Seeburger: keyStorage: import chain of certificates

Similar Messages

• Seeburger AS2 - import certificate type .p7b (PKCS#7)

  Dear Seeburger AS2 experts,
  Has anyone ever imported (loaded) a certificate file type *.p7b (PKCS#7)?   I've got a .p7b certificate file from my trading partner but I cannot import it, as XI does not have the option to load this type.  I tried loading a .cer file, but that did not work (as2 authentication error) for some reasons.  My trading partner does not have a .p8 or .p12 certificate.  Is there any way to load a .p7b into XI?
  Thanks.
  Sakkarn

  Is this resolved...
  Regards
  Ravi R

• Unable to import the user certificate into the Oracle Wallet Manager

  Hi,
  I am configuring the External Authentication plugin using the password filters.
  i am using the version 10.1.0.5.0 version of Oracle Wallet manager
  inorder to do that i am enabling the SSL mode.
  to enable the SSL mode i followed the some steps in OWM and OCA admin and user console.
  when i approved a certificate as admin and importing to the Oracle Wallet Manager, i got an error that
  User Certificate Installation failed.
  Possible errors:
  - Input was not a valid certificate
  - No matching certificate request found
  - CA certificate needed for certificate chain not found.
  Please install it first
  can anyone help me how to resolve this problem.

  hi,
  thanks for your reply pramod
  I tried to import the two certificate files(rootca.crt and server.crt). but i am got the same error.
  what may be the problem.

• How to import a CA certificate

  I did implement some software using the Java SSL extension. It works when installing each certificate as trusted.
  Now I want to use the existing internal CA infrastructure. I did a certification request, got the answer and tried to import it into my keystore.
  I got the error
  keytool error: Failed to establish chain from reply
  Seems logical to me, as the signing CA is not known by default. I think I have to import the CA certificate into Javas "cacerts". But when trying this, I got the following error:
  keytool error: Signature not available
  Whats that??? Of course there is no signature available, it is the CA certificate. I compare the fingerprint of the certificate manually and it is OK. How to I import it into cacerts?
  Cheers...Urs

  OK, I solved that one.
  The problem was that the JDK1.2 keytool seems not being able to deal with RSA signatures, however the JDK1.3 one works ok.
  I'll do the key management with JDK1.3.
  Cheers...Urs

• CSS: How to chain SSL certificates outside of CSS before install?

  Could some one advise on how to chain the certs files outside and before installing to CSS, please.
  How to check if the cert files I received are in PEM format?
  What program (widows) I use to chain the certificates.
  What is the order in which the chaining is done.
  Currently all I have is two cert files
  xxtrustL1c.crt.txt
  xxxx.xxxxxx.net.pfx.txt
  and
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_tech_note09186a00801de89b.shtml
  Step by step guidence please.
  Sri

  In order to use the chained certificates on the CSS, the server certificate and intermediate must be concatenated together. This allows the CSS to return the entire certificate chain to the client upon the initial SSL handshake. When the chained certificate file is created for the CSS, make sure the certificates are in the proper order. The server certificate must be first, then the intermediate certificate is used to sign the server certificate must be next. The power entry modules (PEM) format is not very strict, and the empty lines between keys or certificates do not matter.
  The entire contents of the mychainedrsacert.pem file are shown here with the server cert on the top, followed by the intermediate CA cert. If you need to add the root cert, it would go to the bottom.
  -----BEGIN CERTIFICATE -----
  BxMKQm94Ym9yb3VnaDEcMBoGA1UEChMTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAG
  Binary data of your server certificate
  BxMKQm94Ym9yb3VnaDEcMBoGA1UEChMTQ2lzY28gU3lzdGVtcywgSW5jLjESMBAG
  -----END CERTIFICATE-----
  -----BEGIN CERTIFICATE-----
  MIIDgzCCAuygAwIBAgIQJUuKhThCzONY+MXdriJupDANBgkqhkiG9w0BAQUFADBf
  MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT
  LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
  HhcNOTcwNDE3MDAwMDAwWhcNMTExMDI0MjM1OTU5WjCBujEfMB0GA1UEChMWVmVy
  aVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVyaVNpZ24sIEluYy4xMzAx
  BgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2VydmVyIENBIC0gQ2xhc3Mg
  MzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMgSW5jb3JwLmJ5IFJlZi4g
  TElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjCBnzANBgkqhkiG9w0BAQEFAAOB
  jQAwgYkCgYEA2IKA6NYZAn0fhRg5JaJlK+G/1AXTvOY2O6rwTGxbtueqPHNFVbLx
  veqXQu2aNAoV1Klc9UAl3dkHwTKydWzEyruj/lYncUOqY/UwPpMo5frxCTvzt01O
  OfdcSVq4wR3Tsor+cDCVQsv+K1GLWjw6+SJPkLICp1OcTzTnqwSye28CAwEAAaOB
  4zCB4DAPBgNVHRMECDAGAQH/AgEAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHAQEw
  KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzA0BgNV
  HSUELTArBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEAQYKYIZIAYb4RQEI
  ATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMDEGA1UdHwQqMCgwJqAk
  oCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA0GCSqGSIb3DQEB
  BQUAA4GBAAgB7ORolANC8XPxI6I63unx2sZUxCM+hurPajozq+qcBBQHNgYL+Yhv
  1RPuKSvD5HKNRO3RrCAJLeH24RkFOLA9D59/+J4C3IYChmFOJl9en5IeDCSk9dBw
  E88mw0M9SR2egi5SX7w+xmYpAY5Okiy8RnUDgqxz6dl+C2fvVFIa
  -----END CERTIFICATE-----
  Then you can re-import your new concatenated certificate file.
  Hope this helps,
  Sean

• How to import Verisign Intermediate certificate (char 2) with Oracle Wallet 10.1.0.5

  Hi,
      Recently I renewed a Verisign Certificate using Oracle Wallet 10.1.0.5 but could not apply one of the intermediate certificates (char2 encryption?).  The error message is : "Some trusted certificates could not be installed:. Does anyone have a solution to this problem?  A technician at Verisign told me that I need to contact Oracle for a patch.  Is there such a patch for Oracle Wallet version 10.1.05?
      Please help and thanks!
  Jim.

  Hi Jim,
  Which certificate did you get renewed ? root certificate or a user certificate and is it using the same CSR or did you request it via a new CSR (certificate signing request)
  Looks like the certificate chain is breaking when you are trying to import the intermediate certificate. The certs has to be imported in a order (root , intermediate and then user)
  Below doc can help you to some extent:
  How to Replace an Expired or Expiring Certificate in Wallet Manager in Oracle AS 10g and FMW 11g (Doc ID 303299.1)
  Thanks,
  Sharmela

• How do I import a renewed certificate to the other DAG members?

  Hi
  I have just run through the process of renewing an internal certificate on one of our Exchange 2010 servers.  I requested a renewal, ran through the wizard on the internal CA, then completed the process on the Exchange server.  I have
  assigned services to the new certificate and it looks ok in the EMC.  Now I need to import the same certificate to our 2 other Exchange servers but I don't see how.  if I use the Import Certificate wizard it asks for a private key which I don't have. 
  Is there a way to import the same certificate or do I have to submit a request from each server (that doesn't sound right to me).
  Cheers

  Hi,
  Here are the steps to export the certificate with Private Key and import it.
  http://msexchangeguru.com/2013/06/29/import-cert-e2013/
  Kottees :My Blog Please mark it as an answer if it really helps you.

• Sequence tag error while importing the SSL certificate into ".keystore" fil

  I have created the ".keystore " file successfully and also imported the "root.cer".
  but while importing the SSL certificate it says like
  "keytool error: java.security.cert.CertificateException: IOException: Sequence ta
  g error" (I got the certificate from Verisign)
  How to resolve this Error?
  can anyone help me?
  mail to:: [email protected]
  Thanks in Advance

  Hi,
  I resolved this error by making it sure that there are no extra spaces or unwanted caracter copied while copying the certificate response from the CA. Make sure you are copying the certificate response properly. In my case, some extra space was getting copied so after re-copyinf it properly, it worked.

• How to import a Root Certificate Authority for signing

  How can I import a Root Certificate Authority in order to use it with Certificate Assistant as a CA to sign other certs?
  I have the CA cert imported in keychain along with it's associated private key (from a .p12), it's got the gold icon and is recognized as a Root certificate authority, yet Certificate Assistant will not list it as an available Root CA in the "Set Default CA" action dialog, the "Add..." dialog seems only interested in a ".certAuthorityConfig" plist file.
  Do I have to generate a certAuthorityConfig for the CA? I can't seem to find a way to do that. No clues from certtool & security CLI utils even.
  Any info/leads on how to get this to work would be much appreciated.
  Regards,
  -david

  Hi Alex,
  From ACE perspective, it doesn't make differences if you are using certificates issued by your local or a "well known" CA. Moreover, if not mistaken, you have to configure authentication group whatever you are doing client or server authentication.
  http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/certkeys.html#wp1043643
  Thanks,
  Olivier

• Importing public key certificate from external application

  Hello!
  I am trying to implement the following scenario:
  1. External client application sends it's public key certificate to SAP WAS
  2. SAP imports this certificate into its PSE
  3. External client application sends digitally signed messages to SAP (with <i>secKey</i> HTTP call parameter)
  4. SAP checks this signature and does whatever further action.
  For simplicity reason, I emulated this "external app" by using the ArchiveLink interface of the very same SAP system. So, I have one system which is at the same time client and server, but the communication works via HTTP.
  I started with step 1: The ArchiveLink (in my case "external app") uses the function SCMS_HTTP_PUT_CERT to send the public key certificate to the client via HTTP. It worked well - I received the message with HTTP service and it contained some binary content as expected (valid public key certificate - I suppose).
  Unfortunately, I was unsuccessfull with step 2: How to import the received certificate into my PSE?
  I debugged the STRUST transaction and saw that it uses the function SSFP_PUTCERTIFICATE to import public key certificate into SAP's own PSE. However, when I try to use it, I get error <i>No temporary PSE available</i>. I also tried to <i>encode-base64</i> this message with the same result. What does this mean?
  Does anyone has experience with this? Please share it.
  Thanks in advance and kind regards,
  Igor

  The key point was understanding the cleverly named parameter PROFILE in the function SSFC_PUT_CERTIFICATE. You'd never guess: it's a path to a PSE where you want to put the certificate, in my case: C:\usr\sap\NSP\DVEBMGS00\sec\SAPSYS.pse. There's one more step: updating database with the file system PSE.
  So, the test sequence that works is:
  1. SSFP_GETSAPCERTIFICATE
  2. SSFC_PUT_CERTIFICATE
  3. SSFPSE_STORE
  Regards,
  Igor
  P.S. Am I the only one playing with these things? I keep getting 0 replies to my questions.

• How to import Root CA certificate (Firefox 22)on windows using certutil? what are the dlls required?

  I was using certutil from my application to import root CA certificate, but it it started complaining about missing dlls after Firefox 18. What are the dlls required.
  It will be appreciable if some one can give the code of Firefox (What they use), to import root CA certificates.
  Thanks

  I found the following with a google search. Hope it helps.
  *https://support.mozilla.org/questions/955513 How to add a private SSL root certificate authority
  *https://support.mozilla.org//questions/952035 Where can I download certutil.exe and the NSS Utils for Windows
  *https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download
  *http://wiki.cacert.org/FAQ/BrowserClients#Mozilla_Firefox

• About import externel server certificate in PI SR3

  HI expert !!
  I ready connect soap to soap scenarios,but it need to ssl protocol,please tell me how to import external server certificate authentication in PI,thanks !!!

  Hi,
  Through Visual administrator window we need to import external certificates (private key, public key, singature key and root key).  Once certificates are upload automatically we can get those certificates in PI window.
  For more information find below links
  Security Guide
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm
  SSL Configuration
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  SSL config pdf
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/964f67ec-0701-0010-bd88-f995abf4e1fc
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/23894238-0701-0010-40b0-a0a6d5c4ad9f?prtmode=navigate
  SSL Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51

• Seeburger AS2 error: No Trusted Certificate found

  Dear SAP experts,
  Good day!
  Need your expert advice regarding the error that I am getting in Seeburger AS2.
  Here's the scenario:
  SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
  I've trigerred already messages but they are getting this kind of error:
  Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
  Kindly advice if there are missing or invalid certificates on both sides?
  What would be the cause of the issue?
  Many Thanks!
  Godo

  Godo,
  I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
  Also one more important thing,
  Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
  Check detail error messsage at:
  http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
  Hope this will help.
  Nilesh

• Although i have imported my Personal Certificates into Firfox successfully, they except one, don't show up in certificate manager. I have installed Penango also.

  Hello,
  I wish to describe the problem with the display of imported certificates in certificate manager in the latest version of firefox.
  Here is the sequence of events as it occurred -
  1. Few weeks back i installed my Personal Certificate which was automatically visible in the Certificate Manager of Firefox.
  2. Few days back i installed Penango.
  3. Two days back i installed Comodo free email certificate in Internet Explorer. Then i exported it (Personal Information Exchange with key & with chain) to a folder. Then i opened the Certificate Manager in Firefox and imported it successfully along with the keys (as per the window notification during importing). However the certificate is not visible in the certificate manager of Firefox.
  Kindly help in resolving this issue.
  Thanks.

  Yes, i have checked according to "Tools > Options > Advanced : Encryption: Certificates - View Certificates ". Only one of my personal certificate is shown. In total i have 4 personal digital certificates. All 4 are shown in the certificate manager of my other browsers (Internet Explorer 8 and Google Chrome).
  And yes another import of the other three certificates showed that the they are already installed.
  If you need any more information please feel free to ask me.
  Thanks for your help.

• Login error in Portal after importing a new certificate into BI

  Hi Experts,
  Our certificate in BI expired last month and we were unable to login to the BEx reports due to this.
  I have created a new certificate using Visual Administrator and imported that certificate into BI using STRUSTSSO2 after deleting the old certificate from the system PSE.
  After which I have added this new certificate to the ACL for Single Sign On.
  Then rebooted the JAVA stack for the changes to take effect.
  Now, when I want to login to view reports on the Portal created by BEx Analyzer, I am getting this RFC_ERROR_LOGON_FAILURE exception.
  When checked in SM50, it shows SsfVerify failed and SSF_API_NOCERTIFICATE errors.
  Please help me out resolving this. Did I miss out on any of the steps?
  Also when I ran the report, RSPOR_SETUP, the step 5 shows SID_certificate.crt is not existing and the step 12 shows that BI certificate not imported, SAP BI User is not mapped to SAP EP User.
  Regards,

  Hi,
  Have a look at this [thread|The URL http://xxx was not called due to an error; as well as the [Wiki Link|http://wiki.sdn.sap.com/wiki/display/BSP/Logon].
  Hope this will be helpful for you.
  Regards,
  Varadharajan M