Renewing public key certificate used for Seeburger AS2

Similar Messages

• How to renewal SSO public key certificate ??

  hiiiiii
  How to renewal SSO public key certificate....

  Hello,
  You should replace the existing certificate before it expires as per the link provided below.
  http://help.sap.com/saphelp_nw04s/helpdata/en/5c/b7d53ae8ab9248e10000000a114084/frameset.htm
  http://help.sap.com/saphelp_nw04s/helpdata/en/59/6b653a0c52425fe10000000a114084/frameset.htm
  Thanks,
  Siva Kumar

• ArchiveLink security: sending public key certificate by SCMS_HTTP_PUT_CERT

  Hello!
  I have a question which I asked on ESA and Security forums and didn't get answer.
  I am trying to do a test program to check ArchiveLink security features. Namely, I am calling the function SCMS_HTTP_PUT_CERT which is supposed to send a public key certificate via HTTP. However, when I catch this call and want to import the certificate by using the function SSFC_PUT_CERTIFICATE, I get error message <i>SSF kernel error: invalid parameter</i>.
  Does anyone have experience with this?
  For more detailed description of my attempt, please see ArchiveLink security: sending public key certificate.
  Thanks and regards,
  Igor

  Hi
  SCMS_HTTP_PUT_CERT is used to send sap public key to Content server application. The  content server application makes use of this key to verify the incoming request ie the Content Server uses the public key to check URIs and signatures.
  SAP uses the Public/Private key security concept while communicating with Content server. Basically when SAP communicates with Content server it will be sending GET, PUT, POST requests. The URL from SAP will have field called secKey which contains the security key. secKey ensures that a URL cannot be changed after it has been generated by the SAP system. The private key is used by SAP to generate the secKey.
  The content server application will use the public key provided via SCMS_HTTP_PUT_CERT to check the URL and will be able to detect if the URL has been tampered.
  Refer SAP Content Server HTTP 4.5 Interface documentation  section Security for more details.
  http://help.sap.com/saphelp_nw04/helpdata/en/9b/e8c186eaf811d195580000e82deb58/frameset.htm
  Hope this helps
  Cheers,
  Samanjay
  Message was edited by:
          Samanjay Shenoy

• Importing public key certificate from external application

  Hello!
  I am trying to implement the following scenario:
  1. External client application sends it's public key certificate to SAP WAS
  2. SAP imports this certificate into its PSE
  3. External client application sends digitally signed messages to SAP (with <i>secKey</i> HTTP call parameter)
  4. SAP checks this signature and does whatever further action.
  For simplicity reason, I emulated this "external app" by using the ArchiveLink interface of the very same SAP system. So, I have one system which is at the same time client and server, but the communication works via HTTP.
  I started with step 1: The ArchiveLink (in my case "external app") uses the function SCMS_HTTP_PUT_CERT to send the public key certificate to the client via HTTP. It worked well - I received the message with HTTP service and it contained some binary content as expected (valid public key certificate - I suppose).
  Unfortunately, I was unsuccessfull with step 2: How to import the received certificate into my PSE?
  I debugged the STRUST transaction and saw that it uses the function SSFP_PUTCERTIFICATE to import public key certificate into SAP's own PSE. However, when I try to use it, I get error <i>No temporary PSE available</i>. I also tried to <i>encode-base64</i> this message with the same result. What does this mean?
  Does anyone has experience with this? Please share it.
  Thanks in advance and kind regards,
  Igor

  The key point was understanding the cleverly named parameter PROFILE in the function SSFC_PUT_CERTIFICATE. You'd never guess: it's a path to a PSE where you want to put the certificate, in my case: C:\usr\sap\NSP\DVEBMGS00\sec\SAPSYS.pse. There's one more step: updating database with the file system PSE.
  So, the test sequence that works is:
  1. SSFP_GETSAPCERTIFICATE
  2. SSFC_PUT_CERTIFICATE
  3. SSFPSE_STORE
  Regards,
  Igor
  P.S. Am I the only one playing with these things? I keep getting 0 replies to my questions.

• Logout from an "https client authentication (public key certificate)"

  Hi ,
  I am using an https client authentication (public key certificate) to login to my ADF faces website
  How can I logout form the application? It seems the session.invalidate() is not working because my login information is still displayed after running the logout method (below)
  Note that this logout method was working well with the Form-Based Authentication.
  Thank you
  Jamil
  public String logout() {
  ExternalContext ectx = FacesContext.getCurrentInstance().getExternalContext();
  HttpServletRequest request = (HttpServletRequest)ectx.getRequest();
  HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
  HttpSession session = (HttpSession)ectx.getSession(false);
  session.invalidate();
  String temp = request.getContextPath() + "/adfAuthentication?logout=true&end_url=/faces/logout";
  try {
  ectx.redirect(temp);
  FacesContext.getCurrentInstance().responseComplete();
  } catch (Exception ex) {
  System.out.println("Exception in logout()");
  return null;
  }

  Can you try with the null chk.. as this piece of code is working fine for us
  public void logout(ActionEvent evt) {> FacesContext fc = FacesContext.getCurrentInstance();
  > HttpSession session =
  > (HttpSession)fc.getExternalContext().getSession(false);
  > HttpServletRequest request =
  > (HttpServletRequest)fc.getExternalContext().getRequest();
  > HttpServletResponse response =
  > (HttpServletResponse)fc.getExternalContext().getResponse();
  > try {
  > if (session != null) {
  > session.invalidate();
  > }
  > fc.getExternalContext().redirect(request.getContextPath() +
  > "/faces/index");
  > } catch (Exception exp) {
  > try {
  > fc.getExternalContext().redirect("/faces/Error");
  > } catch (Exception ex) {
  }> }
  > }

• Public key encryption algorithm for files

  Is there a public key algorithm
  good for encrypting files (large ones)
  or should I stick to secret
  keys for that?
  Thanks.

  There is no good way to encrypt larga data amounts using public key.
  The way to do this is to generate a random key for a symetric algorithm (like DES), encrypt the file with tis file, cipher the symetric key with the asymetric key and append the result to the ciphered file.
  Good luck

• Any Public API's used for Punch Machine in OTL

  Hi,
  Could you let me know if there are any Public API's used for Punch Machine in OTL
  Thanks.

  Could you let me know if there are any Public API's used for Punch Machine in OTLPlease see these docs.
  Would like Punch In or Out Time to be Used to Worked Day Determination. [ID 1350155.1]
  Oracle Time and Labor (OTL) Implementation and User Guide, Release 12 [ID 1070930.1]
  Thanks,
  Hussein

• SSL: how to use Multiple Private key/Certificate pair for authentication.

  Hi all,
  i am implementing SSL in java using X509 Certificate/private key combination.
  i have two set of private key/certificate pair.
  one is factory default and another is generated at run time.
  my problem is to try ssl connection with both pairs on same tcp/ip connection.
  e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
  on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
  can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
  Thanks In Advance
  Saurabh Ahuja

  Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
  It's like this. The idea of PKI with SSL is as follows:
  - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
  - the client has a truststore that trusts the server, one way or the other, see above.
  - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
  - the server sends its cert to the client along with a digital signature signed by its private key.
  - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
  At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
  If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
  You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

• Configuration of Public Key Authentication Policy for SFTP on OAG 11.1.2.2

  Hi
  I'm working on the configuration of an SFTP server over OAG, using both password and public key authentication.
  This particular listener need 3 policies:
  - Password Authentication
  - Public Key Authentication
  - File upload
  Both File upload and password auth are working OK, but I've been having a hard time with the PK policy. This policy uses the attribute ${authentication.subject.public.key} to store the PK info, which I confirmed is being sent to the gateway (as modulus + public exponent), however I can not find a way to verify the key received with the ones on the Key Pairs store.
  OAG Version is 11.1.2.2
  Any comments?

  Hi a82383ca-36ac-49d5-aa6e-c3307f7e56e1,
  It would probably help if you place this question under the community for product you have questions about. I will see if I can help you move it to the proper one by asking around.
  Best regards,
  VictorI

• How to get the private and public keys to use recaptcha?

  I have registered with google to get a recaptcha for my website. All I got was the site key and secret key! Though I need to get the public and private key for muse!

  Hello,
  Please use site Key as "Public Key"and Secret key as "Private Key".
  Regards
  Vivek

• GPO For Outlook Certificates Used For Encryption and Digital Signatures?

  How can we configure a group policy to distribute certificates to Outlook 2010 users so they can digitally sign and encrypt messages without requiring much effort on their end?
  The users will become confused and make mistakes if we ask them to follow instructions on how to download and import certificates into Outlook 2010 manually.  Can we automate this with Group Policy?

  Would a certificate "autoenrollment" GPO work for these types of certificates?
  Yes. Here's a good guide. The user will still need to choose to sign, or encrypt, unless you want to enforce that in some way. If you are sending signed or encrypted email outside of your AD, you will need to solve how the recipients will get your root cert,
  etc.
  http://davidmtechblog.blogspot.com.au/2013/06/exchange-2010-security-smime-part-1.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-2.html
  http://davidmtechblog.blogspot.com.au/2013/07/exchange-2010-security-smime-part-3.html
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Alphabetic keys are used for keypad

  I just encountered an odd problem with my PowerBook G4 12". I hadn't used it in awhile but it worked perfectly when I decided to give it to a friend. I reformatted the hard drive and tried to install OS X 10.6, only to learn that this new OS won't work with that old computer. So I re-installed 10.5.6 from the CD, and everything went well until I got to the first entry screen, i.e., name address, etc. Now none of the alphabetic keys work. The 7, 8, 9 and equals keys work, but the zero key gives a slash. Turns out it looks like the computer thinks its a numeric keypad, with j, k, and l keys giving 1, 2, and 3, u, i, and o giving 4, 5, and 6, and m giving 0. I can also get the non-numeric symbols from the numeric keypad, but not the normal alpha-numeric keypad that I had before. I've never heard of anything like this happening, and didn't see that it had been addressed before in this forum. Any ideas?

  OK, problem solved. It was NumLock. Numbskull! I didn't know that laptops had that function.

• Key in use for cod4

  Hello, I just bought COD4 throught the appstore. Now if i want to play a multiplayer game the game says the Key is already in use. Does anyone have the same problem, if so please explain me how to solve this.

  This issue keeps coming up on these forums. I believe you need to check with the developer. If they give you a solution, let us know.

• Adobe's certificate used for security patch expired

  I was advised to install a security patch for Acrobat XI Pro (11.0.07 --> 11.0.08). But when verifying Adobe's certificate of the downloaded file I realized that the signature has expired already. How can I trust in a security patch which hasn't got a valid signature? Did they hack Adobe's website?

  No. Please see a detailed response here:
  latest update reader installed today (8/13/14) 11.0.08 but certificate expired 7/25/14.  Is it okay?

• How to get Public Key Remainder?

  Hi Friends..
  Sorry, i have a little doubt regarding the Public Key Remainder..
  What is Public Key Remainder used for?.. is it a part of Public Key?.. How to get it from Public Key, especially in Java?
  As far as i know that the Public Key is constructed with Modulus and Exponent, and with this we can Encrypt and Verify data was signed by Private Key..
  In Java, we can expose Public Key's modulus and public exponent using RSAPublicKey, there's no method to expose Public Key's Remainder..
  Please help me regarding this..
  Thanks

  Leonardo Carreira wrote:
  Hi Shane,
  Thanks for your reply.. :)
  safarmer wrote:
  In that case the exponent and remainder are you public key (exponent and modulus) and the certificate is defined in the definitions section of Book 3. It is a secure way of verifying the public key and it's owner through a trusted certification authority.
  EMV Book 3 tends to use Remainder and Modulus interchangeably.You mean, the Issuer (in this case one of E,M, and V) should provide 2 certificates for 1 card?..
  This is implemented on SDA or DDA?..
  Sorry, i'm still have no idea..
  The Remainder and Modulus should be used interchangeably?..
  How the Host and Card can decides in each transaction whether it will use Remainder or Modulus?..I mean that the terminology is used interchangeably. They refer to the same thing as far as the actual key is concerned.
  Cheers,
  Shane