Private key password for Default DemoIdentity Keystore?

Similar Messages

• Key password for the demonstration identity key

  Anybody know the key password for the cert in the DemoIdentity keystore.
            I know the store passphrase but I can't find the key password documented
            anywhere on BEA's web site. Anybody know the private key password?
            Grant

  Disregard this post unless you happend to know the answer. I accidentally
            posted it here when I meant to post it in the security newsgroup.
            Grant
            > Anybody know the key password for the cert in the DemoIdentity
            > keystore. I know the store passphrase but I can't find the key
            > password documented anywhere on BEA's web site. Anybody know the
            > private key password?
            >
            > Grant
            >

• Does WLS 5.1 support private key passwords like WLS 6 does ?

  WebLogic 6.0 supports private key passwords as described here http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053139,
  summarized here;
  "When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped
  Keys field on the SSL tab of the Server window in the Administration Console.",
  plus you need to use this diraective -Dweblogic.management.pkpassword=
  I can't find any support for this in WLS 5.1. Does 5.1 support this additional
  level of security ?
  Thanks.

  In order to have the weblogic.mangement.pkpassword stuff work two other things need to have happened first:
  1) you generated a protected private key rather than just a "regular" private key. In the Certificate Servlet this is done by typing characters into the password field of the form to generate the key and
  then later passing those characters to the weblogic.management.pkpassword commandline attribute.
  2) you set the KeyEncrypted attribute in the SSL page in the console
  You can use protected/encrypted private keys or not but you need to make sure that you actually generated an encrypted private key and you've set SSL to use an encrypted private key and told the
  server to start up with an encrypted private key.
  Paul
  On 24 Jul 2001 08:13:06 -0700, [email protected] (David Barrett) wrote:
  Hello Dave,
  Dave here.
  I'm having some problems with the Weblogic SSL installation also. I
  was able to set the weblogic.management.pkpassword, but I am recieving
  the following error when attempting to start the server.
  Jul 23, 2001 1:44:53 PM EDT> <Info> <Logging> <Only log messages of
  severity "Error" or worse will be displayed in this window. This can
  be changed at Admin Console> myserver> Servers> myserverpass> Logging>
  General> Stdout severity threshold>
  <Jul 23, 2001 1:44:57 PM EDT> <Alert> <WebLogicServer> <Security
  configuration problem with certificate file config/myserver/mykey.der,
  java.lang.NullPointerException>
  java.lang.NullPointerException
  at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
  at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:124)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Please let me know if you know of any way to fix this issue.
  Best,
  David
  "Dave Javu" <[email protected]> wrote in message news:<[email protected]>...
  WebLogic 6.0 supports private key passwords as described here http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053139,
  summarized here;
  "When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped
  Keys field on the SSL tab of the Server window in the Administration Console.",
  plus you need to use this diraective -Dweblogic.management.pkpassword=
  I can't find any support for this in WLS 5.1. Does 5.1 support this additional
  level of security ?
  Thanks.

• Recovering Private Key Password

  I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?

  this is not possible since this is the most important part of the security protocol.
  You have to created a new key and get a new certificate.
  Regards,
  Gilles.

• How to force iOS to ask for S/MIME private key password every time?

  Hi, I am using S/MIME signing and encryption on my iOS devices and I am very surprised that the system does not require password for encrypting, decrypting or signing a message when using my cell phone. Everyone with access to it (be it a thief who saw my unlock code or somebody I know personally) will be able to send/read all encrypted messages. That is a deal breaker for me and I hope I am not the only one.
  So the question is: I need to be asked for a password everytime I (a) read encrypted message, (b) send a signed message or (c) send an encrypted message.
  How can I do that?
  I imported my key via iPhone configuration utility, but I was unable to find an option for that.

  By revealing your unlock code your device is already compromised. Just like revealing your computers login password. Once the computer is compromised, any number of things can be done which render the certificate password useless. Keyloggers can be installed, the kernel can be patched to steal DPAPI keys, etc. Real software companies like Apple and Microsoft don't entertain security through obscurity.

• SSL private key password

  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0 SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the same
  SSL certificate. By defaul the private key is not encrypted with password
  (SSL.KeyEncrypted = false by default, according to the documentations) in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script results the
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key from file
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure password specified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is the same
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

  Thanks Tony - it worked!!
  "Tony" <TonyV> wrote in message news:[email protected]...
  It may be because the private key is both unprotected and in DER format.
  There are some things to try:
  1) Convert the private key file from a DER file to a PEM file and try
  that:
  a) Follow the for converting an unprotected private key at:
  http://e-docs.bea.com/wls/docs70/adminguide/utils.html#1143743
  b) Look at the resulting PEM file, it should look something like
  this:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
  (Be sure there is no extra lines or whitespace after thefooter)
  >
  c) Change your configuration to point at the PEM file
  If that doesn work, then you can try protecting the key with apassword
  using
  the wlkeytool utility (It should be in the server/bin directory). The
  tool should prompt
  for a password to use to protect it:
  wlkeytool inputkey.pem outputkey.pem
  Then change your configuration to use the protected private key, andset
  the passwod to use.
  Tony
  "Makoto Suzuki" <[email protected]> wrote in message
  news:[email protected]...
  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the
  same
  SSL certificate. By defaul the private key is not encrypted withpassword
  (SSL.KeyEncrypted = false by default, according to the documentations)in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script resultsthe
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key fromfile
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword
  is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure passwordspecified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true
  and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is thesame
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

• WebLogic and SSL: supplying private key password upon startup

  Hello,
  Does BEA have an API I can use to customize the WebLogic Server startup? I have
  a password callback function that I would like the WebLogic Server to call when
  it needs the password for decrypting the server certificate private key...
  -- POCO

  nope.. till now..
  thanks
  kiran
  "POC" <[email protected]> wrote in message
  news:3e258885$[email protected]..
  >
  Hello,
  Does BEA have an API I can use to customize the WebLogic Server startup? Ihave
  a password callback function that I would like the WebLogic Server to callwhen
  it needs the password for decrypting the server certificate private key...
  -- POCO

• Setting password for Autologon Default user in registry

  Hi friends
  I don't know is this the right forum to ask this question:
  me along with my colleges are doing some exercises to improve our learnings, so we have setup a test lab which has a test DC & 10 test client computers running windows 8.1 
  as we know, when computers join to domain, the item related to Autologon is removed from netplwiz.
  I know that to be able to use Autlogon feature in joined computers, we can restore the above item by creating the required items via any method like the following:
  $regpath="HKLM:\software\Microsoft\Windows NT \CurrentVersion\Winlogon "
  New-ItemProperty -path $regpath -Name AutoAdminLogon -PropertyType String -Value "1" -Force
  $regpath="HKLM:\software\Microsoft\Windows NT\CurrentVersion\Winlogon"
  New-ItemProperty -path $regpath -Name DefaultDomainName -PropertyType String -Value %USERDOMAIN% -Force
  $regpath="HKLM:\software\Microsoft\Windows NT \CurrentVersion\Winlogon "
  New-ItemProperty -path $regpath -Name DefaultUsername -PropertyType String -Value “administrator” -Force
  the above lines provide required info for Autologon, except the password of the user.because of this we have to sit at every test client & open up netplwiz & manually enter the password for default Autologon user.
  is it possible to define the password for this user as well in the registry?  so that we add it to above lines & save them as a PS script & run that PS script on our test systems so that we don't have to sit at each test client
  & manually set password for default user for Autologon.
  I mean I need when we power on our test clients, they automatically login via domain administrator credentials & be ready to use
  thanks

  The documentation for this might prove helpful:
  http://technet.microsoft.com/en-us/library/cc939702.aspx
  According to the above:
  If you disable automatic logon by setting the value of AutoAdminLogon to 0, delete the value of
  DefaultPassword, which is stored and displayed in the registry editor in plain, unencrypted text.
  (Hint: I found this very quickly by searching for "autoadminlogon" using a search engine.)
  -- Bill Stewart [Bill_Stewart]

• Private Key File problem

  I have Weblogic Server Version 6.0. I created Private Key File using Certificate
  Request Generator Servlet. It created the the private key file (.der) file &
  CSR using which I got the Trial Server Certificate from Verisign. I installed
  the certificate (.pem) and configured the server. When I restarted the server
  it gives the following EOFException while reading the Private Key File : (I gave
  the Private Key password while generating the private key file from the servlet)
  <Dec 21, 2001 7:43:08 PM GMT+05:30> <Alert> <WebLogicServer> <Security configura
  tion problem with certificate file config/mydomain/TTI-D066-key.der, java.io.EOF
  Exception>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Thanks in advance for any solutions...
  Regards,
  Venkatesan

  Hi,
  please check if you provided the private key password which was used to
  create the file in the following property
  -Dweblogic.management.pkpassword
  on the command line correctly.
  In addition, please check "Use Encrypted Keys" to "true" in <server>->SSL
  tab from the admin console.
  Maria
  Developer Relations Engineer
  BEA Support
  Venkatesan schrieb in Nachricht <3c234536$[email protected]>...
  >
  I have Weblogic Server Version 6.0. I created Private Key File usingCertificate
  Request Generator Servlet. It created the the private key file (.der) file&
  CSR using which I got the Trial Server Certificate from Verisign. Iinstalled
  the certificate (.pem) and configured the server. When I restarted theserver
  it gives the following EOFException while reading the Private Key File : (Igave
  the Private Key password while generating the private key file from theservlet)
  >
  <Dec 21, 2001 7:43:08 PM GMT+05:30> <Alert> <WebLogicServer> <Securityconfigura
  tion problem with certificate file config/mydomain/TTI-D066-key.der,java.io.EOF
  Exception>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag(ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:398)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:301)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Thanks in advance for any solutions...
  Regards,
  Venkatesan

• How to find programatically the length of a private key?

  Hello,
  I generate a keystore and a private key in it with the command:
  keytool -genkey -v -alias myPrivKey -keyalg RSA -keysize 4096I then can access the private key with the following code:
  KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
  InputStream is = new FileInputStream("/path/to/keystore", keyStorePassword);
  ks.load(is);
  KeyStore.PasswordProtection protParam = new KeyStore.PasswordProtection(privKeyPassword);
  KeyStore.PrivateKeyEntry privKeyEntry = (KeyStore.PrivateKeyEntry)ks.getEntry("myPrivKey", protParam);
  PrivateKey privKey = privKeyEntry.getPrivateKey();How can I get the length of the private key using the PrivateKey privKey object in my code? In this case I know it is 4096, but how can I find the lengths of arbitrary rsa private keys?
  Thank you very much for your answers in advance.
  Regards
  Rambius

  RSAPrivateKey privKey = (RSAPrivateKey)privKeyEntry.getPrivateKey();
  BigInteger modulus = privKey.getModulus();
  int length = modulus.bitLength(); // See the Javadoc for details

• Private Key Store

  If you have 2 separate VPN clients using certificates on Windows 7.  Can/would  the private keys use separate private key stores?

  Hi,
  Every certificate is stored with its private key. 
  For more information, please refer to this article:
  Export a Certificate with the Private Key
  http://technet.microsoft.com/en-us/library/cc754329.aspx
  Karen Hu
  TechNet Community Support

• How to install PEM-format SSL private key from weblogic to NES

  I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !

  Hi
  I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
  Thank you

• SSL: how to use Multiple Private key/Certificate pair for authentication.

  Hi all,
  i am implementing SSL in java using X509 Certificate/private key combination.
  i have two set of private key/certificate pair.
  one is factory default and another is generated at run time.
  my problem is to try ssl connection with both pairs on same tcp/ip connection.
  e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
  on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
  can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
  Thanks In Advance
  Saurabh Ahuja

  Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
  It's like this. The idea of PKI with SSL is as follows:
  - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
  - the client has a truststore that trusts the server, one way or the other, see above.
  - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
  - the server sends its cert to the client along with a digital signature signed by its private key.
  - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
  At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
  If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
  You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

• Adobe Content Server 4.1 - Cound not find server's private key in the keystore

  Hello,
  I have getting following error when i setup fulfillment services of Adobe Content Server 4.1.1
  type Exception report
  message
  description The server encountered an internal error () that  prevented it from fulfilling this request.
  exception
  javax.servlet.ServletException: Servlet execution threw an exception
  root cause
  java.lang.Error: Cound not find server's private key in the keystore
       com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:156)
       com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
       com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
       com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
       com.adobe.adept.common.servlet.Status.doGet(Status.java:424)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  note The full stack trace of the root cause is available in the  Apache Tomcat/6.0.20 logs.
  My fulfillment-conf.txt contains following:
  com.adobe.adept.log.level=trace
  com.adobe.adept.log.file=C:\acs4\log\fulfillment.log
  com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
  com.adobe.adept.persist.sql.dialect=mysql
  com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
  com.adobe.adept.persist.sql.user=acesdbuser
  com.adobe.adept.persist.sql.password=******
  com.adobe.adept.serviceURL=http://127.0.0.1:8080/fulfillment
  com.adobe.adept.fulfillment.security.licensesignURL=https://nasigningservice.adobe.com/licensesign
  com.adobe.adept.fulfillment.security.keystore=pkcs12
  com.adobe.adept.fulfillment.security.pkcs12.file=file:///C:/ACS4/operator.p12
  com.adobe.adept.fulfillment.security.keystore.user=operator4acs
  com.adobe.adept.fulfillment.security.keystore.password=******
  Any Idea?
  Regards,

  Are you sure you created the .p12 file with the correct '-name' friendly name? The value for -name must match the value com.adobe.adept.fulfillment.security.keystore.user

• NAC and SSL - fails to import password protected private key

  I am attempting to import an SSL certificate on my CCA Manager and Server. I purchased a wild card SSL cert *.domain.com. The private key used to generate the certificate was created on an Cisco ACS 3.2 server and has a password. When attempting to import the private key into the CCA Manager the browser times out and no error is reported.
  My guess is that it is waiting for the password to allow access to the private key. Unfortunately there is no place on the form and no pop-up to enter the password.
  Is there a command line option for importing a private key that may work for me?
  Thanks
  Sherm

  The best Possible way is to generate a CSR from the CCA server and then purchase a certificate using that CSR. Then you dont have problems with private keys.
  Regards
  sathappan