What is -----BEGIN CERTIFICATE----- in SSL

Hi,
I have to communicate via SSL with the server (Soap based messages). So I have received the file from server and it's contains the bellow.
-----BEGIN CERTIFICATE-----
some encrypted value ....
-----END CERTIFICATE-----
Let me know that what is this ? is it certificate or csr ?
If certificate, how is it install my pc ?
Please help me ?
Regards

Yes you can delete it.
See your other post...

Similar Messages

What is PSE Certificate ??

Hi ! What is PSE Certificate ?? When will we use that ?? what is its significance ?? what is the abbreviation for PSE ??
thanks
Kumar

Hi Kumar,
Adding further,
Creating the SSL Server PSE:
http://help.sap.com/saphelp_nw2004s/helpdata/en/20/37c33ae8361838e10000000a11402f/content.htm
Creating or Replacing a PSE:
http://help.sap.com/saphelp_nw04/helpdata/en/59/6b653a0c52425fe10000000a114084/content.htm
Secure Store User Guide:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b956c590-0201-0010-4591-abebee0eb618
Regards,
Subhasha

EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake

Hi All ,
             I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
             I have downloaded client supplicant certficate file for my windows XP machine .
When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..

Hello,
I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
-          Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification                      Authorities\Certificates
-          Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
-          Delete the wireless network from the computer
-          REBOOT!!
-          Open the Microsoft Management Console, “mmc”.
-          Go FILE\Add Remove SnapIn. Select Certificates ..
-          If promoted, do it for “My User Account”.
-          Make sure the certificates are where you put them.
-          If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification                      Authorities\Certificates, remove them.
-          Redo wireless network setup again
I hope this helps you.
Mike

What code signing certificate has to be added for Adobe Air Native Installer?

Hi,
I'm developing Adobe Air application. I need to digitally verify the application to add the publisher's name with the product. I did a little research and came to know that Symantec, Thawte, Comodo, Comodo-Tucows, Digicert, Godaddy and couple of others are doing this.
Yes. I'm talking about the Code Signing Certificate. My question is, What code signing certificate has to be added for Adobe Air Native Installer? The reason is, The native installer will have an extension .exe ( Windows ) and .dmg ( MAC OS X ).
These guys are providing certificate for Adobe Air. For instance, If the application is exported using Native Installer in Windows, The application will have an .exe extension. For this, Can I use the same Adobe Air code signing certificate or Should I go for Microsoft Autheticode ( for .exe ) certificate?
Thanks in advance.

I think comodo code signing certificate is one of the nice option to be added for Adobe Air, as i have seen comodo code signing certificate in other adobe programs. Recently i bought comodo code signing from https://cheapsslsecurity.com/comodo/codesigningcertificate.html, to sign one of my adobe application and it works fine, you can use microsoft authenticode technology with comodo code signing.

Where can i find what kind of certificates are supported by portal

gurus,
is there a whitepaper that gives information about what kind of
certificates are supported by portal ?
i've a client who wants to know if portal supports TEDS x.509v
PIK certificate ...
any help would be greatlyy appreciated ...
thanx

Compatibility Table.

SSL Certificate and SSL Authentication

Hi-
I'm hoping someone can shed some light on this issue.
First off, is there a difference between SSL Certificate and SSL Authentication?
I have a POP account. The Incoming port is set to 110. The Outgoing, 26. (This is according to Bluehost.com). The security settings for both incoming/outgoing are set to none. Everything works fine.
But if I want extra security, I'll set the incoming to 995 and outgoing to 465.
If I set the security settings to SSL, do I check "Use secure authentication", or do I have to purchase a SSL certificate to secure the authentication? This is where I'm confused. I tried asking the hosting company but they're not much help.
Any advice would be appreciated.
Thanks!

Hi Imagine,
You do not need to purchase your own SSL certificate to use secure authentication. The server handles this for you. You just need to make sure the port #s are correct and you simply check mark the SSL boxes and leave authentication on Password at least on most setups. Each host maybe different so you have to double check with them.
Hope That Helps,
Eric

What's the matter with SSL?

what's the matter with SSL?
Anyone would help me?
Thank you in advance.
The following is the console output:
Starting WebLogic Server ....
<2001-9-4 ÏÂÎç03Ê±56·Ö34Ãë> <Notice> <Management> <Loading configuration
file .\config\tbcn\config.xml ...>
The WebLogic Server did not start up properly.
Exception raised:
eblogic.management.configuration.ConfigurationException: - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException - with
nested exception:
[COM.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid
pad byte.]]
COM.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid
pad byte.
at
COM.rsa.jsafe.JA_PKCS5Padding.performUnpadding(JA_PKCS5Padding.java)
at COM.rsa.jsafe.JG_BlockCipher.decryptFinal(JG_BlockCipher.java)
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptByte
s(JSafeEncryptionServiceImpl.java:68)
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptStri
ng(JSafeEncryptionServiceImpl.java:94)
at
weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearO
rEncryptedService.java:53)
at
weblogic.management.internal.EncryptedData.decrypt(EncryptedData.java:45)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.pa
rseMBeanAttributes(ConfigurationParser.java:306)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.st
artElement(ConfigurationParser.java:185)
at
weblogic.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1340)
at
weblogic.apache.xerces.validators.common.XMLValidator.callStartElement(XMLVa
lidator.java:1183)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentS
canner.java:1876)
at
weblogic.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispat
ch(XMLDocumentScanner.java:1252)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentSca
nner.java:381)
at
weblogic.apache.xerces.framework.XMLParser.parse(XMLParser.java:967)
at
weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationPars
er.java:104)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:261)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:223)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:606)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
90)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:350)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:444)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:185)
at $Proxy1.loadDomain(Unknown Source)
at
weblogic.management.AdminServer.configureFromRepository(AdminServer.java:186
at weblogic.management.AdminServer.configure(AdminServer.java:171)
at weblogic.management.Admin.initialize(Admin.java:233)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:354)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
--------------- nested within: ------------------
weblogic.security.internal.encryption.EncryptionServiceException - with
nested exception:
[COM.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid
pad byte.]
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptByte
s(JSafeEncryptionServiceImpl.java:78)
at
weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptStri
ng(JSafeEncryptionServiceImpl.java:94)
at
weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearO
rEncryptedService.java:53)
at
weblogic.management.internal.EncryptedData.decrypt(EncryptedData.java:45)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.pa
rseMBeanAttributes(ConfigurationParser.java:306)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.st
artElement(ConfigurationParser.java:185)
at
weblogic.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1340)
at
weblogic.apache.xerces.validators.common.XMLValidator.callStartElement(XMLVa
lidator.java:1183)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentS
canner.java:1876)
at
weblogic.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispat
ch(XMLDocumentScanner.java:1252)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentSca
nner.java:381)
at
weblogic.apache.xerces.framework.XMLParser.parse(XMLParser.java:967)
at
weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationPars
er.java:104)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:261)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:223)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:606)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
90)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:350)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:444)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:185)
at $Proxy1.loadDomain(Unknown Source)
at
weblogic.management.AdminServer.configureFromRepository(AdminServer.java:186
at weblogic.management.AdminServer.configure(AdminServer.java:171)
at weblogic.management.Admin.initialize(Admin.java:233)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:354)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
--------------- nested within: ------------------
weblogic.management.configuration.ConfigurationException: - with nested
exception:
[weblogic.security.internal.encryption.EncryptionServiceException - with
nested exception:
[COM.rsa.jsafe.JSAFE_PaddingException: Could not perform unpadding: invalid
pad byte.]]
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.pa
rseMBeanAttributes(ConfigurationParser.java:313)
at
weblogic.management.internal.xml.ConfigurationParser$ConfigurationHandler.st
artElement(ConfigurationParser.java:185)
at
weblogic.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1340)
at
weblogic.apache.xerces.validators.common.XMLValidator.callStartElement(XMLVa
lidator.java:1183)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentS
canner.java:1876)
at
weblogic.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispat
ch(XMLDocumentScanner.java:1252)
at
weblogic.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentSca
nner.java:381)
at
weblogic.apache.xerces.framework.XMLParser.parse(XMLParser.java:967)
at
weblogic.management.internal.xml.ConfigurationParser.parse(ConfigurationPars
er.java:104)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:261)
at
weblogic.management.internal.xml.XmlFileRepository.loadDomain(XmlFileReposit
ory.java:223)
at java.lang.reflect.Method.invoke(Native Method)
at
weblogic.management.internal.DynamicMBeanImpl.invokeLocally(DynamicMBeanImpl
.java:606)
at
weblogic.management.internal.DynamicMBeanImpl.invoke(DynamicMBeanImpl.java:5
90)
at
weblogic.management.internal.ConfigurationMBeanImpl.invoke(ConfigurationMBea
nImpl.java:350)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1555)
at
com.sun.management.jmx.MBeanServerImpl.invoke(MBeanServerImpl.java:1523)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:444)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:185)
at $Proxy1.loadDomain(Unknown Source)
at
weblogic.management.AdminServer.configureFromRepository(AdminServer.java:186
at weblogic.management.AdminServer.configure(AdminServer.java:171)
at weblogic.management.Admin.initialize(Admin.java:233)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:354)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
Reason: Fatal initialization exception
C:\bea\wlserver6.1>goto finish

I have been interested in computers for a long time. My husband and I had one of the first TRS-80 computers from Radio Shack, and we would have likely followed the Windows path, except a blessed event intervened and our interest in computers was sidetracked by raising
a toddler.
I had my first experience with a Mac (a Performa 630 CD) in December of 1994. Our 7-year-old son was using Macs at school, and was as interested in computers as we were. We had been out of the game for a long while by this time, so thought it was wise to buy a computer one of the three of us (7-year-old Zach) could use.
I thought, "Well, by next year, I'll learn enough to do the income taxes on it." In January, I saw Zach playing around with Quicken, and I saw how easy it would be to do our taxes with it. I had them done faster than I'd ever managed it before.
I guess that's my big first impression.
I told Zach he'd be sorry about wanting a Mac because I knew the gaming thing was on the horizon. Sure enough, when he hit his teens, all his friends were gaming on Windows boxes, and he now uses XP. He is in his second year of college, a Computer Science major, and he and his dorm-mates have Vista available as a free download on the college server. Not one of them has installed it. I don't see how Microsoft thinks they can sell it if they can't give it away.
I tried Windows 98 and Windows XP, and my reaction was "Why on earth am I banging my head against THIS wall, when my Mac does everything I want to do?" And back I went to my Mac.
With Intel processors and Parallels and Boot Camp, Zachary may come back to the fold. His next computer may be a Mac.

What's the difference with SSL Certificates?

Hi,
I need to get an SSL Certificate for my client's online
store. There are so
many choices out there ranging from stupidly expensive, down
to suspiciously
cheap.
Can anyone help me sort through the mob and recommend
something that is
trustworthy, secure and cheap.
I'm happy to buy globally, but I'd prefer either a true
multi-national, or
an Australian company.
Thanks,
B

Which certificate you choose depends on your intended use for
the cert. The cheap ones (US $20/year and up) simply assure that
you control the domain in question. The certificate agency sends an
email to the administrative contact specified in the domain's Whois
listing. If they get the appropriate response, the certificate is
issued. If all you are out to do is establish SSL connections to a
web site to prevent eavesdropping, this type of certificate is
fine. There is no difference in the level of security between these
certificates and fancier offerings as long as both the cert and
your web server support 256 bit encryption. You can also get a
certificate that is valid for up to 10 years, so you won't have to
worry about SSL for a long time. The cheap certificates are not
recommended for online commerce, as there is no assurance you are
an actual company. If you go this route, getting a certificate from
an outfit that supports single root verification greatly eases
installation on your server. (Translation from geek: A single root
certificate is inherently trusted by all major browsers. Companies
such as RapidSSL (cheap), Geotrust and Thawte (not so cheap), and
Verisign (expensive) all own their root certificates. Many other
certificate agencies require installing a chain of certificates on
your server that point back to the trusted root certificate. Use
Firefox to test your SSL site, as it has the most comprehensive
certificate validation routines.)
The next step up are the high assurance certificates. These
require you to prove that you own or represent the company whose
domain you are getting a certificate for. The price for these
certificates ranges from US$100/year to ~$400. The certificate
company will perform a search on your business or organization, and
you may be required to submit supporting documentation to prove you
are who you claim to be. The more expensive flavors of these certs
usually offer larger guarantees against credit card fraud resulting
from certificate misuse. These certificates are valid for up to 3
years.
Finally, there are the new extended validation certificates.
These require an in-depth evaluation of your business, including an
investigation into the overall legitimacy of your corporation.
Government agencies also qualify. Sole proprietorships and and
general partnerships are not eligible, although the CA/B says they
may be in the future. Get one of these and IE users can see the
navigation bar turn a trustworthy green color. There is also a
large amount of green involved in purchasing one of these
certificates, ranging from US$500/year from the cheapie outfits to
$900/year from Thawte to $1500 per year from Verisign.
No matter which option you pursue, there are a couple of
points to be aware of. First, choose a vendor that offers free
certificate replacement. This protects you in case a change in
hosting provider or web server invalidates your existing
certificate. Also, a normal certificate is very specific in terms
of which domain it supports. For example, a certificate for
www.domain.com does not work for mail.domain.com, ftp.domain.com,
or even domain.com. If this is important to you, you can either
purchase multiple certificates or a wildcard certificate that
supports any number of subdomains. Wildcard cert prices are
typically 4-5x higher than for a single cert. Finally, many cert
companies offer verification seals that you can add to your SSL web
pages. These allow your clients to click or hover over the seal to
get a quick verification that your site certificate comes from a
recognizable brand. Useful, perhaps, if you want to brag that "I
care enough to purchase certs from Thawte, Network Solutions,
Geotrust, et. al." or "I'm a penny-pincher and use GoDaddy!"

How to read client certificate after SSL has be established

Hi, Folks:
I've established mutual authentication between client and server, how do I go about reading the client certificate on the server side after SSL session has been established? Basically I am trying to read the client name from the client certificate, based on the name, the server will decide what resource the client can access.
Thanks a lot
--Richard

I need to know the process clearly... like how to configure ssl serverAs I said, that's not the topic of this thread. It's described in the Javadoc, and it's been covered in this forum, and the forum has a search facility. If you still have a question, start your own thread. Don't hijack other threads about other topics.
Every one knows to read API documentation. If those were clear then I wouldn't ask here for help. Then you need to ask a specific question about something you specifically didn't understand, in a specific thread, in a specific forum. The best reference is the Javadoc. That's what it's for, and reading it is how I learned Java. If you can't understand it maybe you need to make more of an effort. Nobody is going to type it in here again for you in a more comprehensible form (I hope). It's your job to understand the material you have to work with. At the moment you're just asking someone to do your job for you.
And yes this topic may have been covered previously, but its not necessary for me to know what topics are covered in this forum.The question asked in this thread has been answered previously in this thread. Is that too hard to find? The question you asked that hasn't been covered in this thread doesn't belong in this thread. Is that too hard to understand?

Configure JAAS login module stack to support x.509 certificates without SSL

I want to use x.509 certificates for authentication against a EP 7.0 but I dont want to have SSL traffic on the network segment where the portal resides. Obviously the SSL must be terminated in an application gateway that sends the certificate to the portal in the header.
I know that AcceptClientCertWithoutSSL must be set to true in the http provider and that ClientCertificateHeaderName is the name of the header variable that contains the users certificate, default is SSL_CLIENT_CERT.
What I dont know is how to configure my JAAS login module stack, my suggestion would be this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CertPersisterLoginModule OPTIONAL {Rule1.getUserFrom=SSL_CLIENT_CERT}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
My concern is does the ClientCertLoginModule and the CertPersisterLoginModule read from the header variable? If they dont, is there another login module that should be used in this case?

Hi Claus,
you got the flags right but the options of the login modules (LM) are wrong, so the certificate authentication won't work.
There's two problems I see: (1) Rule1.getUserFrom is not a valid option for the LM CertPersisterLoginModule, and (2) SSL_CLIENT_CERT is not a valid value for the option Rule1.getUserFrom of the ClientCertLoginModule.
Looking at this topic:
http://help.sap.com/saphelp_nw2004s/helpdata/en/ea/301e3e6217b40be10000000a114084/content.htm
the header variable used to pass the certificate is maintained in the HTTP provider service properties but since you use the default you don't need to maintain that part of the config. You also don't need the CertPersisterLoginModule in the config because it is used for automatic certificate mapping, which doesn't work when you don't have SSL to the portal.
So with the above said your LM stack config should look like this:
EvaluateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
ClientCertLoginModule OPTIONAL {Rule1.getUserFrom=wholeCert}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
BasicPasswordLoginModule REQUISITE {}
CreateTicketLoginModule SUFFICIENT {ume.configuration.active=true}
If this doesn't work I'd suggest opening a support ticket.
Regards,
Yonko

Installing Verisign Certificate for SSL - please help

I'm trying to configure SSL for the first time on my WebLogic Server 6.1 SP1 instance
on a Win2K Server. I have used the built-in certificate generator servlet to
generate a CSR. I sent the CSR to Verisign and received a certificate back (looks
like it's in .pem format). Now, I've gone to the admin console and entered what
I thought were the right values in the right places, but WLServer doesn't seem
to like what I've entered and/or the files themselves. Here's what I have:
Server Key File Name: config/mydomain/my_domain_com-key.der (name changed of course
from the actual domain name) - This is the file generated automatically by the
certificate servlet that I moved into this directory.
Server Certificate File Name: config/mydomain/mycert.pem (this is the file that
was sent to me by Verisign, supposedly my 40-bit certificate).
Server Certificate Chain File Name: config/mydomain/verisignca.pem (I created
this file by going to the verisign site and copy/pasting their .pem format 'intermediate'
cert into this file - documentation real fuzzy on this step so it's probably wrong).
SSL is enabled, listening on the default port of 7001, client certificate not
enforced.
Now, when I boot the server, I get the following error in the log file: ####<Nov
19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver> <main>
<system> <> <000296> <Security configuration problem with certificate file config/mydomain/my_domain_com-key.der,
java.io.EOFException>.
What am I doing wrong here? I thought i put that file in the location I specified,
so does that error mean it can't find it or that the file itself is corrupt?
That's just the file that was autogenerated by the servlet, i don't see how it
could be corrupt! Also, I assume that's just the first error ... if I fix that
one, there likely will be more. I especially don't understand the part about
the chain file as the documentation is so unclear to me about putting multiple
certs in the chain file ...
Thanks for any pointers,
Josh

Hi Josh,
Jus to reconfirm are you sure that the Server key and Server Cert are not
interchanged ?
The error message indicates that private key is being read as a certificate.
Maybe its not a explicit error message and instead should be
Security configuration problem with private key file
config/mydomain/my_domain_com-key.der
Are you able to run with the democerts provided with weblogic ?
yeshwant
<system> <> <000296> <Security configuration problem with certificate
file config/mydomain/my_domain_com-key.der,Josh Daynard wrote:
Hey Yeshwant,
Thanks for the tip. I did not use a password when creating the CSR request and
the 'Key Encrypted' box is unchecked in my console. Any other thoughts???
Thanks,
Josh
Yeshwant <[email protected]> wrote:
Hi Josh
when you generated the csr using the certificate webapp , did you use
a password ie are you using a password
envrypted private key ?
if yes you will have to provide that value in the start sript using the
system property
weblogic.management.pkpassword=actualpassword and also make sure that
the Use Encrypted box is checked.
If not make sure that the Use Encrypted box in the console under the
ssl tab is unchecked.
Yeshwant
Josh Daynard wrote:
I'm trying to configure SSL for the first time on my WebLogic Server6.1 SP1 instance
on a Win2K Server. I have used the built-in certificate generatorservlet to
generate a CSR. I sent the CSR to Verisign and received a certificateback (looks
like it's in .pem format). Now, I've gone to the admin console andentered what
I thought were the right values in the right places, but WLServer doesn'tseem
to like what I've entered and/or the files themselves. Here's whatI have:
Server Key File Name: config/mydomain/my_domain_com-key.der (name changedof course
from the actual domain name) - This is the file generated automaticallyby the
certificate servlet that I moved into this directory.
Server Certificate File Name: config/mydomain/mycert.pem (this is thefile that
was sent to me by Verisign, supposedly my 40-bit certificate).
Server Certificate Chain File Name: config/mydomain/verisignca.pem(I created
this file by going to the verisign site and copy/pasting their .pemformat 'intermediate'
cert into this file - documentation real fuzzy on this step so it'sprobably wrong).
SSL is enabled, listening on the default port of 7001, client certificatenot
enforced.
Now, when I boot the server, I get the following error in the log file:####<Nov
19, 2001 12:45:03 PM EST> <Alert> <WebLogicServer> <VDWEB1> <myserver><main>
<system> <> <000296> <Security configuration problem with certificatefile config/mydomain/my_domain_com-key.der,
java.io.EOFException>.
What am I doing wrong here? I thought i put that file in the locationI specified,
so does that error mean it can't find it or that the file itself iscorrupt?
That's just the file that was autogenerated by the servlet, i don'tsee how it
could be corrupt! Also, I assume that's just the first error ... ifI fix that
one, there likely will be more. I especially don't understand thepart about
the chain file as the documentation is so unclear to me about puttingmultiple
certs in the chain file ...
Thanks for any pointers,
Josh

What is POP3 / SMTP / IMAP / SSL / TCP-IP / HTTP / HTTPs ?

Hi Experts.
Can anybody tell me about the following questions.
What is POP3 ?
What is IMAP ?
What is SMTP ?
What is SSL encryption ?
What is TCP-IP connection ?
what is HTTP ?
What is difference in HTTP:// and HTTPs:// ?
Thanks in advance.
Regards,
-=Soniya.=-

Hi,
POP3: This is stands for Post Office Protocol this is part of mail inbox configuration, based on POP3 configuration mail will be reach to inbox from out side.
IMAP: This is stands for Internet Message Access Protocol, it is one of protocol for internet data transfer
SMTP: This is stands for Simple Mail Transport Protocol, it is outbox mail configuration, based on SMTP configuration mail will be send to target system
SSL: This is stands for Secure Socket Layer, this is mainly used to transfer data between two system in secure way. In this configuration we can provide security in transport (https) & message level (encryption & decryption)
TCP-IP: This is stands for Transmission Control Protocol-Internet Protocol, it is for using internet & intranet. This protocol will support most of all network.
HTTP: This is stands for Hyper Text Transport Protocol, this protocol convert data to XML format and send across internet & intranet.
What is difference in HTTP:// and HTTPs:// ?
HTTP & HTTPs main difference is security, http we don't have any security in message transport but HTTPs by default provide security in transport level & message level using digital certificates
I hope now clear

Installing certificates for ssl mailservers

Hello all,
I tried to install the ssl certificates for all my mailservers as directed in mail help.
It says something like that. If you receive a warning for an unknown certificate choose "show certificate" and draw the certificate icon onto your desktop. Doubble click on it to put it to your keychain.
Meanwhile I put the certificates of all mailservers I use into my personal and the system keychain and I still receive the warning for all mailservers that they use an unknown certificate.
What shall I do now?

I found out that the names of the servers were not 100% identical.
I used pop.provider.com instead of pop3.provider.com, as mail was able to connect do pop.provider.com I didn't realize that this could be a problem.

What else for uwc and SSL

I created a certificate db and a self signed cert for use with the messaging server (05Q1) and enables ssl for http, but when I go to https://servername/uwc, a simple message of "Not found" is displayed. If I go to just https://servername, I am greeted with a login, but am directed to the old communications express webmail client.
Any hints on what special config changes I need to make to enable uwc over ssl?

I think you might have more luck posting your
question in the Sun Java System Messaging Server
forum.Been there. this isnt solely related to messaging server as the same message comes up when I go to, for instance, https://servername/amconsole

What does the Certificate Manager do?

There are tons of Certificates (some government affiliated). Can I remove these or at least find out their association is? (ie. they are for xxxx website that you visited on xx/xxxx). Is there something that tells me if a certificate is permanent or part of the computer. This is all very scary.

See:
*https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
*https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/
You can only disable built-in root certificates by removing their trust bits (click the Edit button) to make it impossible to use them as root certificate.
You may want to disable SSL3 for now until this vulnerability is addressed if you are concerned.
RSA Signature Forgery in NSS:
*https://blog.mozilla.org/security/2014/09/24/rsa-signature-forgery-in-nss/
*https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
You can set the security.tls.version.min to 1 on the <b>about:config</b> page to disable SSL3 and only have TLS 1.0 and later enabled.
You may need to close and restart Firefox after changing these prefs.
* security.tls.version.min = 1
* http://kb.mozillazine.org/security.tls.version.*
0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2 etc.
Note that you may have to reset the pref and re-enable SSL3 in case you experience issues with accessing websites via a secure connection.

What is -----BEGIN CERTIFICATE----- in SSL

Similar Messages

Maybe you are looking for