keychain Access, underneath the expiration date I would see a little green dot with a white check-mark in the middle, next to the words "This certificate is valid."
I understand that, in Leopard, new system root certificates are supposed to go in the System keychain. But, no matter whether I put my new certificate in the System keychain or the X509 Anchors keychain, I cannot cause it to look like it did before, with the message about its being "valid."
Instead, when I select it in Keychain Access, underneath the expiration date, I see a little blue dot with a white cross in the middle, next to the words "This certificate is trusted for all users."
What is the difference? And how can I cause a new certificate to be marked as "trusted" (with the green dot and check-mark, like before)?
I've googled and searched the forums, and experimented, without success. Can anyone help me? Thanks for reading!Did you search the Internet on 'midp trusted untrusted'? The first link from Google points to http://www.j2medev.com/api/midp/javax/microedition/midlet/doc-files/Authorization.html
Maik -
Virtual External Node and Node Trust Level?
Just wondering if anyone has ever setup the following configuration:
Case History: Implementing a Reverse Proxy Alone in a DMZ
Configuration - R12 [ID 726953.1]
If so, were you able to set the node trust level to EXTERNAL for this virtual tier
to limit the responsibilities it has access to?
If you look at note 380490.1 , all of the options say the following except for option 2.4 which is using a reverse proxy.
In this configuration, the external Applications web tier is required to:
Restrict access to a limited set of Oracle Applications responsibilities for users logging in via the Internet
Allow user access to only Oracle E-Business Suite Release 12 products that can be deployed for Internet accessHi Nic,
I agree with you.But i want to make sure on the following things:
1.How to generate xml file?
2.What are the things that has to be done from the PS side(like should i consume or provide service operation?)?
3.What are the things that has to be done from blackboard side?
Thanks in advance. -
Changing SQL Certificates and/or Symmetric Keys
Re: Changing SQL Certificates and/or Symmetric Keys
We need to encrypt some sensitive data and are looking at SQL Column Level encryption, using symetric keys.
For example, we are following this example
http://www.mssqltips.com/sqlservertip/2431/sql-server-column-level-encryption-example-using-symmetric-keys/
We are told that we might be required to change certificates and/or keys on a schedule, say every 1 year. How how do you change certificates and/or keys and what is the ramification for the data that is encrypted using them - say EncryptedColumn1?
-- Create self signed certificate
USE encrypt_test;
GO
CREATE CERTIFICATE Certificate1
WITH SUBJECT = 'Protect Data';
GO
-- Create symmetric Key
USE encrypt_test;
GO
CREATE SYMMETRIC KEY SymmetricKey1
WITH ALGORITHM = AES_128
ENCRYPTION BY CERTIFICATE Certificate1;
GO
-- Populating encrypted data into new column
USE encrypt_test;
GO
-- Opens the symmetric key for use
OPEN SYMMETRIC KEY SymmetricKey1
DECRYPTION BY CERTIFICATE Certificate1;
GO
UPDATE Customer_data
SET Credit_card_number_encrypt = EncryptByKey (Key_GUID('SymmetricKey1'),Credit_card_number)
FROM dbo.Customer_data;
GO
-- Closes the symmetric key
CLOSE SYMMETRIC KEY SymmetricKey1;
GOI think you are saying that to recycle the certificate (Certificate1) in my example to use anALTER SYMMETRIC KEY DROP ENCRYPTION then ALTER SYMMETRIC KEY ADD ENCRYPTION and my column data will still be encrypted with the same key but built upon a different
certificate.
Yup.
what happens when i need to recycle the key?
Then it gets messy. You will need to descrypt and reencrypt with the new key.
I'm not well versed in the requirements for which keys to recycle, but I note that in SQL Server, certificates has an expiration date. Symmetric keys have not. Also, certificates can be imported and be signed by a trusted provider. Symmetric keys are
some random bits created in SQL Server. (With the exception of keys från EKM devices, which is a rare thing.)
Erland Sommarskog, SQL Server MVP, [email protected] -
Certificate not Trusted Exception
Hi,
I am trying to invoke Axis soap call from webshpere (my requirement is to trust all certificates), but getting certificate not trusted exception. Appreciate any suggestions for fixing this issue.
Code:
public String transport(String strMessage, String strParticipantUrl, String methodName, String keyStorePwd) throws RouterException {
String result = null;
boolean isErrorOccured = false;
String errorMessage = null;
LOGGER.info("Calling Carrier Web Service.......");
LOGGER.info("Web Service URL is :" + strParticipantUrl);
LOGGER.info("Web Service Method Name is :" + methodName);
ServiceFactory serviceFactory = new ServiceFactory();
Service service = null;
try {
service = (Service) serviceFactory.createService(new QName(
FundTransferConstants.QNAME_SERVICE));
} catch (ServiceException e) {
isErrorOccured = true;
Integer connectionTimeOut = FundTransferContext.getInstance()
.getConnectionTimeOut();
org.apache.axis.client.Call call = null;
if (null != service) {
try {
LOGGER.info("setting ssl status to debug");
System.setProperty("javax.ssl.debug", "all");
String proxyHost = FundTransferUtil.getProperty("PROXY.HOST");
String proxyPort = FundTransferUtil.getProperty("PROXY.PORT");
String username = FundTransferUtil.getProperty("PROXY.USER");
String password = FundTransferUtil
.getProperty("PROXY.PASSWORD");
if (proxyHost != null && !"".equals(proxyHost)) {
System.setProperty("proxySet", "true");
System.setProperty("http.proxyHost", proxyHost);
if (proxyPort != null && !"".equals(proxyHost)) {
System.setProperty("http.proxyPort", proxyPort);
if (username != null && !"".equals(username)) {
System.setProperty("http.proxyUser", username);
if (password != null && !"".equals(password)) {
System.setProperty("http.proxyPassword", password);
String keyStoreLocation = FundTransferUtil
.getProperty("KEYSTORE_LOCATION");
String keystore = keyStoreLocation + "/"
+ FundTransferConstants.KEYSTORE_FILE_NAME;
String storetype = FundTransferConstants.KEYSTORE_FILE_TYPE;
String][ props = {
{ FundTransferConstants.TRUST_STORE, keystore, },
{ FundTransferConstants.KEY_STORE, keystore, },
{ FundTransferConstants.KEY_STORE_PWD, keyStorePwd, },
{ FundTransferConstants.KEY_STORE_TYPE, storetype, },
{ FundTransferConstants.TRUST_STORE_PWD, keyStorePwd, }, };
// Commented loading the keystore to test outbound calls
/*for (int index = 0; index < props.length; index++)
System.getProperties().setProperty(propsindex[0],
propsindex[1]);*/
// Commented all trusting trust manager
/*LOGGER.info("Creating TrustManager...");
TrustManager] trustAllCerts = new TrustManager[ { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
LOGGER.info("Acception all issuers");
return null;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkClientTrusted method");
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs,
String authType) {
LOGGER.info("checkServerTrusted method");
// Install the all-trusting trust manager
try {
LOGGER.info("Creating SSLContext...");
SSLContext sc = SSLContext.getInstance("SSL");
LOGGER.info("Created SSLContext..." + sc);
sc.init(null, trustAllCerts,
new java.security.SecureRandom());
LOGGER.info("Created SSLContext initiated...");
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
LOGGER.info("sslDefaultSocketFactory......"
+ sc.getSocketFactory());
} catch (Exception e) {
LOGGER.error("Exception is occuring...");
LOGGER.error(e.getMessage());
call = (Call) service.createCall();
} catch (ServiceException ex) {
LOGGER.error(ex.getMessage());
errorMessage = ex.getMessage();
isErrorOccured = true;
if (null != call) {
LOGGER.info("Web Service TimeOut setting :"
+ connectionTimeOut.intValue());
LOGGER.info("Setting axis propeties to use IBMFakeTrustSocketFactory");
// This will allow web service requests using the HTTPS protocol without having a valid SSL certificate installed and configured.
AxisProperties.setProperty("axis.socketSecureFactory","org.apache.axis.components.net.IBMFakeTrustSocketFactory");
call.setTimeout(connectionTimeOut);
call.setTargetEndpointAddress(strParticipantUrl);
call.setProperty(Call.SOAPACTION_USE_PROPERTY,
new Boolean(true));
call.setProperty(Call.SOAPACTION_URI_PROPERTY,
FundTransferConstants.EMPTY_STRING);
QName qnameTypeStr = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
QName header = new QName(FundTransferConstants.NS_XSD,
FundTransferConstants.QNAME_TYPE);
call.setReturnType(qnameTypeStr);
call
.setOperationStyle(FundTransferConstants.WEB_SERVICE_OPERATION_RPC_STYLE);
call
.setOperationName(new QName(
FundTransferConstants.BODY_NAMESPACE_VALUE,
methodName));
call.addParameter("String_1", qnameTypeStr, ParameterMode.IN);
String[] params = { strMessage };
if (FundTransferConstants.CARRIER_RESEND_METHOD
.equalsIgnoreCase(methodName)) {
try {
call.invoke(params);
} catch (Exception ex) {
errorMessage = ex.getMessage();
isErrorOccured = true;
LOGGER.info(ex.getMessage());
} else {
int counter = 0;
while (counter < 3) {
counter++;
try {
// Here making the call which is failing
result = (String) call.invoke(params);
counter = 4;
} catch (AxisFault axisFault) {
axisFault.printStackTrace();
errorMessage = axisFault.getMessage();
isErrorOccured = true;
LOGGER.error(axisFault.getMessage());
} catch (Exception ex) {
ex.printStackTrace();
errorMessage = ex.getMessage();
isErrorOccured = true;
if (isErrorOccured) {
throw new RouterException(errorMessage);
return result;
System Error:
12/7/07 13:43:41:639 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
12/7/07 13:43:41:640 EST 000000bb SystemErr R AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 more
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at org.apache.axis.AxisFault.makeFault(AxisFault.java:129)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:131)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:180)
at org.apache.axis.client.Call.invokeEngine(Call.java:2564)
at org.apache.axis.client.Call.invoke(Call.java:2553)
at org.apache.axis.client.Call.invoke(Call.java:2248)
at org.apache.axis.client.Call.invoke(Call.java:2171)
at org.apache.axis.client.Call.invoke(Call.java:1691)
at com.dtcc.insurance.fundtransfer.transport.TransportHandler.transport(TransportHandler.java:245)
at com.dtcc.insurance.fundtransfer.router.MessageRouter.transport(MessageRouter.java:112)
at com.dtcc.insurance.fundtransfer.controller.MessageController.processMessage(MessageController.java:155)
at com.dtcc.insurance.fundtransfer.service.FundTransferServiceImpl.fundTransferRequest(FundTransferServiceImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java(Compiled Code))
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java(Compiled Code))
at java.lang.reflect.Method.invoke(Method.java(Compiled Code))
at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:402)
at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:309)
at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:333)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:150)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:120)
at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:481)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:323)
at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:854)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1572)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:762)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3174)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:253)
at com.ibm.ws.webcontainer.VirtualHost.handleRequest(VirtualHost.java:229)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1970)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:114)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:472)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:411)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:288)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.determineNextChannel(SSLConnectionLink.java:950)
at com.ibm.ws.ssl.channel.impl.SSLConnectionLink$MyReadCompletedCallback.complete(SSLConnectionLink.java:582)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1704)
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.requestComplete(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run(WorkQueueManager.java(Compiled Code))
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse2.bx.a(bx.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java:473)
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.w.a(w.java(Compiled Code))
at com.ibm.jsse2.v.a(v.java(Compiled Code))
at com.ibm.jsse2.by.a(by.java(Compiled Code))
at com.ibm.jsse2.by.l(by.java(Compiled Code))
at com.ibm.jsse2.by.startHandshake(by.java(Compiled Code))
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:224)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:157)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:114)
... 48 more
Caused by: java.security.cert.CertificateException: Certificate not Trusted
at com.ibm.jsse.bi.a(Unknown Source)
at com.ibm.jsse.bi.checkServerTrusted(Unknown Source)
at com.ibm.jsse2.ba.checkServerTrusted(ba.java:16)
... 57 moreI found the fix from Oracle Support Knowlededge Base
sslTool serverInfo --url https://HOST:9043 --certFile newcert.cer
PStoreTool located in REGISTRY_HOME/bin/PStoreTool add -config
WEBLOGIC_HOME/user_projects/domains/[osr_domain_name]/servers/[osr_server_name]/tmp/_WL_user/registry/[unique id]/public/conf/pstore.xml -certFile newcert.cer
I was updating wrong file with the certificate. It had to be pstore.xml. This solved my issue.
Thanks & Regards,
Parshant -
Config certificate and log issues
I config certificate and use it to connect ipsec vpn , I just config
jinan-neusoft(config)#ip domain-name neusoft.com
jinan-neusoft(config)#crypto key generate rsa general-keys
The name for the keys will be: jinan-neusoft.neusoft.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)
jinan-neusoft(config)#
Nov 16 01:05:44.435: RSA key size needs to be atleast 768 bits for ssh version 2
jinan-neusoft(config)#
Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled
jinan-neusoft(config)#crypto pki trustpoint CA1
jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80
jinan-neusoft(ca-trustpoint)# revocation-check crl
jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY
jinan-neusoft(ca-trustpoint)# auto-enrol
jinan-neusoft(config)#crypto pki authenticate CA1
Certificate has the following attributes:
Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A
% Do you accept this certificate? [yes/no]: y
Trustpoint CA certificate accepted.
then I have log issues like below ,even I config auto-enroll , I don t get certificate pending information from my certificate server ,
my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ,how to deal with it ,top players , THX~~~~
Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 731143916 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 731143916 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :
Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
Processor board ID FCZ163371P3
6 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"
Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 704933204 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor Free: 704933204 Cause: Interrupt level allocation
Alternate Pool: None Free: 0 Cause: Interrupt level allocation
-Process= "", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z -
How to Create a PDF Document and apply Digital Signature in C# using the Adobe SDK?
Hi Everybody!
I have to do two distinct tasks here:
1) How can I create a PDF document using the Adobe SDK in my .NET Applications(C# - 2.0)?
I just need a basic sample to create a document with a simple text, for example. I did not find any useful information in the adobe documentation. I have the Acrobat Professional 8.0 in my computer, but it's very dificult to work whith de Acrobat.dll and .NET with a poor documentaion.
2)How can I apply digital signature in a existent pdf document?
I need to sign documents using the SDK, just a basic sample in c# would be helpful to start!
Anybody could help?
Thank in advance!Leonard Rosenthol or anybody that can help, sorry to insist.
I will explain better my problem:
I have an ASP.NET WebPAge (C# - 2.0). In this page, the user make a request. The request should generate a PDF document with the informations of the request and with a field to add a digital signature. The document created will be send to a approver that will confirm the approval applying his digital signature (I need to do too, a webpage where the approver open the page, choose the pdf document, and sign, just selecting his own certificate and clicking in the button SIGN... but this is another problem).
That's the reason that I have to create a PDF document. If I create a WORD or HTML document, and then convert to PDF, how can I add a field to digital signature in this pdf document?
Is there any solution using Acrobat SDK?
Thank you very much! -
AS2: Where to specify certificates and keys: CC or Receiver Agreement
Hello,
when configuring a AS2 scenario (Proxy - AS2 Receiver) I am wondering about configuration details for certificates.
In the AS2 receiver configuration channel I can enter:
SSL Certificates
Server Certificate (Keystore)
Private Key for Client Authentification
In receiver agreement I can enter:
AS2 Sender Configuration
Signing Key
AS2 Receiver Configuration
EncryptionCertificate
So I am not sure what to configure where? I am right that transport level security is done in the communication channel, and message level security in the receiver agreement?
If I use SSL without client authentification in combination with Digital Signature I have to enter Server Certificate of parter in communication channel and Signing Key in Receiver Agreement, right?
Sorry, maybe this was a little bit confusing.Hi,
you need to configure certificates in receiver agreement. I did it quite long back.. You need to enter some alias name of certificates over there.
Once you open the Receiver agreement, you can easily figure it out.
Thanks
Inder -
How to get batch job o/p in PDF format and automatically saved to xyz loc
Hi Experts,
Our requirement is we want output of background job in PDF format and this PDF generated should be saved in some xyz path at OS level.
Why doing this?: Business don't want hard copy o/p of some batch jobs but only want to save this output in pdf format to some OS location for future use.
We could achieve above objective by archiving method (but for some reason we cant adopt it).
So guys please propose solution in detail regarding above problem "how to get o/p in PDF format and automatically get saved to xyz location"
System : 4.0B
OS : Windows NT
Database : Oracle
Thanks in advanceHi guys,
Thanks guys for your invaluable advise.I asked abaper to use the above report for pdf conversion. But I have another problem that o/p of batch job should come in japanese language but when i check spool or hard copy o/p its not coming in readable form (seems something like machine language) . I dont what is the reason there must be some basis setting to get the batch job o/p in japanese language.
Please help me.
thank you -
Trying to set up encrypted mails but I'm confused about certificates and keys
Hello all,
My first foray into encrypted emails and I'm already confused! To begin with, I'm trying to exchange mails with one other person, who I believe uses Outlook. So far:
He's sent me his certificate (although I thought I would receive his public key) which is a file called smime.p7m. I don't know what to do with this.
I've successfully followed the instructions at https://support.mozilla.org/en-US/kb/digitally-signing-and-encrypting-messages. When I start a new mail, I can either go to the Enigmail menu and switch on encryption / digital signing and it seems fine, or I can go to the dropdown on the S/MIME button and it says "You need to set up one or more personal certificates before you can use this security feature." Are these two different ways of doing the same thing (in which case I'll use the one that works!) or not?
As you can see, I'm getting confused between keys and certificates! If some kind person could take a minute to explain what my next steps are, that would be much appreciated. I couldn't find anything on the Thunderbird support pages, though I know I need to send him my public key.
Thanks in advance.
Stuart.Stuart8, good find, that article.
I found the main disincentive to using the built-in S/MIME capability is that it's not immediately obvious where to get your certificate and keys. Most providers want $$$ for them, which is natural enough if they are actually going to validate you in some way. I did at one time have a Thawte certificate and even enough WOT vouches to be a low-grade WOT Attorney.
Once you have your key, it's a bit of a pfaff to install it into Thunderbird. You'll probably find that S/MIME is the default in business correspondence, since many businesses operate their own mail servers, ftp servers and so on and probably have an arrangement to generate self-issued certificates or to buy them on a commercial basis from a CA.
Enigmail/OpenPGP doesn't require any financial outlay on your part, but is harder to get your keys properly validated since there's not much of a formal WOT nor a reliable central registry. You generate your own keys and it's pretty much all based on mutual trust.
Since the two systems are incompatible, you need to have set up the same as whatever your correspondent is using.
I suspect that you have discovered that it's a two-way process. In order for a correspondent to send you an encrypted message, you must both be using the same system, and he must have your public key to encrypt his message, and you'll need his in order to reply with encryption. So yes, he needs to send you his public key for you to send to him, but what he sends to you needs YOUR public key.
Obviously, signing messages is a useful halfway house. I believe that you sign with your private key, and the recipient will have to download your public key to validate your signature. Whilst a signature doesn't safeguard your privacy, it goes some way to proving that the message came from who it says it came from and that it hasn't been altered in transit. (I really can't understand why banks, lawyers, insurance companies haven't picked up on these encryption and signing schemes. Perhaps they actually prefer all those awful phone calls where you need to struggle to recall supposedly unforgettable names and dates! ;-) )
In practice, I find that if you sign a message to an outfit who don't know what to do with it, their numpty anti-virus system will probably barf on the signature which it thinks is executable code and therefore must be a virus or worm. :-( -
Keychain root certificate not trusted (?)
I see a couple of items in keychain access that say "root certificate not trusted"
what is this and should they be deleted or somehow modified?
I looked at certificates with Certificate assistant "evaluate certificate"
but do not quite understand.
ThanksOk I'll try not to...
Thanks -
Creating SSL certificate and configuring it with JBOSS 4.0.1
I have to post some data to a secured site from my application.
For this, I am creating connection to that site using URLConnection and to send data I create OutputStream using the connection.
But, while creating the stream it is showing SSLException and message is No trusted certificate found.
For this, I need to create SSL certificate (mostly using keytool command) and configure it with my application server which is JBOSS 4.0.1
Now, my problem is that I don't know the exact steps to create a certificate and configure it with JBOSS. Please provide the steps in detail.I think you have this back to front. Unless this exception came from the server, in which case it is misconfigured, you don't have to create a certificate, you have to import the server's certificate, or that of one of its signers, into the client's truststore, and tell Java where the truststore is if it's in a non-standard location.
See http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html. You'll have to ask about the JBoss part in a JBoss forum. -
ISE: Guest SSL Certificate Not Trusted Error
Team,
We are building an ISE Demo for an event, I configured the Guest Access and it is working fine. the problem is that when the guests (Event attendess) try to access the internet they will be reditrected to teh ISE for Guest Authentication. The guest will get the below error message which doesn't look good because the ISE has the self-signed certificate and it doesn't have a public trusted certificate.
I tried to generate a trail SSL certificate from Thawte and Symentec but both replied that we couldn't verify the information you have provided. I believe this is because my domain is not publicly resgitered (I created this domain internally for the event)
Please advice what is the solution for this issue. I don't want my guest/attendees to see the error message. It doesn't look for to demonstrate ISE.
Please advice
Thanks in advanceThe only solution that can competely resolve your issue is to get a certificate from any trusted CA, like Verisign, Thawte, etc. Cost for that is typically $100 per year. Other solution is to use certificate from StartSSL. They have easy procedure for issuing ceritifcates and it's free, but in some browsers that window still may appear sometimes.
-
What is prereq for reading above, and for start develop/reading with flex and cf(level?) ?
http://www.adobe.com/devnet/flex/pdfs/getting_started_with_Flex3.pdf
what is prereq for reading above, and for start develop/reading with flex and cf(level?) ?The Flex Quickstarts will be a place for starters, if you want to know
about Flex/CF integration the first to know would be some basics of CF.
Sincerely,
Michael
Sent from my iPhone
Maybe you are looking for
-
Error message says: Unable to write the email to the mailbox. Make sure your file system allows you to write privileges and you have enough desk space to copy the mailbox. This message comes and goes and often will not be fixed ( although sometimes i
-
Error when publishing a PL/SQL Web Service with JDeveloper 10.1.3!!!!!!!!!
Hi, When I publish a PL/SQL package as a web service in J2EE 1.4 (Jax-RPC) Web Service version get this error: oracle.j2ee.ws.common.tools.api.ValidationException: Error in database webservices assembly at oracle.j2ee.ws.tools.wsa.db.WSADBPlugin
-
How to read my cursor that is ref cursor returning user defined type
Hi I have types defined as follows: TYPE MY_RECORD IS RECORD ( COL1 TABLE1.COL1%TYPE, COL2 TABLE1.COL2%TYPE TYPE MY_CURSOR IS REF CURSOR RETURN MY_RECORD;This is used as return type in a stored procedure. I have a pl/sql block where I make a call to
-
Object RV_BELEG number range interval 01 does not exist
Hi Gurus, I need suggestion or solution to solve my problem when creating sales order(standard order) from VA01 transaction. Error Descriptio and Message: For object RV_BELEG , number range interval 01 does not exist Message no. NR751 Diagnosis The d
-
Hi I have a sample table of empno,sal and hiredate. I have 2 duplicate rows for example empno sal Hiredate 7900 1000 1-mar-03 7900 2000 2-mar-03 I want to eliminate the duplicate row. My query should be like this ... Select empno,sal,min(hiredate) ..