Private Key is incorrect or Hash not Set

Similar Messages

• 'Error while signing data-Private key or certificate of signer not availabl

  Hello All,
  In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
  I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
  http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
  when I have tested using Test tab of message mapping  it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
  ' Error while signing data - Private key or certificate of signer not availableu2019.
  Appreciate your expert help to resolve this issue urgently please.
  Regards,
  Shivkumar

  Hi Shivkuar,
  Could you please let me know how you were trying to achieve the XML signature.
  We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
  <Signature>
       <SignedInfo>
           <CanonicalizationMethod />
           <SignatureMethod />
           <Reference>
                   <Transforms>
                   <DigestMethod>
                   <DigestValue>
           </Reference>
      <Reference /> etc.
    </SignedInfo>
    <SignatureValue />
    <KeyInfo />
    <Object>ACTUAL PAYLOAD</Object>
  </Signature>
  I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
  Thanks and Regards,
  Sami.

• Error while signing data-Private key or certificate of signer not available

  Hello All,
  I am new to PI.  I am currently stuck with an issue. The scenario is as explained below.
  We need to check for the service availability before processing the data. So, we test for the RFC connection first from the ECC system. During this process, we access the digital certificate stored in the PI system so that it can be validated and allowed to consume this intended service.
  Error :
  When we trigger the RFC test from the  ECC system, we get an error stating ' Error while signing data -  Private key or certificate of signer not available '. But when we test the same functionality within PI system(Locally), we does not encounter any such error. The certificate is maintained and it appears fine.
  The communication channels are stored with logon credentials.
  Can anyone please help me with this error or provide your valuable inputs. Thanks in advance.
  Regards,
  Shivkumar

  Hello,
  When we trigger the RFC test from the ECC system, we get an error stating ' Error while signing data - Private key or certificate of signer not available '.
  This should be normal behavior since the certificates are not installed in ECC SSL folders of Strust. Why not just install the certificates in the ECC system, perform an ICM restart and do a retest? After all, the certificates would both be the same in PI and ECC.
  Hope this helps,
  Mark

• Two-way SSL: Private key is incorrectly read if the charset is set to UTF8

  Looks like PEMInputStream and other related classes assumes the application charset
  "iso81", but if the charset is something else, then "java.security.KeyManagementException"
  is thrown.
  We have everything setup and two-way ssl works when the encoding is not set. but
  brakes if the encoding is UTF8.
  WLS 7.0
  OS - HP-UX
  Is there any other workaround (not setting UTF8 is not a solution, ours is a WW
  app).
  Thanks

  I would suggest posting this to the security newsgroup.
  -- Rob
  Govinda Raj wrote:
  Looks like PEMInputStream and other related classes assumes the application charset
  "iso81", but if the charset is something else, then "java.security.KeyManagementException"
  is thrown.
  We have everything setup and two-way ssl works when the encoding is not set. but
  brakes if the encoding is UTF8.
  WLS 7.0
  OS - HP-UX
  Is there any other workaround (not setting UTF8 is not a solution, ours is a WW
  app).
  Thanks

• KB-2813237 Windows 8 CryptoAPI crashes Outlook when Private Key is accessed on Highest Security Setting

  Hello,
  Do Microsoft have a updated hofix(2813237) that works for Windows 8.1 Pro machines?
  Kind regards
  Simon

  Hi,
  Since this is a known issue, there's a workground which worth a try, please refer to the following thread, reply posted by duchiant
  http://social.technet.microsoft.com/Forums/office/en-US/f543b04d-d510-4444-b803-1759f6c312c8/outlook-configured-on-windows-8-required-elevation-in-order-to-access-private-key?forum=outlook
  Add: I think we might need some more time to see whether MS can release an hotfix for Windows 8.1, we will keep an eye on this.
  Yolanda Zhu
  TechNet Community Support

• Private Key, Hash , sa password

  I didn't do the installation for this ecommerce site, I am just coming in later to customize the site and I was told that the initial installation was complete.  When I try and browse to the site of check sync manager I am getting 2 errors that I have never seen before.  The first is when I run the sync manager I get Private Key is incorrect or Hash not set.  I have gone in and checked and the private key is correct if I look at the web.config?  I am also getting a login failed for user "sa" when I try and browse to the site.  I was told the sa password is correct and the password works fine in the server config section of the sync manager.  Has anyone ever encountered anything similar to this?  When I searched the forums I found nothing like this.  I have done a few installations using SAP E-Commerce but I am far from an expert.
  Thanks

  Well, if the sa password is working in SynchManager but not on the website, then you definitely have an authentication problem. This is quite simple to fix.
  You'll need to recreate your Web Tools configuration in the instances.xml file located in your eCommerce Program Files directory. If you edit it, you will be able to see one "instance" XML node for each instance that you have installed. The one you want to remove should have an InstanceName attribute value that matches the name that you see in the Installer. Once you decide that this needs to be removed, you can either delete the node or simply comment it out using XML/HTML comments - it certainly wouldn't hurt to make a backup of this file in any case.
  After you've done this, you'll want to rerun the Installer, but in Instance-Only mode - this can be done by executing "installer.exe -i". The installer will automatically start an Advanced Install, but once it gets to the final step where all the action takes place, there will be a message that states that all of the steps will be skipped. Clicking finish will not overwrite anything, but instead place a new configuration in your instances.xml file of the configuration you just set up. This will allow you to re-enter the SQL login name and password for the website.
  Let me know if I've muddied or cleared the waters for you.

• Is a Public/Private Key Pair possible in SAP?

  I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?

  Not really a portal question, and maybe you'll get a better result in a security forum...
  However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.

• Please guide me on the issue of private key

  Hi All
  I am working on application that requires to do encryption and decryption using public and public key. I need some guidance on how to implement this functionality. The only requirement is to have public key and private key in two different files. For public key i can get it from .cer certificate file but i do not have much idea of what feature in java is provided to read private key from file. The file is definately not the keystore file. Please guide me as to in what format the private key should be so that my java program could read it and do decryption.
  Another thing is that the private and public key file will be provided by the client. I do not have any control on creating them. I will be given a location where i could find public and private key and passphrase for private key.
  Basically i do not have any clue on what class or technique to use to read those
  Thanks and Regards
  Pankaj Tiwari

  This is how i create the private and the public key files (Not the certificate file) :
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(2048); // 2048 is the keysize.
  KeyPair kp = kpg.generateKeyPair();
  PublicKey publicKey = kp.getPublic();
  PrivateKey privateKey = kp.getPrivate();
  // Serialize to a file
  ObjectOutput outPK = new ObjectOutputStream(new FileOutputStream("C:/Temp/PrivateKey.ser"));
  outPK.writeObject(privateKey);
  outPK.close();
  This is how i verify the signature of a file :
  File fileKey = new File("C:/Temp/KeyPair/publicKey.ser");
  ObjectInputStream inPK = new ObjectInputStream(new FileInputStream(fileKey));
  PublicKey publicKey = (PublicKey) inPK.readObject();
  inPK.close();
  // C:/Temp/myfile.zip.sign is the file that was generated when i signed my file C:/Temp/myfile.zip
  String algorithm = "SHA1withRSA";
  String myFile = "C:/Temp/myfile.zip";
  File fileSign = new File("C:/Temp/myfile.zip.sign");
  ObjectInputStream inSign = new ObjectInputStream(new FileInputStream(fileSign));
  byte[] signature = (byte[]) inSign.readObject();
  inSign.close();
  Signature verif = Signature.getInstance(algorithm);
  verif.initVerify(pubKey);
  FileInputStream in = new FileInputStream(myFile);
  int chVerif = 0;
  while ((chVerif = in.read()) != -1) {
  verif.update((byte)chVerif);
  if (verif.verify(signature))
  System.out.println("OK");
  else
  System.out.println("Error");

• SChannel error- The SSL server credential's certificate does not have a private key information property attached to it.

  We have a public SSL certificate that allows for Active Directory sync with LDAPS on port 636 with our email smart host. This was working fine and suddenly stopped working and we are now getting SChannel errors Event ID 36869. There were no changes made
  to the Exchange server, the firewall or the DC which holds the certificate. I have run a new certreq from the DC and then re-keyed the public SSL certificate and re-installed 3 times but the error does not go away and AD Sync with the vendor
  fails. When I run LDP.exe the connection on port 636 fails with "cannot open connection" and the system event log throws the S Channel event 36869 "The SSL server credential's certificate does
  not have a private key information property attached to it"  There is no software firewall set on the DC. When I run Certutil -VerifyStore MY  it shows the current certificates as well as the revoked and expired certificates
  correctly. Certificate 0 is the public cert and is listed with Server and Client authentication, the FQDN of the server is correct and "Certificate is Valid" is listed. The private cert is Certificate 1 and has server and client authentication, the
  FQDN is correct, Private key is not exportable and it ends with Certificate is Valid. I do not see a point in re-keying the cert again until I figure out what the root of the problem is. I have read in some forums that the private cert should not be set to
  expire after the public cert but that does not make a lot of sense when in a situation like this the private cert is of course newer than the public. In fact it is too early to renew the public cert. I have been troubleshooting this for a few days and at this
  point I would have to drop my AD sync with the vendor to LDAP in order to add new users. I do not want to do that for obvious reasons and I do not want to have our spam filtering and email archive service running without Directory sync. Any help would be greatly
  appreciated.

  Hi,
  Have you tried this?
  How to assign a private key to a new certificate after you use the Certificates snap-in to delete the original certificate in Internet Information Services
  http://support.microsoft.com/kb/889651
  Best Regards,
  Amy

• BizTalk Server 2013 SFTP Adapter with private key - Did not poll any files

  Hello, 
  We have a requirement to connect SFTP secure site with the private key and polling files.   Initially I have
  tested BizTalk Server 2013 SFTP Adapter receiver Port using  Bitvise SSH SFTP Server tool and it was working perfectly in our local network environment( with public private key authentication).
  However when we connected to Client SFTP server with private key authentication, It successfully connected to SFTP Server but
  did not poll any files from SFTP Site.  I added only one file to SFTP Server ( 145 kb file) for testing purpose.
  However BizTalk Server 2013 SFTP Send Adapter is working well with the same configuration.
  I could not find any errors in Event viewer also.  I can download\upload file using WinSCP tool .
  So I downloaded nSoftware SFTP Adapter trial version and deployed on server. nSoftware SFTP adapter  is also working find
  without any issues for Client SFTP Site.
   This is the configuration on SFTP Receive Adapter
  This is how SFTP Server download folder permission configured. I have got this details using WinSCP tool. 
  <o:p></o:p>
  Appreciate your help on this.<o:p></o:p>
  Thanks<o:p></o:p>
  PrabathD<o:p></o:p>

  BizTalk Adapter for SFTP is where the polling logic is implemented. It is not part of the SFTP Client logic. any SFTP Client is for User Interaction and you do what you want/when you want.
  The BizTalk Receive however is for purposes of automation and the adapter polls the receive location using the credentials every polling interval to check for the files matching the filter. When it find a file, it will read and publish to message box or
  submit to pipeline for processing. Your setting the polling interval to 0 (ZERO) might actually be disabling the polling.
  Set your poll interval to a non-zero value and check the behavior.
  Regards.

• Private Key Not Found Error in Ldaps

  Hi,
  I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
  "Either this certificate is for another server, or this certificate was not requested using this server".
  can any one help me in this regard.
  Regards
  Senthil
  Edited by: senlog80 on Dec 30, 2008 3:18 AM

  Or even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
  <b>Symptom</b>:
  When you execute a query with virtual characteristics or key figures, the system issues the following error message:
  Object FIELD I_S_DATA-<key figure> not found
  <b>Other terms</b>
  RSR00002, RSR_OLAP_BADI
  <b>Reason and Prerequisites</b>
  This problem is caused by a program error.
  <b>Solution</b>
  If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
  If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
  Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
  In urgent cases, you can use the correction instructions.
  To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
  Assign pts if helpful.

• History is not working in Firefox 3.6.11 it is blank. Private browsing is not set.

  History is not working in Firefox 3.6.11 it is blank and does not create any new history. Private browsing is not set.

  Try changing privacy.clearonshutdown.history to false

• AZURE The specified certificate could not be found in the LocalMachine certificate store,or the certificate does not have a private key.

  Hello,
  I try to make a HV website in Azure. It took me hours to figure out how to make a HV certificate with my own password. But I figured it out. With the HV application manager I uploaded the certificate to the HV platform. This worked fine. Then I created a
  c# project with also works well on my local machine.
  This is the code I use in the web.config
  <appSettings>
  <add key="ApplicationId" value="24ee15be-1497-4719-ad70-d1223adbf021" />
  <add key="ShellUrl" value="https://account.healthvault-ppe.co.uk/" />
  <add key="HealthServiceUrl" value="https://platform.healthvault-ppe.com/platform/" />
  <!-- when we call the SignOut() method on HealthServicePage, it redirects us to the page below -->
  <add key="NonProductionActionUrlRedirectOverride" value="Redirect.aspx" />
  <!-- The redirect page (specified above) uses these keys below to redirect to different
  pages based on the response from the shell -->
  <add key="WCPage_ActionHome" value="default.aspx" />
  <add key="WCPage_ActionAppAuthSuccess" value="default.aspx" />
  <add key="WCPage_ActionSignOut" value="SignedOut.aspx" />
  </appSettings>
  Next step is to deploy the site to Azure. I was able to upload the certicate to Azure.
  After deploy I get the following error:
  System.Security.SecurityException: The specified certificate, CN=WildcatApp-24ee15be-1497-4719-ad70-d1223adbf021, could not be found
  in the LocalMachine certificate store,or the certificate does not have a private key.
  I checked the certificate on another server with a different key in the web.config
  <add key="ApplicationCertificateFileName" value="c:\Zodos\website\WildcatApp-24ee15be-1497-4719-ad70-d1223adbf021.pfx"/>
  This gives me this error:
  Exception Details: System.Security.Cryptography.CryptographicException: The specified network password is
  not correct.
  So the procedure I followed definitely was not correct:
  It works on my local machine
  It doesn't work on another server or on Azure
  I can see that the procedure I follow is not correct, but what am I doing wrong?
  Wilfred

  I am having the same problem. I see I have updates thru the Mac App Store but when I try and run the System updates in the Mac App Store it errors out. But I can update third party apps.
  Have even tried going thru Terminal to check for software updates but still have same error claiming it can not find the hostname server.
  Jefre

• Err: The private key material is not exportable outside of the HSM

  Hi,
  I am working on weblogic 8.1 with sp4, Using keytool generated certificates with HardwareSecurityModule (HSM) and enabled ssl in weblogic admin console.
  Now while starting the server following error is displayed
  <Oct 4, 2005 3:18:44 PM GMT+05:30> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
  <Oct 4, 2005 3:18:44 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000327> <Starting WebLogic Admin Server "ncss" for domain "ncqa">
  <Oct 4, 2005 3:18:49 PM GMT+05:30> <Notice> <Security> <BEA-090170> <Loading the private key stored under the alias srinualias from the nCipher.SWorld keystore file E:\bea\user_projects\domains\ncqa\srinu.>
  <Oct 4, 2005 3:18:51 PM GMT+05:30> <Notice> <Security> <BEA-090171> <Loading the identity certificate stored under the alias srinualias from the nCipher.SWorldkeystore file E:\bea\user_projects\domains\ncqa\srinu.>
  com.ncipher.provider.nCSecurityException: The private key material is not exportable outside of the HSM
  at com.ncipher.provider.km.KMDSAKey.getParams(KMDSAKey.java:59)
  at com.certicom.tls.interfaceimpl.CertificateSupport.CheckIfKeyMatch(Unknown Source)
  at com.bea.sslplus.CerticomSSLContext.doKeysMatch(Unknown Source)
  at weblogic.security.utils.SSLContextWrapper.doKeysMatch(SSLContextWrapper.java:93)
  at weblogic.t3.srvr.SSLListenThread.checkIdentity(SSLListenThread.java:323)
  at weblogic.t3.srvr.SSLListenThread.initSSLContext(SSLListenThread.java:169)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:140)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:126)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1637)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:1009)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:361)
  at weblogic.Server.main(Server.java:32)
  <Oct 4, 2005 3:18:52 PM GMT+05:30> <Warning> <Security> <BEA-090552> <The public and private key could not be checked for consistency.>
  <Oct 4, 2005 3:18:52 PM GMT+05:30> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the nCipher.SWorld keystore file E:\bea\user_projects\domains\ncqa\srinu.>
  <Oct 4, 2005 3:18:53 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "ncss" for domain "ncqa" running in Development Mode>
  <Oct 4, 2005 3:18:53 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
  <Oct 4, 2005 3:18:53 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "SSLListenThread.Default" listening on port 7002, ip address *.*>
  <Oct 4, 2005 3:18:53 PM GMT+05:30> <Notice> <WebLogicServer> <BEA-000355> <Thread "ListenThread.Default" listening on port 7001, ip address *.*>
  Please let me know if any clues.
  thanks
  Ceenu

  This is just a warning to let you know that the server was not able to verify whether the private key matches your public key, because it could not get the key from HSM. This is normal. SSL should still work.
  Pavel.

• Workflow Manager Configuration - Certificate with Thumbprint does not have a private key

  After following the video series on how to install and Configure Workflow Manager into SharePoint 2013 http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx,
  I get to the 'Configure Certificates' section in the Workflow Manager Configuration:  I browse to our wildcard certificate and select it.
  When I try to move to the next page of the configuration wizard, I get the following red error under the certificate:
  Certificate with thumbprint LONG STRING does not have a private key.
  I checked the properties of the certificate, and it says: You have a private key that corresponds to this certificate.
  What am I missing??
  Thank you.
  macrel

  Hi,
  According to your post, my understanding is that you got error under the certificate.
  Please make sure you configure the workflow manager correctly.
  More information:
  Install and configure workflow for SharePoint Server 2013
  Installing and Configuring Workflow Manager 1.0
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support