Seeburegr AS2 - encryption certificate reference

Similar Messages

• Seeburger AS2 adapter certificate reference

  Hi experts,
  having looked and looked in threads here and in Seeburger documentation I cannot find an answer to two things:
  Firstly where exactly do you upload the partner certificate used to verify the signature of the message, in netweaver adminsitrator in Visual administrator?
  Also what reference do you give in the sender agreement to the certificate?
  We are using PI 7.11. At the moment the certificate is uploaded in the deafualt key storage in nwa, but when testing using these references in the sender agreement for the authentication certificate I get an error authentication failed:
  TRUSTED\DEFAULT\alias name
  \DEFAULT\Alias name
  DEFAULT\alias name
  alias name
  Edited by: Rasmus Ronde-Holm on Aug 5, 2010 3:26 PM

  Firstly where exactly do you upload the partner certificate
  For better management of all AS2 related certificates, create a View in the Keystore service with any name e.g. AS2. Then create a new Entry in the view which should be the uploaded certificate.
  Also what reference do you give in the sender agreement to the certificate?
  The name you see in your View should be same as the name provided in Sender Agreement. It should be
  TRUSTED/<ViewName>/Certificate name
  The Certificate name here should be given without any extension.
  Regards,
  Prateek

• Manage encryption certificate chain

  Apparently, native E-Mail application on ios 8.0 - 8.2 is unable to remove and replace an existing S/MIME public key encryption.
  For example, Mr. X sent me an E-Mail with his new trusted certificate as part of the E-Mail S/Mime signature. Because I have previously added his trusted signature from last year, I am unable to click on "install" to replace the existing trusted certficate chain.
  I have attempted to reset the settings on ios 8.2 to no avail and even remove all E-Mail service.
  I am able to add and remove my own or other's S/MiMe profiles but not the individually added E-Mail encryption certificate where the public key is received as part of the E-Mail signing certificate from other E-Mail users.
  Anyone know how to reset the functionality, remove existing encryption chain or make the S/MiME Certificate "Install" to work again?
  Reference:
  http://support.apple.com/en-us/HT202345

  Hummm let me make sure I understand what your saying. It sounds as if you want
  to find a portable way of using this particular class. A way that will work
  regardless of what JCE provider is installed on the machine running your code?
  If that is correct then unfortunately your SOL. The problem is that there is no
  public code (interfaces or other) which are defined in the standard Java API
  to define this type of class. As a result no matter what you try and do you are
  going to have to hard code some class like the boucycastle class.
  My recommendation to you would be to include the bouncycastle ASN package with
  your code. They do not have to use the BouncyCastle JCE provider but the bouncy
  castle code must be in their class path...
  Of course you could write your own ASN/DER package and include that instead but
  you'll probably find it easier to just include the BC code base in your
  distribution. If that distribution is webstart or applet then maybe you trim it
  down in size by just including the ASN package and classes that are required by it.

• Server 2012 CDP PKI Setup on Subordinate CA - Active Directory Certificate Services could not create an encryption certificate

  Hi,
  When I check pkiview.msc on my 2012 Subordinate CA I get the error shown in the first picture below. I'm also getting errors similar to below in the event log:
  "Active Directory Certificate Services could not create an encryption certificate.  Requested by contoso\admin1.  The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)."
  I'm assisting in setting up a 2 tier PKI infrastructure using Windows 2012. The root CA looks good, but we're getting errors on the subordinate. The server was working, but we discovered that the server would only issue certificates with a maximum of a 1
  year expiry date - obviously no good, so we decided to run through the following commands on the root CA (as recommended byhttp://www.techieshelp.com/subordinate-ca-increase-certificate-validity/)
  certutil -setreg ca\ValidityPeriodunits "Years"
  certutil -setreg ca\ValidityPeriod "5"
  restarted AD certificate services on the root and subordinate CA.Then did the following on the subordinate CA:
  1.On the Subordinate CA create a new CA request by right clicking the server in ADCS and select New Request.
  2.Supplied the original request file from the subordinate CA (I couldn't find a way of generating a new request file)
  3.Issued the certificate using the Root CA.
  4.On the Subordinate CA ADCS installed new CA cert.
  However, I keep on getting CDP or AIA errors on my subordinate CA.Also I'm missing a CDP field value when I look at the certificate listed in the personal and trusted certification authority store on my subordinate CA.
  In addition, when I look at my CDP locations in Certificate Authority, I see a lot of CDPs, but I'm not sure if I need them all - I suspect I could just get away with LDAP, the C:\windows path and a single http:// path.
  I've tried renewing the existing certificate and CRL on my subordinate CA, but that didn't work either.
  Please advise.
  Thanks

  Ok, the process to renew the subordinate CA is incorrect. Once the registry setting to change the validity period was made on the root CA, the root CA ADCS service needs to be restarted. That is the only time those keys are read. Then:
  1) On the subordinate CA, open the CA tool, right click the CA and select Renew CA Certificate. You can use the same key, no need to create a new one. It will create a NEW certificate request file
  2) Copy that to the Root CA and submit like you would have done during the initial install
  3) Approve the request and export the issued certificate
  4) On the subordinate CA, in the CA tool, right click the CA and choose Install CA Certificate.
  You can not reuse request files.
  Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years.

• Owsm: Verify signature step & certificate references

  Hi,
  According to the WS-Security 1.0 specification there are 3 ways to reference the certificate:
  1. Reference to a Subject Key Identifier
  2. Reference to a Binary Security Token
  3. Reference to an Issuer and Serial Number
  Unless I'm doing something wrong it seems that only the second method is supported. I get NPE and invalid signature errors for other methods. Can anyone confirm if the owsm only supports the second method?
  I also don't understand why the "Signer's public-key alias" property is necessary. Since the signature contains a certificate reference the owsm could find the certificate in the keystore except if the certificate is embedded in the security header in which case it already has all necessary information. Any ideas?
  TIA,
  Svetozar

  i do use the soa suite and jdeveloper 10.1.3.3 i have created a webservice which i have deployed to the soa application server. using this webservice works using http and https
  when i use owsm to add this webservice as a service this also works. using http and https
  when i add the request policystep verify certificate i get the following error
  Failed to initialize pipeline 'Request' in policy 'repeater(0.1)

• Opening Encrypted/Certificate Secured PDF.

  Hello,
  I have a pdf encrypted using certificate. I want to open this pdf using Acrobat sdk APIs. I have read the documentation of "Opening secured Pdf". I learnt that AVDocOpen() function calls Acrobat built in authorization procedure and using PD layer to open a encrypted pdf we need to write our own authorozation procedure. I want some example which demostrates how encrypted pdf are opened. Also, when opening certificate secured pdf, where does Acrobat installs the certificate?
  Please can someone guide me!!
  Thanks in advance.

  Yes, you can read XMP w/o opening the PDF – of course, that assumes that the XMP is not encrypted (it's a choice of the PDF authoring/encrypting tool).
  From: Adobe Forums <[email protected]<mailto:[email protected]>>
  Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>
  Date: Mon, 16 Jan 2012 21:10:56 -0800
  To: Leonard Rosenthol <[email protected]<mailto:[email protected]>>
  Subject: Opening Encrypted/Certificate Secured PDF.
  Re: Opening Encrypted/Certificate Secured PDF.
  created by poortip87<http://forums.adobe.com/people/poortip87> in Acrobat SDK - View the full discussion<http://forums.adobe.com/message/4145422#4145422

• Identity and Encryption Certificates

  How do I install and use Identity Certificates for accessing webpages and Digitally signing email?  Also, how would I install and use Encryption Certificates as well?
  Thanks...

  Not all signing certificates are compatible.
  Go to InstantSSL and request a free S/MIME signing certificate. It's valid for a year, only for the address you specify. You'll be prompted to set a revocation password, which you'll need if you ever want to stop the key from being trusted. I suggest you save the password as a secure note item in the keychain.
  Click the link in the message you'll receive at that address. A file named "CollectCCC.p7s" will be downloaded in your web browser. Double-click the file. It will open in Keychain Access. Confirm that you want to import the keys it contains.
  Two items will be added to the keychain you specify. Both are named "Key from secure.instantssl.com". One is of typeprivate key and one is of type public key. You'll want to delete those items when the key expires or is revoked.
  Quit and relaunch Mail. When you next compose a message from the certified address, you'll have the option to sign it.
  The first time you sign a message with the new certificate, you'll be prompted to allow Mail to use it in the keychain. ClickAlways Allow.
  Important:
  You must quit and relaunch Mail before the certficiate will be recognized.
  Mail that is only signed is not encrypted; anyone can read it. The recipient can be reasonably sure that it came unaltered from a person who receives mail at the sender's address. That is not proof of the sender's identity.
  To encrypt messages, the recipieint must already have gone through a similar setup process, and you must know his or her public key. The key can be sent to you in the clear, attached to a signed message, but again, you have no proof of the sender's identity. All you know is that he can receive mail at the specified address.

• Biztalk AS2 encryption error for file bigger than 100MB

  I am getting following error when I am trying to receive file bigger than 100 MB. I was getting same error when I was trying file bigger than 5MB and I applied windows CU5. Now I can receive big file (I tested till 60 MB). New file which is coming is 110MB
  and we start getting this error. 
  Can somebody help me to figure out this issue.
  I am using Biztalk 2010 with windows 2008 server
  A message received by adapter "HTTP" on receive location "RecLocAS2All" with URI "/xxxxxx/BTSHTTPReceive.dll" is suspended. 
   Error details: An output message of the component "Microsoft.BizTalk.EdiInt.PipelineComponents" in receive pipeline "Microsoft.BizTalk.EdiInt.DefaultPipelines.AS2Receive, Microsoft.BizTalk.Edi.EdiIntPipelines, Version=3.0.1.0, Culture=neutral,
  PublicKeyToken=31bf3856ad364e35" is suspended due to the following error: 
       An error occurred when decrypting an AS2 message..
   The sequence number of the suspended message is 2.  

  I tried passthrough pipeline and I can receive encrypted file.Now trying to write code to decrypt it but I can not. Based on certificate I can say it is RSASHAI, so using it for decrypt. But getting error at  Convert.FromBase64String(text) where text
  is encrypted test from file.
  I am getting following error 
  The input is not a valid Base-64 string as it contains a non-base 64 character,
  more than two padding characters, or an illegal character among the padding characters.
  Can somebody help me to understand it and resolve this. Mean time trying
  to convene customer for compressed file .Please help me to understand above error. 

• Seeburger AS2 - import certificate type .p7b (PKCS#7)

  Dear Seeburger AS2 experts,
  Has anyone ever imported (loaded) a certificate file type *.p7b (PKCS#7)?   I've got a .p7b certificate file from my trading partner but I cannot import it, as XI does not have the option to load this type.  I tried loading a .cer file, but that did not work (as2 authentication error) for some reasons.  My trading partner does not have a .p8 or .p12 certificate.  Is there any way to load a .p7b into XI?
  Thanks.
  Sakkarn

  Is this resolved...
  Regards
  Ravi R

• IE 9, Windows 7, Windows 8, SHA-2 encryption, certificate

  Currently, I have I have an Exchange 2010 Service with 2 client access/ transport servers and 2 mailbox servers.  I use a barracuda load balance appliance to manage the CASarray.   Our SSL certificate for the service is currently SHA-1. 
  I would like to replace  the SSL certificate so that it using SHA-2 encyption keys.  What compatibility issues do I need to be concerned about?  Most of our users are running Windows 7 with Outlook 2010 and/or Outlook 2007 to the Exchange 2010
  service.    We also have a few Apple users running OS X and Office 2011 for the MAC.   We have a lot of ipad ii and above and iphone 4 and above users  using ios to connect to the service as well.    People  use a variety
  of web browsers:  firefox, chrome, internet explorer, safarii.  Most of my users are still using IE 9.x due to better compatibility with some of our SAP software.
  Will my users have problems using a comodo sha-2 ssl certificate in my environment?  Specifically, will there be issues with IE9.x on Windows 7?  Any issues with Apple devices?

  Hi，
  In order to both sign and validate SHA2 messages, Windows Vista or 7 with Outlook 2007 or 2010 is needed, so according to your description, it's fine to move to SHA-2 in your corporation.
  Please see detailed information about SHA-2 with Windows in the following blog, some recommendations for Outlook and Windows are included in this link
  http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx
  For mac users, it's better to contact the Apple support, for they're more familiar with their products like ipad, iphone and other Apple devices.
  Yolanda Zhu
  TechNet Community Support

• AS2 Certificate Problem

  Hi,
  I'm doing one IDOC to AS2 Scenario. Where we are posting the IDOC successfully, but we are not able to receive the message.
  It is giving some certificate error. Definitely some connectivity issue.
  The exact error is :
  "Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # "
  Can someone please tell what exactly can be done to ensure the trusted certificate.
  FYI : The SSL certificate in the communication channel and the Encryption certificate and authentication certificate in receiver agreement are all same.
  Thanks,
  Vikas

  HI Vikas,
     Can you check the expiry date on the AS2 certificate?
  Regards,
  ravi

• AS2 Adapter Configuration to Customer / no signature certificate

  Dear all,
  we start a project with an external Customer incl. Certificates.
  If we now start message processing we get follow error back:
  Message processing goes fail. Reason: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ediint.edi.EDIMessageException: EDI message composing failed: no signature certificate, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed:
  com.seeburger.ediint.edi.EDIMessageException: EDI message composing failed: no signature certificate
  Any idea ?
  What is the meaning of "no signature certificate" ?
  Because we import the certificate info the Trustcenter form the partner and customized in
  AS2 Receiver Configuration -> Encryption Certificate
  Thanks
  Kind regards
  S. Kohler

  Hello,
  The error states "EDI message composing failed: no signature certificate"
  ...and for the signature, you are always using your own key and not the certificate that you receive from the partner.
  (since you wrote " ... we import the certificate info the Trustcenter form the partner")
  So the error message is correct in the way that the referenced entry cannot be used to create the signature.
  Greetings
  Stefan

• AS2 Certificates

  Hi,
  I have a query with regards to AS2 Encryption and Decruption certificates.
  Normally for an inbound scenario, we use our certificate to decrypt the message and sign the message.
  We also send our certificates to customer so that they can encrypt the message before sending it to us.
  I am confused with the certificates.
  1. Is there two certificates called public and private? or is it just one certificate which is used both for encryption and decryption.
  Looking at my scenario i have forward one certificate to customer who will encrypt and the same certificate is used at our side to decrypt.
  Is this right or do we have any additional certificates for decryption?
  Regards
  Krish

  there is always a pair which gets generated. One is .cer which is a public key and another .p12 which is a private key. Assume this might be right

• Widget Parameters Tab Missing (Certificate.swf) AS2

  Hi,
  I have hit an unusual problem.
  When I insert the AS2 version certificate.swf into a slide, the Widgets Parameter tab does not show up anymore. The result is that I cannot insert the Course name or set the certificate to automatically insert the name of the person onto the certificate, apart from it not showing the scores and grade. The swf file is more like a jpg file, rather than a a widget that automatically inserts data into its boxes.
  I don't understand if the AS2 version of the file (certificate.swf) is corrupted. I even tried exporting a new swf from the 'certificate.fla' file but no luck.
  Wonder if anyone has come across this before and if so how did you resolve it.
  Alternatively, I will be grateful if someone out there is gracious enough to upload a working version of the 'certificate.fla' and 'certificate.swf' file (both AS2 versions) from where I can download the same.
  Many Many thanks!
  John

  Hi there
  Perhaps try the following. Create a single slide blank project and try inserting the widget. Do you see the area? If so, it means you have something causing the issue in the other project and you may need to sort of redo the project. Don't let that cause you grief, usually it's pretty straightforward to create a new blank project sized identically, copy paste slides and re-link any links. That's not too bad.
  If you don't see a change, it means you have a general Captivate issue. In this case you may wish to try blowing away your Captivate_40.dat file. Close Captivate > Navigate to where the file is found (usually it's in the location below:)
  ?:\Documents and Settings\??\Application Data\Adobe\Adobe Captivate
  ? = Your drive letter
  ?? = Your logged in user name
  Cheers... Rick
  Helpful and Handy Links
  Captivate Wish Form/Bug Reporting Form
  Adobe Certified Captivate Training
  SorcerStone Blog
  Captivate eBooks

• Verisign SSL certificate Encryption

  At present in our application, we are using weblogic server-7.0 with SSL Certificate of 40 bit minimum to 256 bit for SSL encryption. Does anyone know if our application can use the 128 - 256 bit encryption certificate instead of same weblogic server 7.0?

  Hi,
  by default Weblogic 7.0 does not supports only 56 bit of SSL encryption.
  At the highest WLS 7.0 can be enabled for 128 bit SSL encryption but for that there is a need for a separate license for which you need to contact Oracle Weblogic Support.
  The type of SSL encryption does not depends upon the SSL certificate because almost all of the SSL certificates available does support 256 bit encryption.
  The 128-256 SSL encryption generally depends upon the Client JDK and the Ciphers(JCE/ algorithms) being used at the client end because it is the client which always initiates the SSL communication and the client presents the list of ciphers it supports and the server has to only choose from that list of algorithms.
  So, to conclude WLS 7.0 uses by defaKult JDK 1.3_6 and JDK 1.3 by default does not have the algorithms to support 256 bit SSL encryption.
  WLS 7.0 will not support 256 bit SSL encryption.
  Hope this helps.
  Thanks,
  Sandeep