PKCS#11 Certs generation

Similar Messages

• SSL with pct in the https service?

  Hi,
  Recently, in my organization we ran a vulnerabilty test and  the ACS platfomr got this vulnerability  ssl-pct1-bo basically consist when an application over https run a protocol named ptc that is a library of ssl, this is a potencial risk because it  could permit execute a buffer overflow over the machine, but when I look for information about it i found that affects systems over windows O.S. I want to know if this vulnerability could affect my ACS. It is 5.1.0.44.5 version. I know that my acs is based on a linux o.s but i want to know if ptc could be execute altought this.
  Regards.

  Juan,
  ACS does not use MD5 for CSR or self sign cert generation. Option we have is either SHA1 or SHA256.
  Regards
  ~JG
  Do rate helpful posts

• Problem with creating a third party signed x509 certificate

  Dear all
  I'm working on pki project, in which i need to generate a key pair and and using it to create a self-signed x509 certificate, it will act as the CA and using it private key to sign all other x509 certificate, I have no problem on creating the self-signed cert, but when try to create other cert using CA private, I got the following exception
  Caught exception: java.security.InvalidKeyException: Public key presented not for certificate signature
  I'm using bouncycastle to do the cert generation, here is an example of my code
     Security.addProvider(new BouncyCastleProvider());
     //be sign key pair
     KeyPairGenerator keyGen=KeyPairGenerator.getInstance("DSA");
     keyGen.initialize(1024, new SecureRandom());
     KeyPair keypair=keyGen.generateKeyPair();
     PrivateKey prikey=keypair.getPrivate();
     PublicKey pubkey=keypair.getPublic();
     //ca key pair
     KeyPair cakeypair=keyGen.generateKeyPair();
     PrivateKey caprikey=cakeypair.getPrivate();
     PublicKey capubkey=cakeypair.getPublic();
     Hashtable attrs = new Hashtable();
     attrs.put(X509Principal.CN, "Test");
     //generate cert
     X509V3CertificateGenerator certGen=new X509V3CertificateGenerator();
     certGen.setSerialNumber(BigInteger.valueOf(1));
     certGen.setIssuerDN(new X509Principal(attrs ));
     certGen.setNotBefore(new Date(System.currentTimeMillis() - 50000));
     certGen.setNotAfter(new Date(System.currentTimeMillis() + 50000));
     certGen.setSubjectDN(new X509Principal(attrs));
     certGen.setPublicKey(pubkey);
     //certGen.setSignatureAlgorithm("MD5WithDSAEncryption");
     certGen.setSignatureAlgorithm("SHA1withDSA");
     X509Certificate cert=certGen.generateX509Certificate(caprikey);
     cert.checkValidity(new Date());
     cert.verify(pubkey);
     Set dummySet=cert.getNonCriticalExtensionOIDs();
     dummySet=cert.getNonCriticalExtensionOIDs();I have no idea what problem is
  I hope that bouncycastle supporter or anyone could help me or give some guidance and I'm much appreciate that.

  Hi tkfi
  your problem is you'er not using the ca public key to do the verification, replace the
  cert.verify(pubkey);
  to
  cert.verify(capubkey);
  and it should be work

• ZCM 11.2 Second Primary - SSL Configuration

  Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
  I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
  From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
  Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
  I could be a bit discombobulated....
  Thanks
  Patrick

  Never mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...

• Self Signed Certificate Problems

  I admit little knowledge of certificates and just need to get one installed to test the Web Proxy Server functionality.
  I followed the procedures here first
  http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-secureserver-selfsigned.html
  And then tried to reuse this certificate for Web Proxy Server Version: 4.0.5 B04/18/2007 11:01
  I received the following error:
  Incorrect usage no private key. The server could not find the private key associated with this certificate.
  I assume that this is because the keypair for this certificate is not in the certificate database I first created.
  I then tried to follow the instructions here:
  http://forum.java.sun.com/thread.jspa?threadID=5092677
  but got an IO error. not sure why.
  Would anyone know how I can either get Web Proxy Server to generate its own certificate or accept the one I generated using openssl?
  I appreciate any ideas or insights.
  Thanks,
  Sean

  Dear Sean,
  From the "Request Certificate" page create a csr. You will get a string like this.
  -----BEGIN NEW CERTIFICATE REQUEST-----
  MIICtDCCAZwCAQAwbzELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCWthcm5hdGFrYTES
  ilrOO4an8WzQ2SfPl8ZleScPoIjhBbRkwOfweQVnmFkJIBYeHHuTPTC2U0pkZU0u
  jCXt6mWJmt0Pe6GAcZ4SAj9AFzvtVm52DF9zvdnywU7WjjLxR7xCo2Hws6iiPCmc
  DDG8hxd77ayzNg1spI6YjrJJ6kXWWGBM
  -----END NEW CERTIFICATE REQUEST-----
  save this in a file say csr.file for openssl cert generation.
  run this openssl command:
  openssl ca -in csr.file -out yourcert.pem
  Install yourcert.pem. It should go through.

• Systems Center Update publisher

  I have Systems Center 2012 R2 setup and running on a Windows Server 2012 R2 box.  I installed update publisher on this same box so I can get the Adobe catalogs and include the adobe updates with my other updates.   Update publisher installed just
  fine, but I'm running into issues when trying to set it up.  Under Options > Update Server > Connect to local update server when I enable it I get the following message when I test the connection:
  When I click the "Create" button under Signing Certificate to create a certificate I just keep getting that same pop-up everytime I click it.  I read somewhere that 2012 no longer will create self signed certs, but I'm not sure how to get
  around this issue.  Anyone have any help?  Thanks in advance.

  Here's the info on re-enabling WSUS self-signed cert generation:
  http://blogs.technet.com/b/wsus/archive/2013/08/15/wsus-no-longer-issues-self-signed-certificates.aspx
  I suggest you don't re-enable this though -- they disabled it for a reason. Go the extra mile, get a PKI smart resource and deploy a PKI.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• PKCS#11 provider - ECDSA key pair generation on token

  Hello,
  I want to generate ECDSA key pair on HSM (nCipher's netHSM) using SunPKCS11 provider and Java 6.
  After generation for all supported curve names (e.g. secp256r1) I try to call getEncoding method from PublicKey object (keyPair.getPublic().getEncoded()) and
  I get RuntimeException
  caused by java.io.IOException: "Point does not match field size"
  at sun.security.ec.ECParameters.decodePoint(ECParameters.java:75)
  at sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:61)
  at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1002)
  Keys are accessible on HSM.
  Everything is well configured and works fine with RSA keys.
  Using IAIK PKCS#11 provider I got proper values. Is it any bug in SunPKCS11 provider?
  Regards,
  MarcinP

  I recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
  "There are two separate issues - one is that our current pkcs11
  release doesn't support ECDSA signature with SHA-2 hashes
  (the v11.00 firmware adds support for it, but the main release version of
  the pkcs11 library hasn't been updated to take advantage of it yet).
  There is a hotfix version that does support SHA-2 hashes with some
  restrictions, talk to [email protected] for details, and V11.10
  should be out soon and have that merged in.
  But the issue with setting CKA_SIGN is that our underlying HSM API
  allows elliptic curve keys to be either key exchange (ECDH) or
  signature (ECDSA) keys, but not both at one.
  At the PKCS #11 level, if you specify CKA_DERIVE=true and let
  CKA_SIGN default, it will default to false, and vice versa.
  If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
  return CKR_TEMPLATE_INCONSISTENT because we can't do both with
  the same key. (However, the tests using C_GetMechanismInfo will
  show that we can do both mechanisms, because we can - so long
  as you use different keys, even though they have the same PKCS#11
  type.)
  I can't comment on when or how that will be changed."
  I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
  Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
  Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
  Dave

• Automate generation and installation of certs from AD CS over the web?

  We have an environment where there are dozens of separate AD forests, none of which have (or can have) any trust relationships.
  We also have an Active Directory Certificate Server that we use for generating internal certs. This AD CS server is available to all of the servers via the web console (https://some.url/certsrv), but there is no other connectivity to the AD CS other than
  port 443.
  The question is, are there any methods we can use to automate the generation and installation of certs from the AD CS server? Specifically, suppose I am sitting on SERVERX and I am running a script, is it possible to have that script generate and submit
  a cert request to https://some.url/certsrv, then retrieve and install the cert into the machine store?
  The research I have done so far shows that this is typically possible if the CA is part of the same AD forest and is reachable over more ports than just 443.
  Today we do an awkward launch of iexplore and some screen scraping, but it requires manual intervention to get it to work, and we'd like to fully automate the process.

  You should consider to use a certificate enrollment web services (which are intended for such scenarios):
  http://technet.microsoft.com/en-us/library/dd759209.aspx
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell FCIV tool.

• Workflow manager .. certificate generation key or cert

  Hello. Thanks for the time.  I was wondering if I can get some enlightment on the SP 2013 workflow manager  configuration.  In the technet video series one of the steps is to create a certificate and use that... but in most install docs
  I've found the step is skipped and set to choose an auto generate a cert with a key... like the farm passphrase.  My question is really in regards to what is the difference and can we have that set for in production? or is the auto-generate only for dev
  and testing?

  Hi,
  Quote:
  Under some circumstances, you must obtain and install Workflow Manager "issuer" certificates on SharePoint Server 2013. Here are the circumstances where you must install Workflow Manager certificates:
  If SSL is enabled either on SharePoint Server 2013 (which is not the default) or on Workflow Manager (which is the default), AND
  If SharePoint Server 2013 and Workflow Manager do not share a Certificate Authority, AND
  If Workflow Manager is configured to generate self-signed certificates (which is the default).
  For more information: http://technet.microsoft.com/en-us/library/jj658589(v=office.15).aspx
  Here is an article about certificates in workflow manager for reference:
  http://www.harbar.net/articles/wfm3.aspx
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• ITunes U cannot fetch HTTPS feeds with current generation of SSL certs

  I've outlined this problem previously with no resolution, but given that public iTunes U sites are about to rely even more on feeds it's even more important that a solution be found.
  Here's the summary of the unresolved thread http://discussions.apple.com/thread.jspa?messageID=11012798
  iTunes U will no longer update valid feeds from our LMS. Our LMS is entirely SSL/TLS and recently had its certificate updated. The DigiCert certificate and feed are working at https://lms.brocku.ca/podcasts/site/BuildaPodcast . However iTunes U sends an E-Mail to the owner once it is changed to this URL that reads:
  "iTunes U could not update the content because iTunes U could not download the specified feed (https://lms.brocku.ca/podcasts/site/BuildaPodcast). Until the issue is resolved, iTunes U continues to display the last downloadable version of the content. Verify that the feed specified in the feed URL field and the resource are available, and then try again"
  In the interim we've been fetching the exact same RSS feed and hosting it at http://ctlet.brocku.ca/~mclare/podcast/BuildaPodcast so that iTunes U can fetch it with out SSL/TLS - but we can not do this for all podcasts.
  Older versions of the command line tools like cURL (and its library) and wget have a similar problem. In their situation their root certificates are not fully updated. Could this be the case for the iTunes U feed fetcher?
  Thanks for looking into this.
  .\.\att

  Hi Mark,
  Thanks, it is indeed now updating.
  When I updated it yesterday (a little before 2:04 EST) I did not get the previous Error prompt - but I didn't know if that was an iTunes 9 change in interface or the problem being solved. I did get an E-Mail from iTunes U <[email protected]> subject "iTunes U unable to update Course page group Brock University > Brock Community > Sakai > Help for Instructors" - full E-Mail below.
  I edited the feed/section again today (10:12 EST) and the status appears to indicate that it was updated. BUT, I again received this E-Mail:
  E-Mail :"Dear iTunes U administrator, instructor, or course manager,
  Your 'Sakai' course in your brocku.ca iTunes U site populates its 'Help for Instructors' group track list automatically from an RSS feed, based on the podcast RSS feed URL and details you specified. iTunes U encountered the following error while trying to access the podcast RSS feed:
  iTunes U could not update the content because iTunes U could not download the specified feed (https://lms.brocku.ca/podcasts/site/BuildaPodcast). Until the issue is resolved, iTunes U continues to display the last downloadable version of the content. Verify that the feed specified in the feed URL field and the resource are available, and then try again.
  To check your iTunes U podcast RSS feed URL and details, edit your Course page group located at Brock University > Brock Community > Sakai > Help for Instructors.
  Sincerely,
  The iTunes U Team"
  It is great that content will start moving now, but can anything be done about the spurious E-Mails?

• PKCS#11 - eToken Device problem

  Dear All,
  I have an urgent problem I have Aladdin eToken Pro USB device and I need to generate private key on it, I was able to load the KeyStore using the pkcs#11 dll file and I was able to generate private and public key from the KeyPairGenerator , but I don't have any Idea on how to store the private key on the Aladdin eToken device ... here is the code which I have used please help me
                  String configName = "C:\\eTokenConfig.cfg";
            Provider p = new sun.security.pkcs11.SunPKCS11(configName);
            Security.addProvider(p);
            // Read the keystore form the smart card
            char[] pin = { '1', '2', '3', 'q', 'w', 'e'};
            KeyStore keyStore = KeyStore.getInstance("PKCS11",p);
            keyStore.load(null, pin);
            System.out.println(keyStore.size());
            //generate keys
            KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
            KeyPair pair = kpg.generateKeyPair();
            PrivateKey privateKey = pair.getPrivate();
            PublicKey publicKey = pair.getPublic();

  It is possible that the PKCS11 configuration file that maps the JCE to the P11 library from Aladdin is incorrect. Have you contacted your vendor's support group and asked them for a sample configuration file that works?
  One way to (partially) test the JCE-PKCS11 bridge for the eToken is to generate a key-pair and a self-signed certificate using the Mozilla tools (which can use the P11 library from Aladdin directly) (download from http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html). After you've verified that the keys (and certificate) are on the token (using certutil or Firefox), then use your JCE software to read the keys/certificate. If your bridge configuration is correct, you should be able to read and use all objects (PrivateKey, PublicKey and Certificate). After you've verified that this part works, then go back to testing key-generation through your JCE module.
  No, you can't just save the keys by themselves using the JCE. The KeyStore API allows for saving only a PrivateKey, SecretKey and a Certificate chain using the setEntry, setKeyEntry or setCertificateEntry methods. You will have to create an empty certificate, at a minimum, to store the PublicKey of your key-pair.
  Here is some sample code that does this for a Utimaco Hardware Security Module (HSM) in combination with the BouncyCastle JCE Provider (BC has a CertificateGenerator that makes this task easy):
      // Create BC CerttificateGenerator instance
      X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
      // Add required certificate values
      certgen.setSerialNumber(new BigInteger("123"));
      certgen.setIssuerDN(new X500Principal("CN=TEST"));
      certgen.setSubjectDN(new X500Principal("CN=TEST"));
      certgen.setNotBefore(new Date(System.currentTimeMillis()));                        
      certgen.setNotAfter(new Date(System.currentTimeMillis() + (10*86400000)));
      certgen.setPublicKey(pubkey);                                                
      certgen.setSignatureAlgorithm("SHA256withRSA");
      // Generate certificate
      X509Certificate cert = certgen.generate(keypair.getPrivate(), provider.getName());
      System.out.println("===> Generated X509 Certificate.");
      // Store certificate
      ks.setKeyEntry(keyalias, keypair.getPrivate(), null, ((CryptoServerProvider)provider).getDumyCertificateChain());
      ks.setCertificateEntry(certalias, cert);
      System.out.println("===> All objects saved OK.");The setKeyEntry() method for your provider is sure to be different. Note that with this HSM, the keys are automatically persisted in the token when they are generated through the KeyPairGenerator. That's why you don't see any code for storing the key-pair in this sample.

• Error during generation of the WSDL:  BUILD FAILED java.lang.NoClassDefFoundError: com/sun/javadoc/Type

  When I create an EJB Transport Business Service, after selecting the jar that has the EJB 2.1 artefacts (Remote, Home, etc) the oepe plugin fails and can't continue.
  As I understand it seems that there is a problem with the classpath of ant build.xml  that oepe creates inside folder /tmp/alsbejbtransport/ to compile the bs and generate the wsdl. I checked if tools.jar is in the classpath (in eclipse) and is included, so I can't figure out wich is the problem.
  I found this in Oracle, but not helps solve the problem:
  BEA-398120
  Error: The WSDL for the typed transport endpoint could not be accessed.
  Description
  There was a problem retrieving the WSDL from the typed transport service endpoint at the time of service registration
  Action
  Contact technical support
  This is the the full stacktrace that shows eclipse.
  Generate : Error during generation of the WSDL:
  BUILD FAILED
  java.lang.NoClassDefFoundError: com/sun/javadoc/Type
          at com.bea.util.jam.provider.JamServiceFactoryImpl.createSourceBuilder(JamServiceFactoryImpl.java:205)
          at com.bea.util.jam.provider.JamServiceFactoryImpl.createBuilder(JamServiceFactoryImpl.java:158)
          at com.bea.util.jam.provider.JamServiceFactoryImpl.createClassLoader(JamServiceFactoryImpl.java:137)
          at com.bea.util.jam.provider.JamServiceFactoryImpl.createService(JamServiceFactoryImpl.java:78)
          at weblogic.wsee.util.JamUtil.parseSource(JamUtil.java:152)
          at weblogic.wsee.tools.anttasks.JwsLoader.loadJClasses(JwsLoader.java:186)
          at weblogic.wsee.tools.anttasks.JwsLoader.load(JwsLoader.java:75)
          at weblogic.wsee.tools.anttasks.JwsModule.loadWebServices(JwsModule.java:569)
          at weblogic.wsee.tools.anttasks.JwsModule.generate(JwsModule.java:369)
          at weblogic.wsee.tools.anttasks.JwsModule.build(JwsModule.java:256)
          at weblogic.wsee.tools.anttasks.JwscTask.execute(JwscTask.java:184)
          at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
          at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:601)
          at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
          at org.apache.tools.ant.Task.perform(Task.java:348)
          at org.apache.tools.ant.Target.execute(Target.java:357)
          at org.apache.tools.ant.Target.performTasks(Target.java:385)
          at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337)
          at org.apache.tools.ant.Project.executeTarget(Project.java:1306)
          at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
          at org.apache.tools.ant.Project.executeTargets(Project.java:1189)
          at org.apache.tools.ant.Main.runBuild(Main.java:758)
          at org.apache.tools.ant.Main.startAnt(Main.java:217)
          at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257)
          at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104)
  Caused by: java.lang.ClassNotFoundException: com.sun.javadoc.Type
          at org.apache.tools.ant.AntClassLoader.findClassInComponents(AntClassLoader.java:1400)
          at org.apache.tools.ant.AntClassLoader.findClass(AntClassLoader.java:1341)
          at org.apache.tools.ant.AntClassLoader.loadClass(AntClassLoader.java:1088)
          at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
          ... 27 more
  Total time: 0 seconds
  Eclipse Installation details:
  *** System properties:
  eclipse.application=org.eclipse.ui.ide.workbench
  eclipse.buildId=M20110909-1335
  eclipse.commands=-os
  linux
  -ws
  gtk
  -arch
  x86_64
  -showsplash
  -launcher
  {home}/Development/oepe-indigo/eclipse
  -name
  Eclipse
  --launcher.library
  {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.100.v20110505/eclipse_1407.so
  -startup
  {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
  --launcher.overrideVmargs
  -exitdata
  1e418010
  -vm
  /usr/bin/java
  eclipse.home.location=file:{home}/Development/oepe-indigo/
  eclipse.launcher={home}/Development/oepe-indigo/eclipse
  eclipse.launcher.name=Eclipse
  [email protected]/../p2/
  eclipse.p2.profile=PlatformProfile
  eclipse.product=org.eclipse.platform.ide
  eclipse.startTime=1374623921455
  eclipse.vm=/usr/bin/java
  eclipse.vmargs=-Xms256m
  -Xmx768m
  -XX:MaxPermSize=512m
  -Dsun.lang.ClassLoader.allowArraySyntax=true
  -Dweblogic.home={home}/Oracle/Middleware/wlserver_10.3
  -Dharvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester
  -Dosb.home={home}/Oracle/Middleware/Oracle_OSB1
  -Dosgi.bundlefile.limit=750
  -Dosgi.nl=en_US
  -Dmiddleware.home={home}/Oracle/Middleware
  -jar
  {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
  equinox.use.ds=true
  file.encoding=UTF-8
  file.encoding.pkg=sun.io
  file.separator=/
  guice.disable.misplaced.annotation.check=true
  harvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester
  http.nonProxyHosts=localhost
  java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment
  java.awt.printerjob=sun.print.PSPrinterJob
  java.class.path={home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
  java.class.version=50.0
  java.endorsed.dirs=/usr/lib/jvm/jdk1.6.0_45/jre/lib/endorsed
  java.ext.dirs=/usr/lib/jvm/jdk1.6.0_45/jre/lib/ext:/usr/java/packages/lib/ext
  java.home=/usr/lib/jvm/jdk1.6.0_45/jre
  java.io.tmpdir=/tmp
  java.library.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64/server:/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64:/usr/lib/jvm/jdk1.6.0_45/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
  java.protocol.handler.pkgs=null|com.bea.wli.sb.resources.url|com.bea.wli.sb.resources.jca.upgrade.url|weblogic.utils|weblogic.utils|weblogic.utils|weblogic.net|weblogic.net
  java.runtime.name=Java(TM) SE Runtime Environment
  java.runtime.version=1.6.0_45-b06
  java.specification.name=Java Platform API Specification
  java.specification.vendor=Sun Microsystems Inc.
  java.specification.version=1.6
  java.vendor=Sun Microsystems Inc.
  java.vendor.url=http://java.sun.com/
  java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport.cgi
  java.version=1.6.0_45
  java.vm.info=mixed mode
  java.vm.name=Java HotSpot(TM) 64-Bit Server VM
  java.vm.specification.name=Java Virtual Machine Specification
  java.vm.specification.vendor=Sun Microsystems Inc.
  java.vm.specification.version=1.0
  java.vm.vendor=Sun Microsystems Inc.
  java.vm.version=20.45-b01
  javax.rmi.CORBA.PortableRemoteObjectClass=weblogic.iiop.PortableRemoteObjectDelegateImpl
  javax.rmi.CORBA.UtilClass=weblogic.iiop.UtilDelegateImpl
  jna.platform.library.path=/usr/lib/x86_64-linux-gnu:/lib/x86_64-linux-gnu:/lib64:/usr/lib:/lib
  line.separator=
  middleware.home={home}/Oracle/Middleware
  oracle.eclipse.tools.weblogic.ui.isWebLogicServer=true
  org.apache.commons.logging.Log=org.apache.commons.logging.impl.NoOpLog
  org.eclipse.equinox.launcher.splash.location={home}/Development/oepe-indigo/plugins/org.eclipse.platform_3.7.1.v201109091335/splash.bmp
  org.eclipse.equinox.simpleconfigurator.configUrl=file:org.eclipse.equinox.simpleconfigurator/bundles.info
  org.eclipse.m2e.log.dir={home}/workspace/pragma/.metadata/.plugins/org.eclipse.m2e.logback.configuration
  org.eclipse.update.reconcile=false
  org.omg.CORBA.ORBClass=weblogic.corba.orb.ORB
  org.omg.CORBA.ORBSingletonClass=weblogic.corba.orb.ORB
  org.osgi.framework.executionenvironment=OSGi/Minimum-1.0,OSGi/Minimum-1.1,OSGi/Minimum-1.2,JRE-1.1,J2SE-1.2,J2SE-1.3,J2SE-1.4,J2SE-1.5,JavaSE-1.6
  org.osgi.framework.language=en
  org.osgi.framework.os.name=Linux
  org.osgi.framework.os.version=3.8.0
  org.osgi.framework.processor=x86-64
  org.osgi.framework.system.capabilities=osgi.ee; osgi.ee="OSGi/Minimum"; version:List<Version>="1.0, 1.1, 1.2",osgi.ee; osgi.ee="JavaSE"; version:List<Version>="1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6"
  org.osgi.framework.system.packages=javax.accessibility,javax.activation,javax.activity,javax.annotation,javax.annotation.processing,javax.crypto,javax.crypto.interfaces,javax.crypto.spec,javax.imageio,javax.imageio.event,javax.imageio.metadata,javax.imageio.plugins.bmp,javax.imageio.plugins.jpeg,javax.imageio.spi,javax.imageio.stream,javax.jws,javax.jws.soap,javax.lang.model,javax.lang.model.element,javax.lang.model.type,javax.lang.model.util,javax.management,javax.management.loading,javax.management.modelmbean,javax.management.monitor,javax.management.openmbean,javax.management.relation,javax.management.remote,javax.management.remote.rmi,javax.management.timer,javax.naming,javax.naming.directory,javax.naming.event,javax.naming.ldap,javax.naming.spi,javax.net,javax.net.ssl,javax.print,javax.print.attribute,javax.print.attribute.standard,javax.print.event,javax.rmi,javax.rmi.CORBA,javax.rmi.ssl,javax.script,javax.security.auth,javax.security.auth.callback,javax.security.auth.kerberos,javax.security.auth.login,javax.security.auth.spi,javax.security.auth.x500,javax.security.cert,javax.security.sasl,javax.sound.midi,javax.sound.midi.spi,javax.sound.sampled,javax.sound.sampled.spi,javax.sql,javax.sql.rowset,javax.sql.rowset.serial,javax.sql.rowset.spi,javax.swing,javax.swing.border,javax.swing.colorchooser,javax.swing.event,javax.swing.filechooser,javax.swing.plaf,javax.swing.plaf.basic,javax.swing.plaf.metal,javax.swing.plaf.multi,javax.swing.plaf.synth,javax.swing.table,javax.swing.text,javax.swing.text.html,javax.swing.text.html.parser,javax.swing.text.rtf,javax.swing.tree,javax.swing.undo,javax.tools,javax.transaction,javax.transaction.xa,javax.xml,javax.xml.bind,javax.xml.bind.annotation,javax.xml.bind.annotation.adapters,javax.xml.bind.attachment,javax.xml.bind.helpers,javax.xml.bind.util,javax.xml.crypto,javax.xml.crypto.dom,javax.xml.crypto.dsig,javax.xml.crypto.dsig.dom,javax.xml.crypto.dsig.keyinfo,javax.xml.crypto.dsig.spec,javax.xml.datatype,javax.xml.namespace,javax.xml.parsers,javax.xml.soap,javax.xml.stream,javax.xml.stream.events,javax.xml.stream.util,javax.xml.transform,javax.xml.transform.dom,javax.xml.transform.sax,javax.xml.transform.stax,javax.xml.transform.stream,javax.xml.validation,javax.xml.ws,javax.xml.ws.handler,javax.xml.ws.handler.soap,javax.xml.ws.http,javax.xml.ws.soap,javax.xml.ws.spi,javax.xml.ws.wsaddressing,javax.xml.xpath,org.ietf.jgss,org.omg.CORBA,org.omg.CORBA_2_3,org.omg.CORBA_2_3.portable,org.omg.CORBA.DynAnyPackage,org.omg.CORBA.ORBPackage,org.omg.CORBA.portable,org.omg.CORBA.TypeCodePackage,org.omg.CosNaming,org.omg.CosNaming.NamingContextExtPackage,org.omg.CosNaming.NamingContextPackage,org.omg.Dynamic,org.omg.DynamicAny,org.omg.DynamicAny.DynAnyFactoryPackage,org.omg.DynamicAny.DynAnyPackage,org.omg.IOP,org.omg.IOP.CodecFactoryPackage,org.omg.IOP.CodecPackage,org.omg.Messaging,org.omg.PortableInterceptor,org.omg.PortableInterceptor.ORBInitInfoPackage,org.omg.PortableServer,org.omg.PortableServer.CurrentPackage,org.omg.PortableServer.POAManagerPackage,org.omg.PortableServer.POAPackage,org.omg.PortableServer.portable,org.omg.PortableServer.ServantLocatorPackage,org.omg.SendingContext,org.omg.stub.java.rmi,org.w3c.dom,org.w3c.dom.bootstrap,org.w3c.dom.css,org.w3c.dom.events,org.w3c.dom.html,org.w3c.dom.ls,org.w3c.dom.ranges,org.w3c.dom.stylesheets,org.w3c.dom.traversal,org.w3c.dom.views,org.w3c.dom.xpath,org.xml.sax,org.xml.sax.ext,org.xml.sax.helpers
  org.osgi.framework.uuid=901615cd-f3f3-0012-11b6-a3bca4d97ac1
  org.osgi.framework.vendor=Eclipse
  org.osgi.framework.version=1.6.0
  org.osgi.supports.framework.extension=true
  org.osgi.supports.framework.fragment=true
  org.osgi.supports.framework.requirebundle=true
  os.arch=amd64
  os.name=Linux
  os.version=3.8.0-26-generic
  osb.home={home}/Oracle/Middleware/Oracle_OSB1
  osgi.arch=x86_64
  osgi.bundlefile.limit=750
  osgi.bundles=reference:file:javax.transaction_1.1.1.v201105210645.jar,reference:file:org.eclipse.equinox.simpleconfigurator_1.0.200.v20110502-1955.jar@1:start
  osgi.bundles.defaultStartLevel=4
  osgi.bundlestore={home}/Development/oepe-indigo/configuration/org.eclipse.osgi/bundles
  osgi.configuration.area=file:{home}/Development/oepe-indigo/configuration/
  osgi.framework=file:{home}/Development/oepe-indigo/plugins/org.eclipse.osgi_3.7.1.R37x_v20110808-1106.jar
  osgi.framework.extensions=reference:file:javax.transaction_1.1.1.v201105210645.jar
  osgi.framework.shape=jar
  osgi.framework.version=3.7.1.R37x_v20110808-1106
  osgi.frameworkClassPath=., file:{home}/Development/oepe-indigo/plugins/javax.transaction_1.1.1.v201105210645.jar
  osgi.install.area=file:{home}/Development/oepe-indigo/
  osgi.instance.area=file:{home}/workspace/pragma/
  osgi.instance.area.default=file:{home}/workspace/
  osgi.logfile={home}/workspace/pragma/.metadata/.log
  osgi.manifest.cache={home}/Development/oepe-indigo/configuration/org.eclipse.osgi/manifests
  osgi.nl=en_US
  osgi.nl.user=en_US
  osgi.os=linux
  osgi.splashLocation={home}/Development/oepe-indigo/plugins/org.eclipse.platform_3.7.1.v201109091335/splash.bmp
  osgi.splashPath=platform:/base/plugins/org.eclipse.platform
  osgi.syspath={home}/Development/oepe-indigo/plugins
  osgi.tracefile={home}/workspace/pragma/.metadata/trace.log
  osgi.ws=gtk
  path.separator=:
  securerandom.source=file:/dev/./urandom
  socksNonProxyHost=localhost
  sun.arch.data.model=64
  sun.boot.class.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/resources.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/rt.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/sunrsasign.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/jsse.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/jce.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/charsets.jar:/usr/lib/jvm/jdk1.6.0_45/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/jdk1.6.0_45/jre/classes
  sun.boot.library.path=/usr/lib/jvm/jdk1.6.0_45/jre/lib/amd64
  sun.cpu.endian=little
  sun.cpu.isalist=
  sun.desktop=gnome
  sun.io.unicode.encoding=UnicodeLittle
  sun.java.command={home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar -os linux -ws gtk -arch x86_64 -showsplash -launcher {home}/Development/oepe-indigo/eclipse -name Eclipse --launcher.library {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.100.v20110505/eclipse_1407.so -startup {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar --launcher.overrideVmargs -exitdata 1e418010 -vm /usr/bin/java -vmargs -Xms256m -Xmx768m -XX:MaxPermSize=512m -Dsun.lang.ClassLoader.allowArraySyntax=true -Dweblogic.home={home}/Oracle/Middleware/wlserver_10.3 -Dharvester.home={home}/Oracle/Middleware/Oracle_OSB1/harvester -Dosb.home={home}/Oracle/Middleware/Oracle_OSB1 -Dosgi.bundlefile.limit=750 -Dosgi.nl=en_US -Dmiddleware.home={home}/Oracle/Middleware -jar {home}/Development/oepe-indigo//plugins/org.eclipse.equinox.launcher_1.2.0.v20110502.jar
  sun.java.launcher=SUN_STANDARD
  sun.jnu.encoding=UTF-8
  sun.lang.ClassLoader.allowArraySyntax=true
  sun.management.compiler=HotSpot 64-Bit Tiered Compilers
  sun.os.patch.level=unknown
  svnkit.http.methods=Basic
  svnkit.library.gnome-keyring.enabled=false
  user.country=AR
  user.dir={home}/Development/oepe-indigo
  user.home={home}
  user.language=es
  user.name={username}
  user.timezone=America/Argentina/Buenos_Aires
  weblogic.home={home}/Oracle/Middleware/wlserver_10.3
  Thanks!!

  run this one in command prompt and then convert the applet using converter tool
  JC_HOME = C:\java_card_kit-2_2_2\bin\
  set CLASSES=%JCHOME%\lib\apduio.jar;%JC_HOME%\lib\apdutool.jar;%JC_HOME%\lib\jcwde.jar;%JC_HOME%\lib\converter.jar;%JC_HOME%\lib\scriptgen.jar;%JC_HOME%\lib\offcardverifier.jar;%JC_HOME%\lib\api.jar;%JC_HOME%\lib\installer.jar;%JC_HOME%\lib\capdump.jar;
  D:\NareshPalle\jcardRE\Smart\src>java -classpath %_CLASSES% com.sun.javacard.con
  verter.Converter -out EXP JCA CAP -exportpath .\exp -applet 0x0a:0x00:0x00:0x00:0x0e:0x01:0x02:
  0x03:0x04:0x05:0x06 PackageName appletName 0x01:0x02:0x03:0x04:0x05:0x0
  6:0x07:0x08 1.0
  or
  go to following directory and run the converter tool in command prompt
  step 1: cd C:\java_card_kit-2_2_2\bin\
  then run this command under the above directory
  step 2:converter -classdir E:\Pathof Your applet class file -out EXP JCA CAP -exportpath E:\path of exp files folder -applet AID PackageName AppletName PackAID major.minor no
  For more doubts mail me....
  *[removed by moderator]*
  Thanks and Regards
  NareshPalle
  Edited by: EJP on 31/03/2012 20:09: removed your email address. Unless you like spam and unless you think these forums are provided for your personal benefit only, posting an email address here serves no useful purpose whatsoever.

• OBIEE 11g SSL Configuration Issue : Unable to import the Server certs

  Hello All,
  We are trying to configure OBIEE 11.1.1.6.0 with SSL using Windows server 2003 (IIS) and facing some issues with that.
  Followed the document : OBIEE11g SSL Setup and Configuration [1326781.1]
  http://obieedue.blogspot.sg/2012/08/obiee11g-ssl-setup-and-configuration.html
  and also completed generating the required certificate signing request and keystores for SSL communication and sent it to the CA (IT Admin team) to to have the certificate signed by CA. The issue comes when I am trying to import the CA certificate (Root certificate) and Server Certificate into the Java Keystore.
  I am importing the Root CA Certificate first which is successfully added to the keystore.
  keytool -import -trustcacerts -alias mycacert -file cacert.pem -keystore mykeystore.jks -storepass Welcome1
  Trust this certificate? [no]: yes
  Certificate was added to keystore.
  But when trying to add the Server Certificate to the keystore using the command below :
  keytool -import -v -alias testserver -file server.cer -keystore mykeystore.jks -keypass Welcome1 -storepass Welcome1
  Certificate reply was installed in keystore
  I get the following error:
  keytool error: java.lang.Exception: Failed to establish chain from reply
  java.lang.Exception: Failed to establish chain from reply
  at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2662)
  at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
  at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
  at sun.security.tools.KeyTool.run(KeyTool.java:172)
  at sun.security.tools.KeyTool.main(KeyTool.java:166)
  Read many forums and tried to convert it to the PKCS#7 format and import the cert to the identity keystore, but was not successful in that either. I have also checked with the IT Admin team and found there is only one RootCA and no other intermediate CA's.
  Please advice if any one has similar issues or suggestions.
  Thanks in advance,
  SVS

  Hi,
  One obvious reason would be that you did not specify -trustcacerts, and the root CA is not included in the present server keystore. In that case, using the -trustcacerts option would solve the problem, if the root CA is indeed in the JDK cacerts.
  To print out the certificates present in the JDK cacerts, use the following command:
  keytool -list -keystore <JAVA_HOME>/jre/lib/security/cacerts -storepass changeit -v
  Then check if the root CA that signed your server certificate is present, and has not expired (in which case,you would need to re-import a newer one into cacerts).
  Another common reason for that error message is when you have used a proprietary CA to sign your server certificate. Then it would obviously not be in the JDK cacerts. The solution in that case is to import your proprietary root CA into the JDK cacerts, using the following command:
  keytool -import -keystore <JAVA_HOME>/jre/lib/security/cacerts -file yourRootCA.pem -storepass changeit -alias youralias
  A third reason for that error message is when your server was signed by an intermediate certificate. In that case, you would have received from your CA a chain of certificates. One way to solve this (not the only one, but this one works well): Prepend your intermediate CA file to your server cert file, and import the obtained concatenated file into the server keystore. Be careful, the intermediate CA must be BEFORE the server cert. Example:
  copy rootca.cer certchain.p7b
  type server.cer >> certchain.p7b
  The file certchain.p7b will be the concatenation of the intermediate CA and the signed server cert. Then import the newly created file under the key alias as follows:
  keytool -import -keystore serverks.jks -file certchain.p7b -alias yourkey -trustcacerts
  If you only prepend the intermediate root CA, you must make sure the the final root CA is in cacerts. But you can also prepend your whole chain of trust inside the server keystore.
  Regards,
  Kal

• Web service call with v3 client cert in CF8

  I'm trying to call an external web service which requires a
  v3 client certificate be installed on our end. Our code platform is
  CF8, which I understand supports v3 certs. I've imported the
  external party's client cert into the CF server's cert store
  (cacerts) via keytool, and confirmed it's there. I've restarted the
  CF server. How do I attach the certificate to the cfhttp call to
  the external web service? I figure I can use a cfhttpparam, but am
  not sure what type to use, and what the value should be. Thanks in
  advance.

  DrewBlah wrote:
  > I'm trying to call an external web service which
  requires a v3 client
  > certificate be installed on our end. Our code platform
  is CF8, which I
  > understand supports v3 certs. I've imported the external
  party's client cert
  > into the CF server's cert store (cacerts) via keytool,
  and confirmed it's
  > there.
  You should not import the client certificate, but the server
  certificate:
  http://www.talkingtree.com/blog/index.cfm/2004/7/1/keytool
  http://jochem.vandieten.net/2008/02/28/cfhttp-and-client-certificates/
  > I've restarted the CF server. How do I attach the
  certificate to the
  > cfhttp call to the external web service? I figure I can
  use a cfhttpparam, but
  > am not sure what type to use, and what the value should
  be. Thanks in advance.
  The certificate for the HTTP call should be on the filesystem
  in PKCS#12
  format. Then use the following code:
  <cfset variables.certificatePath =
  ExpandPath("certificate.pkcs") />
  <cfset variables.certificatePass =
  "fillOutYourOwnPassword"/>
  <cfset variables.webserviceURL = "https://server/service"
  />
  <cfsavecontent variable="theSoap">
  <soapenv:Envelope
  xmlns:soapenv="
  http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:ns="https://server/service">
  <soapenv:Header/>
  <soapenv:Body>
  <ns:GetXXX>
  <xxx>YYY</xxx>
  </ns:GetXXX>
  </soapenv:Body>
  </soapenv:Envelope>
  </cfsavecontent>
  <cfhttp
  url = "#variables.webserviceURL#"
  clientCert = "#variables.certificatePath#"
  clientCertPassword = "#variables.certificatePass#"
  method = "get"
  port="443"
  >
  <cfhttpparam type="header" name="Connection"
  value="Keep-Alive">
  <cfhttpparam type="header" name="SOAPAction"
  value="service">
  <cfhttpparam type="xml" value="#theSoap#">
  </cfhttp>
  <cfdump var="#XMLParse(cfhttp.filecontent)#">
  Jochem
  Jochem van Dieten
  Adobe Community Expert for ColdFusion

• Applet doesn´t load in java 7 with next-generation plug-in marked

  I have developed an applet with netbeans 7.1.2 which worked fine until I updated from jvm6 to jvm7. The applet does not load properly unless I uncheck from the configuration of the jvm the checbox plug-in next-generation.
  Anyone know why in java 6 working properly with the plug-in next generation and in java 7 do not?
  I can do something to work properly in Java 7 without having to uncheck the checkbox?
  Thanks.

  1 - Java installed -> 1.7.0_05-b06. In Firefox works fine. The problem is in IE8.
  2 - I can run other applets.
  3-
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.definition value null
  security: property package.definition new value com.sun.javaws
  security: property package.definition value com.sun.javaws
  security: property package.definition new value com.sun.javaws,com.sun.deploy
  security: property package.definition value com.sun.javaws,com.sun.deploy
  security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.access value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.access new value sun.,com.sun.xml.internal.ws.,com.sun.xml.internal.bind.,com.sun.imageio.,com.sun.org.apache.xerces.internal.utils.,com.sun.org.apache.xalan.internal.utils.,com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
  security: property package.definition value com.sun.javaws,com.sun.deploy,com.sun.jnlp
  security: property package.definition new value com.sun.javaws,com.sun.deploy,com.sun.jnlp,org.mozilla.jss
  basic: Listener de progreso agregado: sun.plugin.util.ProgressMonitorAdapter@bbe282
  basic: Plugin2ClassLoader.addURL parent called for .../appletFirma/lib/bcmail-jdk13-145.zip
  basic: Plugin2ClassLoader.addURL parent called for.../appletFirma/lib/jce-ext-jdk13-145.zip
  basic: Plugin2ClassLoader.addURL parent called for .../appletFirma/lib/AbsoluteLayout.jar
  basic: Plugin2ClassLoader.addURL parent called for .../appletFirma/lib/plugin.jar
  basic: Plugin2ClassLoader.addURL parent called for .../appletFirma/AppletAplication.jar
  security: Se ha activado la comprobación de revocación de la lista negra
  security: Está activada la comprobación de lista de bibliotecas de confianza
  network: Se ha encontrado la entrada de caché [URL: .../appletFirma/lib/bcmail-jdk13-145.zip, versión: null] prevalidated=false/0
  cache: Resource .../appletFirma/lib/bcmail-jdk13-145.zip has expired.
  network: Conectando.../appletFirma/lib/bcmail-jdk13-145.zip con proxy=DIRECT
  network: Conectando.../ con proxy=DIRECT
  network: Conectando .../appletFirma/lib/bcmail-jdk13-145.zip con cookie "__utma=153011745.179473224.1324411077.1324563223.1326992570.4; DomAuthSessId=07A8675D20F4CBAA6E2D638B5330E7A0"
  network: ResponseCode de.../appletFirma/lib/bcmail-jdk13-145.zip: 304
  network: Codificación de .../appletFirma/lib/bcmail-jdk13-145.zip: null
  network: Desconectar conexión con .../appletFirma/lib/bcmail-jdk13-145.zip
  cache: Reading Signers from 2157 .../appletFirma/lib/bcmail-jdk13-145.zip | C:\Documents and Settings\Francisco Alvarez\Configuración local\Datos de programa\Sun\Java\Deployment\cache\6.0\1\282adb01-384a1e15.idx
  cache: Done readSigners(.../appletFirma/lib/bcmail-jdk13-145.zip)
  cache: Read manifest for .../appletFirma/lib/bcmail-jdk13-145.zip: read=201 full=5808
  security: Cargando certificados de despliegue desde C:\Documents and Settings\Francisco Alvarez\Datos de programa\Sun\Java\Deployment\security\trusted.certs
  security: Se han cargado certificados de despliegue desde C:\Documents and Settings\Francisco Alvarez\Datos de programa\Sun\Java\Deployment\security\trusted.certs
  security: Cargando certificados del almacén de certificados de la sesión de despliegue
  security: Certificados cargados del almacén de certificados de la sesión de despliegue
  security: Cargando certificados del almacén de certificados TrustedPublisher de Internet Explorer
  security: Certificados cargados desde el almacén de certificados TrustedPublisher de Internet Explorer
  security: Validar la cadena de certificados utilizando la API CertPath
  security: Cargando certificados del almacén de certificados ROOT de Internet Explorer
  security: Certificados cargados desde el almacén de certificados ROOT de Internet Explorer
  security: Cargando certificados de CA raíz desde C:\Documents and Settings\Francisco Alvarez\Datos de programa\Sun\Java\Deployment\security\trusted.cacerts
  security: Certificados de CA raíz cargados desde C:\Documents and Settings\Francisco Alvarez\Datos de programa\Sun\Java\Deployment\security\trusted.cacerts
  security: Cargando certificados de CA raíz desde C:\Archivos de programa\Java\jre7\lib\security\cacerts
  security: Certificados de CA raíz cargados desde C:\Archivos de programa\Java\jre7\lib\security\cacerts
  security: Obtener recopilación de certificados del almacén de certificados de CA raíz
  security: Obtener recopilación de certificados del almacén de certificados de CA raíz
  security: Obtener recopilación de certificados del almacén de certificados de CA raíz
  security: Obtener recopilación de certificados del almacén de certificados de CA raíz
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  security: Comprobando si el certificado está en el almacén de certificados TrustedPublisher de Internet Explorer
  basic: Dialog type is not candidate for embedding
  security: El usuario ha otorgado privilegios de código sólo para esta sesión
  security: Agregando certificado en el almacén de certificados de la sesión de despliegue
  security: Certificados agregados en el almacén de certificados de la sesión de despliegue
  security: Guardando certificados en el almacén de certificados de la sesión de despliegue
  security: Certificados guardados en el almacén de certificados de la sesión de despliegue
  network: Se ha encontrado la entrada de caché [URL:.../appletFirma/lib/jce-ext-jdk13-145.zip, versión: null] prevalidated=false/0
  cache: Resource http://desarrollo.isaltda.com.uy/appletFirma/lib/jce-ext-jdk13-145.zip has expired.
  network: Conectando .../appletFirma/lib/jce-ext-jdk13-145.zip con proxy=DIRECT
  network: Conectando .../appletFirma/lib/jce-ext-jdk13-145.zip con cookie "__utma=153011745.179473224.1324411077.1324563223.1326992570.4; DomAuthSessId=07A8675D20F4CBAA6E2D638B5330E7A0"
  network: ResponseCode de .../appletFirma/lib/jce-ext-jdk13-145.zip: 304
  network: Codificación de .../appletFirma/lib/jce-ext-jdk13-145.zip: null
  network: Desconectar conexión con .../appletFirma/lib/jce-ext-jdk13-145.zip
  cache: Reading Signers from 2157 .../appletFirma/lib/jce-ext-jdk13-145.zip | C:\Documents and Settings\Francisco Alvarez\Configuración local\Datos de programa\Sun\Java\Deployment\cache\6.0\37\590df8a5-7d87e233.idx
  cache: Done readSigners(.../appletFirma/lib/jce-ext-jdk13-145.zip)
  cache: Read manifest for .../appletFirma/lib/jce-ext-jdk13-145.zip: read=202 full=47488
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  network: Se ha encontrado la entrada de caché [URL: .../appletFirma/lib/AbsoluteLayout.jar, versión: null] prevalidated=false/0
  cache: Resource .../appletFirma/lib/AbsoluteLayout.jar has expired.
  network: Conectando.../appletFirma/lib/AbsoluteLayout.jar con proxy=DIRECT
  network: Conectando .../appletFirma/lib/AbsoluteLayout.jar con cookie "__utma=153011745.179473224.1324411077.1324563223.1326992570.4; DomAuthSessId=07A8675D20F4CBAA6E2D638B5330E7A0"
  network: ResponseCode de.../appletFirma/lib/AbsoluteLayout.jar: 304
  network: Codificación de.../appletFirma/lib/AbsoluteLayout.jar: null
  network: Desconectar conexión con .../appletFirma/lib/AbsoluteLayout.jar
  cache: Reading Signers from 1055 .../appletFirma/lib/AbsoluteLayout.jar | C:\Documents and Settings\Francisco Alvarez\Configuración local\Datos de programa\Sun\Java\Deployment\cache\6.0\17\56fa4991-262eae08.idx
  cache: Done readSigners(.../appletFirma/lib/AbsoluteLayout.jar)
  cache: Read manifest for.../appletFirma/lib/AbsoluteLayout.jar: read=283 full=283
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  security: Comprobando si el certificado está en el almacén de certificados TrustedPublisher de Internet Explorer
  basic: Dialog type is not candidate for embedding
  security: El usuario ha otorgado privilegios de código sólo para esta sesión
  security: Agregando certificado en el almacén de certificados de la sesión de despliegue
  security: Certificados agregados en el almacén de certificados de la sesión de despliegue
  security: Guardando certificados en el almacén de certificados de la sesión de despliegue
  security: Certificados guardados en el almacén de certificados de la sesión de despliegue
  network: Se ha encontrado la entrada de caché [URL:.../appletFirma/lib/plugin.jar, versión: null] prevalidated=false/0
  cache: Resource .../appletFirma/lib/plugin.jar has expired.
  network: Conectando .../appletFirma/lib/plugin.jar con proxy=DIRECT
  network: Conectando.../appletFirma/lib/plugin.jar con cookie "__utma=153011745.179473224.1324411077.1324563223.1326992570.4; DomAuthSessId=07A8675D20F4CBAA6E2D638B5330E7A0"
  network: ResponseCode de.../appletFirma/lib/plugin.jar: 304
  network: Codificación de .../appletFirma/lib/plugin.jar: null
  network: Desconectar conexión con .../appletFirma/lib/plugin.jar
  cache: Reading Signers from 5 .../appletFirma/lib/plugin.jar | C:\Documents and Settings\Francisco Alvarez\Configuración local\Datos de programa\Sun\Java\Deployment\cache\6.0\15\c16d34f-2740f800.idx
  network: No hay información de certificado para el archivo JAR sin firma: .../appletFirma/lib/plugin.jar
  cache: Done readSigners(.../appletFirma/lib/plugin.jar)
  cache: Read manifest for .../appletFirma/lib/plugin.jar: read=89 full=89
  network: Se ha encontrado la entrada de caché [URL: .../appletFirma/AppletAplication.jar, versión: null] prevalidated=false/0
  cache: Resource .../appletFirma/AppletAplication.jar has expired.
  network: Conectando .../appletFirma/AppletAplication.jar con proxy=DIRECT
  network: Conectando .../appletFirma/AppletAplication.jar con cookie "__utma=153011745.179473224.1324411077.1324563223.1326992570.4; DomAuthSessId=07A8675D20F4CBAA6E2D638B5330E7A0"
  network: ResponseCode de .../appletFirma/AppletAplication.jar: 304
  network: Codificación de .../appletFirma/AppletAplication.jar: null
  network: Desconectar conexión con .../appletFirma/AppletAplication.jar
  cache: Reading Signers from 1055 .../appletFirma/AppletAplication.jar | C:\Documents and Settings\Francisco Alvarez\Configuración local\Datos de programa\Sun\Java\Deployment\cache\6.0\51\609786b3-797751c9.idx
  cache: Done readSigners(.../appletFirma/AppletAplication.jar)
  cache: Read manifest for .../appletFirma/AppletAplication.jar: read=242 full=1552
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  basic: Applet cargado.
  basic: Applet resized and added to parent container
  basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 305312 us, pluginInit dt 6347309 us, TotalTime: 6652621 us
  security: Validar la cadena de certificados utilizando la API CertPath
  security: El certificado no ha caducado. No es preciso comprobar la información sobre el registro de hora
  security: Se ha encontrado el archivo de lista de jurisdicciones
  security: No se necesita comprobar la extensión de confianza de este certificado
  security: El soporte de CRL está desactivado
  security: El soporte de OCSP está desactivado
  security: Esta validación de entidad final de OCSP está desactivada
  security: Comprobando si el certificado está en el almacén de certificados denegados de despliegue
  security: Comprobando si el certificado está en el almacén permanente de certificados de despliegue
  security: Comprobando si el certificado está en el almacén de certificados de la sesión de despliegue
  basic: Plugin2ClassLoader.getPermissions CeilingPolicy allPerms
  basic: Applet initialized
  basic: Starting applet
  basic: completed perf rollup
  basic: Applet made visible
  basic: Applet started
  basic: Told clients applet is started
  basic: Starting applet teardown
  basic: Finished applet teardown
  basic: Listener de progreso eliminado: sun.plugin.util.ProgressMonitorAdapter@bbe282
  plugin2manager.parentwindowDispose