Using Verisign certificate
Hi all-
I am really having a problem in using a certificate from verisign. Here's the story:
I picked up the certificate from verisign website. There was no option of saving the certificate and it got installed in my machine.
I exported the certificate from IE in X509 format and tried to enter it in keystore using keytool. It was added to the keystore successfully but the Entry type was trustedEntry, which means that a private key is not available for this entry. It also means that this file is not suitable as a KeyManager's keystore.
So, I tried to export the certicate from IE with the private key, but if I select the option to export with the private key - it won't let me export as X509 but as PC#7. And, when I tried import it in keytool an error was generated (keytool error: java.lang.Exception: Input not an X.509 certificate).
What is the way arround?
Thanks,
Forgot to mention, I need this certificate to authenticate me as a client to the server.
thanks,
Similar Messages
-
Enabling ssl on Weblogic server 5.1 using Verisign certificate.
"Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)
"Hi,I am trying to enable ssl in Weblogic server 5.1The properties set in my properties file areweblogic.security.certificate.server=servercert.pem(sent from the verisign via email)weblogic.security.key.server=cp8212-2d2-key.der(generated by the Certificate Servlet of Weblogic Server)
-
Can not import Verisign certificate
Dear all,
I am trying to import a Verisign certificate in my ABAP BW 3.5
Production system.This is a certificate renewal as I had a certificate there for a year that is to expire on the 12th of June. However, because of the fact that we had to change the SSL
PSE so that it contains field SP, it is more like installing a new
certificate.
What I did: I deleted the old PSE that didn't have any information about the "State" field and created a new one.
I then created the CSR request to Verisign. I received
the response from Verisign, which I pasted in a text file together with the Verisign Intermediate and Verisign Root certificate which I used last year as well when I installed a Verisign certificate in this server for the first time.
When I apply the response, by pasting the contents of the text
file created above, I get the message:
"CA Certificate missing in database"
I have already looked at notes 508307, 518185, 510007, 1074447, 511919
I am sure that the Verisign root and Intermediate certificates are ok because I have used them successfully in the past in the same server and recently to create the certificate chain for other system certificates of my EP 6.0 landscape.
I am also sure that the Verisign CA root certificate exists in the
database, I checked table STRUSTCERT and it is there. Also, if it didn't exist, I wouldn't have been able to import the Verisign certificate last year
I haven't restarted ICM so the previous certificate still works. After the 12th of June though it will expire and all funtionality based on HTTPS in BW will not work.
Many thanks in advance for your help
Regards
AndreasJust created a new SSL PSE and imported the certificate chain again and this time it worked...
-
Signing in mail with a verisign certificate
I have 2 certificates bought from Verisign that I used previously under 10.6.
I made a clean install of 10.6 and then updated to 10.7, but even if I managed to import the certificates in the keychain access, the buttons in mail proposing the signature and encryption of emails doesn't appear.
Thank you in advance for your helpI haven't been able to resolve this issue using Mail and a Verisign certificate. So instead I tried Comodo and my Mail system now works perfectly with both signature and encryption. So perhaps the problem lies with Verisign rather than Apple......
And Comodo is free, see http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html -
Installing Verisign Certificate for SSL - please help
I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
on a Win2K Server. I have used the built-in certificate generator servlet to
generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
like it's in .pem format). Now, I've gone to the admin console and entered what
I thought were the right values in the right places, but WLServer doesn't seem
to like what I've entered and/or the files themselves. Here's what I have:
Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
from the actual domain name) - This is the file generated automatically by the
certificate servlet that I moved into this directory.
Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
was sent to me by Verisign, supposedly my 40-bit certificate).
Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
cert into this file - documentation real fuzzy on this step so it's probably wrong).
SSL is enabled, listening on the default port of 7001, client certificate not
enforced.
Now, when I boot the server, I get the following error in the log file: ####<Nov
19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
<system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
java.io.EOFException>.
What am I doing wrong here? I thought i put that file in the location I specified,
so does that error mean it can't find it or that the file itself is corrupt?
That's just the file that was autogenerated by the servlet, i don't see how it
could be corrupt! Also, I assume that's just the first error ... if I fix that
one, there likely will be more. I especially don't understand the part about
the chain file as the documentation is so unclear to me about putting multiple
certs in the chain file ...
Thanks for any pointers,
JoshHi Josh,
Jus to reconfirm are you sure that the Server key and Server Cert are not
interchanged ?
The error message indicates that private key is being read as a certificate.
Maybe its not a explicit error message and instead should be
Security configuration problem with private key file
config/mydomain/my_domain_com-key.der
Are you able to run with the democerts provided with weblogic ?
yeshwant
<system> <> <000296> <Security configuration problem with certificate
file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
Hey Yeshwant,
Thanks for the tip. I did not use a password when creating the CSR request and
the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
Thanks,
Josh
Yeshwant <[email protected]> wrote:
Hi Josh
when you generated the csr using the certificate webapp , did you use
a password ie are you using a password
envrypted private key ?
if yes you will have to provide that value in the start sript using the
system property
weblogic.management.pkpassword=actualpassword and also make sure that
the Use Encrypted box is checked.
If not make sure that the Use Encrypted box in the console under the
ssl tab is unchecked.
Yeshwant
Josh Daynard wrote:
I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
on a Win2K Server. I have used the built-in certificate generatorservlet to
generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
like it's in .pem format). Now, I've gone to the admin console andentered what
I thought were the right values in the right places, but WLServer doesn'tseem
to like what I've entered and/or the files themselves. Here's whatI have:
Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
from the actual domain name) - This is the file generated automaticallyby the
certificate servlet that I moved into this directory.
Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
was sent to me by Verisign, supposedly my 40-bit certificate).
Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
SSL is enabled, listening on the default port of 7001, client certificatenot
enforced.
Now, when I boot the server, I get the following error in the log file:####<Nov
19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
<system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
java.io.EOFException>.
What am I doing wrong here? I thought i put that file in the locationI specified,
so does that error mean it can't find it or that the file itself iscorrupt?
That's just the file that was autogenerated by the servlet, i don'tsee how it
could be corrupt! Also, I assume that's just the first error ... ifI fix that
one, there likely will be more. I especially don't understand thepart about
the chain file as the documentation is so unclear to me about puttingmultiple
certs in the chain file ...
Thanks for any pointers,
Josh -
Mail uses wrong certificate for encrypting S/MIME messages
Encrypted email I send using Mail Version 4.2 (1077) under OS X 10.6.2 to my work account cannot be decrypted. It appears that Mail is using the signing certificate, rather than the encryption certificate, to encrypt the email.
The internal Certificate Authority at my employer has issued two certificates to me: A signing and an encryption certificate. Both certificates are properly stored in my keychain.
The encryption certificate carries a 0x20 in the key usage field to designate the certificate to be used for encipherment purposes. The signing certificate carries a 0x80 in the key usage field to designate the certificate to be used for digital signatures.
I understand that the S/MIME standard stipulates that for encrypting messages, the certificate with 0x20 in the key usage field should be used by the mail application.
However, messages I sent are encrypted using the signing certificate (0x80 in the key usage field) and therefore cannot be decrypted on the receiving end. I examined the encrypted email using an [application|http://www.eriugena.org/blog/?p=57] to extract the serial number of the certificate used for encryption.
We are using Outlook 2003 as our mail application at work.
Has anybody ever come across this problem? Am I missing something - is there a way to tell Mail what certificate to use for encryption?
Thanks,
-Michael.I'm have a problem that sounds related.
Both my wife and I created self signed mail certificates, and sent email to each other and trusted each others certificates. We were then able to send encrypted emails back and forth and our emails showed up as having trusted digital signatures.
Then, we both purchased Verisign email certificates, and installed them in our keychains, deleting the old self-signed certificates, and repeated the process of establishing a chain of trust.
This worked fine for me running Snow Leopard but did not work for her on Leopard. Her emails to me appear to be signed by both the old self-signed certificate and to include the new verisign certificate. Looking at the message source there is only one application/pkcs7-signature block, but in the UI it is showing both certificates.
I don't understand how the self-signed certificate is showing up at all, since it has been deleted from her keychain. -
Verisign Certificates renewal Issue
Hi
We are running Sun Java Web Server 7.0 update 5 and wanted to renew verisign certificates for 2 more years.
What i did:
1. Got the certificates from Verisign with last year CSR (i'm not sure if previous CSR can be used or not)
2. Using admin console (browser based) , i went to "server certificates" ->"install" and could successfully installed them (but there was a warning that duplicate nick name) and i selected ls2 (listener-2 for https)
3. admin console shows renewal successful and expiry year is 2011.
4. I also restarted both admin and web services
But the problem that when i access the application from browser, it still says the expiry year as 2009.
Please advise.
PrvnWell ... I don't know WHICH three *db files you copied, or from where you copied them in the admin-serv directory.
If the admin server appears to be working as expected, and the instance appears to be working as expected, then just make sure the admin server isn't telling you that changes have been made on the instance (if it is then tell it to copy the changes and make them the new current version).
Depending on which files you copied from where you may end up with the admin server having the wrong certificates. This could cause a problem for any nodes that are registered with it. I think you'd already see a problem if this were going to break things though.
In a perfect world everything is just working as expected now, and you're done. If you want to be extra cautious, though, you should restore the admin server's key3 and cert8 databases from a backup (these databases contain the self-signed certificate and its associated keys that were created when you installed Web Server). -
Importing Verisign Certificate on PIX7.1
Hi there,
After having importet Verisign Intermediate CA onto my PIX, I've send the CSR request to Verisign and gotten a Certificate back. Now when I try to import the returned certificate on the PIX, I get an error :
Failed to parse or verify imported certificate
Now, I've tried clearing all certs, reauthenticate the CA etc.
Any ideas?
Is it a problem that the CA is Intermediate? Can the CSR attributes contain spaces?
Pix is running latest version 7
Kind regards
Kelvin DamHi koksm,
Yeah - I got it to work. I dont know how many of these steps you have done, but heres how I did it :
RSA-keys are probably already generated (also needed for ssh-access), but if you ever need to reissue the cert, regenerate the rsa keys, otherwise the CSR will be exactly the same and not accepted by the 3rd party CA:
crypto key generate rsa
Then define the trustpoint:
crypto ca trustpoint Verisign
crl optional
enrollment terminal
subject-name CN=host.domain.com,OU=Unit,O=Organisation,C=NL,St=xxx,L=xxx,[email protected]
Import root CA cert (make sure you have the correct one, preferably without intermediate CA (RA)):
crypto ca authenticate Verisign
---BEGIN--- or ---END--- lines do not matter>
quit
INFO: Certificate has the following attributes:
Fingerprint: 069f6979 16669002 1b8c8ca2 c3076f3a
Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
Generate the CSR:
crypto ca enroll Verisign
% Start certificate enrollment ..
% The subject name in the certificate will be: xxxx
% The fully-qualified domain name in the certificate will be: hostname.domain.com
% Include the device serial number in the subject name? [yes/no]: no
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:
MIICNjCCAZ8CAQAwgbwxJTAjBgkqhkiG9w0BCQEWFnNlcnZpY2VkZXNrQGR5bm9t
aWMubmwxEjAQBgNVBAcTCUJpbHRob3ZlbjEQMA4GA1UECBMHVXRyZWNodDELMAkG
---End - This line not part of the certificate request---
Redisplay enrollment request? [yes/no]: no
Notice this is generate without ---BEGIN--- and ---END--- lines which you do need to add when submitting the form to the 3rd party CA.
After succesful verification by the CA you'll be returned a certificate which you can import with or without the ---BEGIN--- and ---END---- lines, so you might as well just copy the complete text:
crypto ca import Verisign certificate
% The fully-qualified domain name in the certificate will be: xxx.domain.com
Enter the base 64 encoded certificate.
End with the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIDcTCCAtqgAwIBAgIQIHOwJ7acK6Fmibyhf67HlDANBgkqhkiG9w0BAQUFADC
MXN/DqZw504SdlIkm3K4Dt7kSa5NILlncBiPhJJPJRjcOk6wRB6vuGG85uz6twR
nq4BqbMitzpgxvK12hgS9ZDy62kC
-----END CERTIFICATE-----
quit
INFO: Certificate successfully imported
Make sure you activitate the trustpoint either as for use on all interfaces or on a specific interface using:
ssl trust-point thawte.com [interface]
One more thing - the verisign root cert, I did NOT get from their webpage, but I took the one that accompanies the Internet Explorer.
Hope it helps
Kdam -
Cacerts verisign certificate expires Jan 08 2004
Two Verisign Certificates in the jdk 1.4 keystore 'jdk1.41/jre/lib/security/cacerts' expire on Thu Jan 08 2004.
They are stored with alias 'verisignclass2ca' and 'verisignclass3ca'.
A Weblogic Server Message looks like this:
<Dec 16, 2003 5:39:13 PM CET> <Notice> <WebLogicServer> <BEA-000298> <Certificate expires in 22 days: [
Version: V1
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@3e
Validity: [From: Mon Jan 29 01:00:00 CET 1996,
To: Thu Jan 08 00:59:59 CET 2004]
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
SerialNumber: [ e49efdf3 3ae80ecf a5113e19 a4240232]
Algorithm: [MD2withRSA]
Signature:
0000: 61 70 EC 2F 3F 9E FD 2B E6 68 54 21 B0 67 79 08 ap./?..+.hT!.gy.
0010: 0C 20 96 31 8A 0D 7A BE B6 26 DF 79 2C 22 69 49 . .1..z..&.y,"iI
0020: 36 E3 97 77 62 61 A2 32 D7 7A 54 21 36 BA 02 C9 6..wba.2.zT!6...
0030: 34 E7 25 DA 44 35 B0 D2 5C 80 5D B3 94 F8 F9 AC 4.%.D5..\.].....
0040: EE A4 60 75 2A 1F 95 49 23 B1 4A 7C F4 B3 47 72 ..`u*..I#.J...Gr
0050: 21 5B 7E 97 AB 54 AC 62 E7 5D EC AE 9B D2 C9 B2 ![...T.b.]......
0060: 24 FB 82 AD E9 67 15 4B BA AA A6 F0 97 A0 F6 B0 $....g.K........
0070: 97 57 00 C8 0C 3C 09 A0 82 04 BA 41 DA F7 99 A4 .W...<.....A....
]>
Does anybody know,
what that means for ssl ?
Is there a Patch or a new cacerts file for download ?
Thanks a lot.
EdeI would assume that there are not that many certificates still
being used that use those CA certs for their CA.
As you probably noticed, there are a bunch of newer Verisign
CA certs in that trust store (cacerts). The newer CA certs are
probably the ones being used by certificates that are currently
in use.
I suppose you have to ship the older CA certs until they become
invalid. I doubt that Verisign issued any certificates with those
old CA anytime recently.
-Steve -
VeriSign Certificate OR Unified Testing Initiative (UTI) root Certificate?
Hello everybody!
I've signed my J2ME application with a Verisign Class 3 Public Primary CA but it seems that wasn't a good deal!
Indeed, once signed, this application no longer is supported by my Samsung SGH-D840 even if on a Nokia6300 all still run well.
The difference between these 2 handsets regarding the signing aspects is that the SGH-D840 is not JSR-177 SATSA compatible whereas the Nokia6300 is.
A friend told me that the Unified Testing Initiative (UTI) root certificate is available on more handsets than the VeriSign certificate. He seems be right because all the handsets marked with a (+) in the list at [http://www.javaverified.com/docs/Table_of_Supported_Devices_1.20.pdf|http://www.javaverified.com/docs/Table_of_Supported_Devices_1.20.pdf] support the UTI Certificate.
My questions:
1) Has anyone ever used the UTI certificate to sign a J2ME application? If yes, could the person tell me if he recommend it instead of VeriSign Certificate?
2) Could you confirm if UTI certificate is supported by many more handsets (regardless to the manufacturer) in relationship with VeriSign Certificate?
Thanks you in advance,
arkienouFinally solved it
Followed the instructions of note 694290 to import the certificate chain
Essentially, I needed to export the already existing private key to a .p8 file named exactly after the already existing private key entry. Then, I delete the private key entry and hit Load, put the .p8 file I just exported and then import my certificate file (CSR response), the intermediate CA certificate and the root CA certificate
Regards
Andreas -
Verisign certificate & Chain File Name
Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)OK. Found out what it was.
The Server Certificate Chain File name is what Verisign calls the
Intermediate Certificate. So what you need to do is grab that cert off the
Verisign site, paste it into a new file on your server and put that file
name in as the path to the Chain File name.
New question: Why the 2 names for the same thing ? The documentation could
be a bit clearer here, as it's a very simple process that seems more
complicated than it needs to be (IMHO).
Brian Hall wrote:
Perhaps a newbie question, but here goes:
I am having trouble installing a Verisign certificate on my Weblogic 6.0
server. I have my private key and certificate file installed properly I
believe, but am unsure what to put in the Certificate Chain File entry
in the console. I only have 1 certificate for this server. I have tried
to
a) leave it empty - in which case it uses a default file name which does
not exist
b) use the certificate I got from Verisign
c) export a class 3 certificate from my browser and use that file
In all the cases that I give it an existing file name, I get the
following stack trace:
weblogic.security.CipherException: Incorrect encrypted block
at weblogic.security.RSApkcs1.decrypt(RSApkcs1.java:208)
at
weblogic.security.RSAMDSignature.verify(RSAMDSignature.java:89)
at weblogic.security.X509.verifySignature(X509.java:243)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Sep 5, 2001 8:18:55 AM PDT> <Alert> <WebLogicServer> <Inconsistent
security configuration, weblogic.security.AuthenticationException:
Incorrect encrypted block possibly incorrect
SSLServerCertificateChainFileName set for this server certificate>
weblogic.security.AuthenticationException: Incorrect encrypted block
possibly incorrect SSLServerCertificateChainFileName set for this server
certificate
at weblogic.security.X509.verifySignature(X509.java:251)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:440)
at
weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at
weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35) -
Difference b/w OCA certifciate and verisign certificate
What is the difference b/w OCA certifciate and verisign certificate
Do we need to buy the OCA certificate as well as I understand that we need to buy verisign certificate?
ThanksA certificate is not a single entity. It helps if you know how to administer certificates using the openssl commandline tool. A certificate is a signed public key.
This is how it works in using the oracle tools:
First, a wallet is created using the wallet manager (owm) or orapki. A wallet at that point consists of some trusted CA (Certificate Authority) certificates, and probably already the (non visible) private key.
Next, a CSR (Certificate Signing Request) is made using the wallet manager or orapki. This is a non-signed version of the certificate.
This is where the OCA comes into play. The OCA is the oracle version of a Certificate Authority. Using the CA, you can sign your certificate yourself. The signer certificate (the certificate of the OCA) is not officially listed as trusted certificate.
If you send your CSR to verisign, verisign signs it for you. The advantage verisign has, is it's certificate (the signer certificate) is officially listed as trusted certificate. That's the reason people use verisign for their certificates. -
Dear Forum
I was using Adobe version XI and the signature feature disappeared from the menu. Now I downloaded Acrobat Reader DC. Using the menu and instructions I created a signature ID and customized the signature; however, when I go to sign a document it only shows the name layout or graphic image? How do I go back to using the certificate that I created?
Any help would be greatly appreciated.
Regards
CarlosFirefox works fine on Windows 2000 SP4 for me.
Any chance you have a dial-up connection that uses a web accelerator to speed the loading of content? -
Issue while signing a jar using RSA certificate
Hi,
I am trying to sign a java applet using trusted certificate with the help of Java keytool and jarsigner of JRE1.6. For this I have followed the following steps:
1.Generated key pair in a keystore - keytool -genkeypair -keyalg RSA -alias eaikey -keystore eaikeystore -validity 3650 -keysize 2048
2.Generated CSR using command keytool -certreq -alias eaikey -file eaicert.csr -keystore eaikeystore and send the .csr file to the CA
3.CA has returned the certificate reply (.cer file)that contained a root certificate
4.When I tried to import the certificate using command keytool -import -file eaicert.cer -alias eaicertkey -keystore eaikeystore to keystore, initially it gave me error as Input not an X.509 certificate.So I opened the .cer file in my text editor and removed the texts before the Begin And End Certificate.Then it got imported correctly by running the
5.When I tried to sign the jar using command jarsigner application.jar eaicertkey -keystore eaikeystore
it gave the exception as jarsigner: Certificate chain not found for: eaicertkey. eaicertkey must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
Please help me with the step I am missing here.I doubt I am doing something wrong in the import step.
Thanks in advance.you can mail me directly to [email protected], and I'll try to help.
no guarenty :-)
Tal
[email protected] -
Why can I no longer use an image for my signature on forms? The only option I have now is "use a certificate". It was never like this until today.
Hi,
I had never heard of someone using the iPhone Number as the ID in the iMessages account in the Mac version.
i.e without adding an Apple ID
iMessages does allow iPhone numbers and mine lists mine.
I would try this.
Sign Out of the iMessages account and Quit Messages
On the iPhone in Settings > Messages remove the Apple ID
Set the iPhone to Airplane mode for a few minutes (to break with the Server)
On starting the phone up again check the iPhone Number is ticked for iMessages.
If it is add the Apple ID
On the Mac restart Messages
Add the Apple ID
At this point you should get a pop up or two saying the iPhone is using the Number and Apple ID.
Accept these and they get added to the Receive At list and Send From drop down.
9:41 pm Monday; October 28, 2013
iMac 2.5Ghz 5i 2011 (Mavericks 10.9)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
Couple of iPhones and an iPad
Maybe you are looking for
-
How to create RT boot disk for labview real time target
Hi All I want to use desktop PC as real time target and for this i have to boot this desktop using RT operating system. I tried to use RT disk utilities in TOOLS menu in MAX but at the end it says no disk found in A drive or B drive since i do not ha
-
Dreamweaver cs6 not responding on a mac
I tried opening dreamweaver cs6 and it never got passed the welcome window. I updated with the latest updates, no change. I reinstalled DW and the same story. My OS is 10.7.5 mountain lion on a quadcore mac pro. Has anyone else have this issue?
-
Cannot type/paste normal international text when non-Unicode in CS6
Hello, In all versions of DW (up to CS3 which I have used) I had no problem pasting / typing HTML or text with international characters in Design View when the page is using a non-Unicode, yet international encoding (like Windows - Greek or ISO - Gre
-
FCP 7 won't fill my 27" screen under OSX Mavericks
I just installed OSX Mavericks and find FCP7 doesn't fill my 27" iMac fully as it did before. It's now about 60% of the screen. I haven't been able to change this using mission control (or maybe I'm just missing something). Any ideas or s
-
My Finder is blinking "Restore windows"
And my desk top is blank except for the background screen, but the dock is working. i was able to log onto the internet Any suggestions??? thanks Russ