WLS 5.1 certificate issue: encrypted private key
My organization has acquired some certificates for use with WLS. However, the private
keys for these certs were inadvertently encrypted with a password. We have a mix
of 5.1 and 6.1 servers. We got the keys working with our 6.1 servers, but 5.1
is a little tougher. How can we use these keys with our 5.1 servers?
I dont think 5.1 supports password encrypted private keys
Jason Norman wrote:
My organization has acquired some certificates for use with WLS. However, the private
keys for these certs were inadvertently encrypted with a password. We have a mix
of 5.1 and 6.1 servers. We got the keys working with our 6.1 servers, but 5.1
is a little tougher. How can we use these keys with our 5.1 servers?
Similar Messages
-
Can't Export a Certificate with the Private Key
I have downloaded a
Symantec Enterprise Mobile Code Signing Certificate from email link. And the certificate was installed with no errors. Now
when I'm going to export the certificate it will NOT allow me to export with private key. The option "Yes, export with private key" was grayed out. From MMC, add snap in certificate > local computer > certificate > certificatename. In this
location "I can see the certificate image with a key on it". Is this mean that the import is successful with private key? If so, how to export correctly? Kindly help please!
http://i1234.photobucket.com/albums/ff405/i_kiennt/Screenshot2_zpsaf770a8b.png
http://i1234.photobucket.com/albums/ff405/i_kiennt/Screenshot3_zpsde23204d.pngHello MrTrungKien,
Please share us a screenshot about The option "Yes, export with private key" was grayed out.
Please take a look at the following article about exporting a Certificate with the Private Key.
http://technet.microsoft.com/en-us/library/cc754329.aspx
Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
It is marked as not exportable so users cannot export this certificate.
Please contact Symantec to confirm if the key is exportable.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
Please guide me on the issue of private key
Hi All
I am working on application that requires to do encryption and decryption using public and public key. I need some guidance on how to implement this functionality. The only requirement is to have public key and private key in two different files. For public key i can get it from .cer certificate file but i do not have much idea of what feature in java is provided to read private key from file. The file is definately not the keystore file. Please guide me as to in what format the private key should be so that my java program could read it and do decryption.
Another thing is that the private and public key file will be provided by the client. I do not have any control on creating them. I will be given a location where i could find public and private key and passphrase for private key.
Basically i do not have any clue on what class or technique to use to read those
Thanks and Regards
Pankaj TiwariThis is how i create the private and the public key files (Not the certificate file) :
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048); // 2048 is the keysize.
KeyPair kp = kpg.generateKeyPair();
PublicKey publicKey = kp.getPublic();
PrivateKey privateKey = kp.getPrivate();
// Serialize to a file
ObjectOutput outPK = new ObjectOutputStream(new FileOutputStream("C:/Temp/PrivateKey.ser"));
outPK.writeObject(privateKey);
outPK.close();
This is how i verify the signature of a file :
File fileKey = new File("C:/Temp/KeyPair/publicKey.ser");
ObjectInputStream inPK = new ObjectInputStream(new FileInputStream(fileKey));
PublicKey publicKey = (PublicKey) inPK.readObject();
inPK.close();
// C:/Temp/myfile.zip.sign is the file that was generated when i signed my file C:/Temp/myfile.zip
String algorithm = "SHA1withRSA";
String myFile = "C:/Temp/myfile.zip";
File fileSign = new File("C:/Temp/myfile.zip.sign");
ObjectInputStream inSign = new ObjectInputStream(new FileInputStream(fileSign));
byte[] signature = (byte[]) inSign.readObject();
inSign.close();
Signature verif = Signature.getInstance(algorithm);
verif.initVerify(pubKey);
FileInputStream in = new FileInputStream(myFile);
int chVerif = 0;
while ((chVerif = in.read()) != -1) {
verif.update((byte)chVerif);
if (verif.verify(signature))
System.out.println("OK");
else
System.out.println("Error"); -
IPCU (v2.1) - deploying client certificates w/o private keys
Hi all,
We're in the process of trialling iPhones with Exchange ActiveSync at work. However, it's been mandated by our security team that we must issue SSL client certificates to the iPhones as part of the deployment (2-factor auth). We them have an ISA server in the DMZ validating these SSL certificates, before taking the users credentials and authenticating them against Active Directory.
To that end, I am using the iPhone Configuration Utility to package up a profile for deployment. The ActiveSync payload includes the configuration settings required to connect to Exchange, and I've also associated the SSL client certificate with it. However, when I choose the SSL client cert, it throws up an error if the private keys have not been marked as "exportable".
The error is: "Certificate exception: Key not valid in specified state". As soon as I generate the client cert, and make the private keys as exportable.... I can associate the client certificate OK using the configuration utility.
Why do the client keys have to be marked as exportable? This just means that if the phone is jailbroken the keys can be exported and moved to another device - not exactly ideal.
Does anyone know any specifics around how these client certificates should be generated.... is there a way to avoid having the private keys marked as exportable?
Regards, James.It would seem, according to p.39 of the Enterprise Deployment Guide, this is only necessary on Windows, not on Mac. Just speculating, but maybe this is the only way a third-party app (iPCU) can get what it needs from the Windows Certificate Store?
-
Out-of-range security question: Export a certificate with the private key
Hi Forumers'
As above title mention, if we doing PKI, we sure will get invovle with Certificate.
The moment i doing WLC and ACS express appliance, where the appliances is not coming with generate CSR feature...So we use openSSL for it.
To clear my curiousity, Why we need to export the certifiate wit the private key? Itsn't the private key cannot publish to the public ??
Thanks
NoelBecause both appliances are acting as a server, and you would need to have the private key on the server. However, you don't give the private key to all the clients for sure as you mentioned you only need to provide public key to the client, not the private key. Private key should only be kept on the server, and in this case both appliances are the server.
-
Does WLS 5.1 support private key passwords like WLS 6 does ?
WebLogic 6.0 supports private key passwords as described here http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053139,
summarized here;
"When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped
Keys field on the SSL tab of the Server window in the Administration Console.",
plus you need to use this diraective -Dweblogic.management.pkpassword=
I can't find any support for this in WLS 5.1. Does 5.1 support this additional
level of security ?
Thanks.In order to have the weblogic.mangement.pkpassword stuff work two other things need to have happened first:
1) you generated a protected private key rather than just a "regular" private key. In the Certificate Servlet this is done by typing characters into the password field of the form to generate the key and
then later passing those characters to the weblogic.management.pkpassword commandline attribute.
2) you set the KeyEncrypted attribute in the SSL page in the console
You can use protected/encrypted private keys or not but you need to make sure that you actually generated an encrypted private key and you've set SSL to use an encrypted private key and told the
server to start up with an encrypted private key.
Paul
On 24 Jul 2001 08:13:06 -0700, [email protected] (David Barrett) wrote:
Hello Dave,
Dave here.
I'm having some problems with the Weblogic SSL installation also. I
was able to set the weblogic.management.pkpassword, but I am recieving
the following error when attempting to start the server.
Jul 23, 2001 1:44:53 PM EDT> <Info> <Logging> <Only log messages of
severity "Error" or worse will be displayed in this window. This can
be changed at Admin Console> myserver> Servers> myserverpass> Logging>
General> Stdout severity threshold>
<Jul 23, 2001 1:44:57 PM EDT> <Alert> <WebLogicServer> <Security
configuration problem with certificate file config/myserver/mykey.der,
java.lang.NullPointerException>
java.lang.NullPointerException
at weblogic.security.PKCS5.setPassword(PKCS5.java:173)
at weblogic.security.RSAPrivateKeyPKCS8.<init>(RSAPrivateKeyPKCS8.java:124)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:387)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:297)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:942)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:403)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
Please let me know if you know of any way to fix this issue.
Best,
David
"Dave Javu" <[email protected]> wrote in message news:<[email protected]>...
WebLogic 6.0 supports private key passwords as described here http://e-docs.bea.com/wls/docs60/adminguide/cnfgsec.html#1053139,
summarized here;
"When using PKCS-8 encrypted private keys, you need to enable the Use Encrytped
Keys field on the SSL tab of the Server window in the Administration Console.",
plus you need to use this diraective -Dweblogic.management.pkpassword=
I can't find any support for this in WLS 5.1. Does 5.1 support this additional
level of security ?
Thanks. -
Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. The private
key generated by WLS 5.1 does not use any password, and can therefore not be
used with 7.0
Do I have to generate a new private key and order a new SSL certificate, or
is there a way I can assign a password to my existing private key so I can
continue using this ??
Thanx in advance !!!
Jan Espen HansenThanks a lot Tony !!!!! This solved my problem.
JEH
"Tony" <TonyV> wrote in message news:[email protected]..
Incorrect PEM headers/footers can confuse the tool.
Double check that the header and footer for your PEM file match thecontents
of the
data in the file.
If it was an unprotected RSA private key, the header and footer shouldlook
like
this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
It should not say it is a certificate (which is the default for theder2pem
utility), and it
should not say it is an encrypted private key.
Tony
"a" <[email protected]> wrote in message news:3f9f7705$[email protected]..
Hi, and thank you for your answer. I've tried the tool you mention, but
I
get the following error message:
"Error parsing BER private key data 3000"
Since my private key is in .der format I have first run the weblogicutil
utils.der2pem on it, but I still get this error message.
Any ideas ??
JEH
"Tony" <TonyV> wrote in message news:[email protected]..
You should not have to generate a new key.
There is a native tool that is supplied on the WLS kit that can
protect
an
unprotected private key for you:
wlkeytool inputkey.pem outputkey.pem
It will prompt for passwords, I believe that will do what you want.
Tools such as OpenSSL should also be able to protect the private key.
Tony
"Janne K" <[email protected]> wrote in message
news:[email protected]..
Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. Theprivate
key generated by WLS 5.1 does not use any password, and can
therefore
not
be
used with 7.0
Do I have to generate a new private key and order a new SSL
certificate,
or
is there a way I can assign a password to my existing private key so
I
can
continue using this ??
Thanx in advance !!!
Jan Espen Hansen -
Checklist for Exchange Certificate issues
Checklist for Exchange Certificate issues
1.
Why certificate is important for Exchange and What are Certificates used for
Exchange is now using certificates for more than just web, POP3, or IMAP. In addition to
securing web services, it has also incorporated Transport Layer Security (TLS) for session based authentication and encryption.
Certificates are used for several things on Exchange Server. Most customers also use certificates
on more than one Exchange server. In general, the fewer certificates you have, the easier certificate management becomes.
IIS (OWA, ECP, EWS, EAS, OA, Autodiscover, OAB, UM)
POP/IMAP
SMTP
2.
Common symptoms for
certificate issue
Here we can see three different types of the certificate warning, mainly from the Outlook
side.
a.
Certificate mismatch issue
b.
Certificate trust issue
c.
Certificate expiration issue
3.
Checklists
In this section, checklists will be provided according to the three different scenarios:
Certificate Mismatch Issue
[Analysis]:
This issue mainly occurs because the URL of the web services Outlook tries
to connect does not match the host name in the certificate.
[Checklist]:
Firstly make sure how many host name in your certificate the certificate. Run “Get-ExchangeCertificate | select certificatedomain”.
Secondly, check the web services URLs which Outlook are trying to connect to. Run “Test Email AutoConfiguration”
In this scenario, you need to check the host name for the following services:
Autodiscover
EWS
OAB
ECP
UM
If any of the urls above does not match the one in the certificate, refer to the following article to change
it via EMS:
http://support.microsoft.com/kb/940726
1.
Do not forget to restart the IIS service after applying the changes above.
2. Make sure a valid certificate is enabled on the IIS service.
Certificate Trust Issue
[Analysis]:
For the self-signed and PKI-based (Enterprise)
certificates, they are not automatically trusted by the client computer or mobile device, you must make sure that you import the certificate into the trusted root certificate store on client computers and devices. On the other hand, Third-party or commercial
certificates do not have this problem. Most commercial CA certificates are already trusted because the certificate already resides in the trusted root certificate store. Because the issuer is trusted, the certificate is also trusted. Using third-party certificates
greatly simplifies deployment.
[Checklist]:
If it’s an Enterprise CA certificate, manually install the root certificate to the “Trusted Root Certification Authorities” folder:
If it is a 3<sup>rd</sup>-party certificate, first remove and reinstall the certificate. Check whether the Windows Certificate Store on the local
client is corrupted. If it still does not work, please contact the third-party CA support to verify the certificate.
Certificate Expiration Issue
[Checklist]:
When a certificate is about to expired, we just need to renew it by referring the following article:
Renew an Exchange Certificate
http://technet.microsoft.com/en-us/library/ee332322(v=exchg.141).aspx
To avoid any conflictions, it’s recommended to remove the expired certificate from the certificate store.
[How to set a reminder to alert the administrator when a certificate is about to expired]:
It’s easy to fix the certificate expire issue. But it should be more important to set a reminder before the
certificate expiration. Or there can be a large user impacts.
Generally, the Event ID “^(24|25)$” will appear in Application log when a certificate is about to expire.
If it’s not quite visible, we can refer to the following solution:
http://blogs.technet.com/b/nexthop/archive/2011/11/18/certificate-expiration-alerting.aspx
OWA certificate revoked issue
[Analysis]:
IE
includes support for server certificate revocation which verifies that an issuing
CA has not revoked a server certificate. This feature checks for CryptoAPI revocation when certificate extensions
are present. If the URL for the revocation information is unresponsive, IE cancels the connection.
[Solution or workaround]:
1. Contact CA provider and check whether the questioned certificate is in the Revoked List.
2. If not, check whether the certificate has a private key.
3. Remove the old certificate and import the new one.
Workaround:
IE Internet Options -> Advanced tab -> Clear the "Check for server certificate revocation"
checkbox.
4.
More References
Digital Certificates and SSL
http://technet.microsoft.com/en-us/library/dd351044(v=exchg.150).aspx
More on Exchange 2007 and certificates - with real world scenario
http://blogs.technet.com/b/exchange/archive/2007/07/02/3403301.aspx(Reported previous post with link to SIS package to moderator)
This is not the correct SIS package for the N73. The package shown is for S60 3.2 devices, but the N73 is not S60 3.2, I believe it is S60 3.0.
Most features may work with this SIS, but if you experience strange problems, try using the S60 3.0 version.
But there are no significant difference between 2.5.3 and 2.5.5 with regard to attachments. The only changes were with localization (languages).
At this point, try 2.7.0 which is out now:
http://businesssoftware.nokia.com/mail_for_exchange_downloads.php
Make sure to pick the right phone on the drop down list. It does matter! There are 4 different packages. This list makes sure you get the right one.
I have seen some issues with attachments not completing that seem to be carrier dependent. You can test this my using Wifi (if possible).
Message Edited by m4e_team_k on 28-Sep-2008 12:25 AM -
How to install PEM-format SSL private key from weblogic to NES
I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !
Hi
I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
Thank you -
If you have 2 separate VPN clients using certificates on Windows 7. Can/would the private keys use separate private key stores?
Hi,
Every certificate is stored with its private key.
For more information, please refer to this article:
Export a Certificate with the Private Key
http://technet.microsoft.com/en-us/library/cc754329.aspx
Karen Hu
TechNet Community Support -
I generated a CSR with the certificate servlet. I modified
config.xml in order to set the right files :
<SSL Enabled="true" ListenPort="7002" Name="test2" ServerCertificateChainFileName="config/mydomain/cacrt.pem"
ServerCertificateFileName="config/mydomain/servercert.pem"
ServerKeyFileName="config/mydomain/serverkey.der"/>
The serverkey.der is a copy of the file generated by the
certificate servlet.
At startup the following error occurs :
<30 juil. 01 20:23:26 CEST> <Alert> <WebLogicServer> <Security configuration problem
with certificate file config/mydomain/serverkey.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1028)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
More over the conversion of the serverkey.der in serverkey.pem
with openssl gives the following error :
openssl rsa -in serverkey.der -outform PEM -out serverkey.pem
read RSA key
unable to load key
1276:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib
.c:662:Expecting: ANY PRIVATE KEY
and reading the file by the default W2K reader gives an error too.
Need help !Agree with S Guna, the ISP/Certificate Authority won't generate the private key, the request from your Lync server does. So the private key is already sitting on your Lync 2010 Server. Once you import the certificate generated by the certificate
authority, the private key and certificate should be paired and can be assigned to Lync.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Importing a PKCS12 private key into java Keystore
Hi,
We have an existing private key, stored in a ".p12" file.
Currently, our existing program will access this file directly to retrieve the private key, however, we need to import this private key into a keystore so it can be retrieved by our new code.
Does anyone know whether it is possible to do this, and if so, is there any criteria that need to be met.
If it is possible, then how do we do it?
Assistance is appreciated!
Regards
Steve WilliamsSorry to cross-post, but I have a similar problem.
I have an existing certificate (public/private keypair) that I'm using in Microsoft IIS. Using Cert Manager in Windows2000 I export the certificate preserving the private key into a pfx file. I need to import the public/private keypair into the keystore. I also have the original certificate request and reply from Verisign if that helps any. I've looked everywhere and have been unable to find any information about doing this. Please Help!
If there is a way to do this using keytool that would be great. If someone knows how to programmatically do this that would also be great.
Thanks in advance,
Trey Caldwell
Software Engineer
Intrannuity, LLC
[email protected] -
Self Signed Certificates vs. GnuPG key and Web of Trust
I'm not totally sure where to ask this question, though this is the best place I can think of.
Wanting to be able to digitally sign my emails, and I can use a self signed certificate, or get one from CAcert.org (which, as far as I can tell, is also a self signature)...
Whereas with GnuPG, the keys are certified based on the web of trust.
Is there any kind of web of trust for the certificates?
RussellYour private key is stored in the keystore (.pfx or .p12)
file that adt created for you when you created your self-sign
certificate. The file itself is protected by the password you
entered. Don't ever give this file to anyone, and under no
circumstances should you give the password to anyone.
The public key is also stored in the same file. You can
export the public key, embedded in a certificate, from the keystore
file, although you likely won't have any need to do that.
If the resulting .air file is ever modified then the
application won't install. There's no need for users to check the
hash or anything like that to validate the file; it's all done
automatically as part of the installation process.
Hope that helps,
Oliver Goldman | Adobe AIR Engineering -
Hi, We are trying to get a client to communicate with the primary Config Manager Site System(MP/DP).
We have a Config Manager Client Template that was setup using this guide.
http://technet.microsoft.com/en-us/library/gg682023.aspx
We have a Client Cert on the primary site system server (primary config manager server) based on this template and it meets the requirements specified in this document
http://technet.microsoft.com/en-us/library/gg699362.aspx
Enhanced Key Usage value must contain
Client Authentication (1.3.6.1.5.5.7.3.2).
Client computers must have a unique value in the Subject Name field or in the Subject Alternative Name field.
SHA-1and SHA-2 hash algorithms are supported.
Maximum supported key length is 2048 bits.
The Cert that we generated for the client meets the same requirements and shows the exact same template id but has a different subject name and alternate name (which is the clients machine name).
With this setup, we still get the following error
Certificate [Thumbprint SOME THUMBPRINT] issued to 'CLientMachineName' doesn't have private key or caller doesn't have access to private key.
Both the site system and client have the same trusted root cert installed.
What are we missing or what can we check? Does the cert check process only need the client certs on both the site system and the client to be from the same template?
Here is a snippet of the clientidmanagerstartup.log
<![LOG[HTTPS is enforced for Client. The current state is 63.]LOG]!><time="15:02:32.057+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="ccmutillib.cpp:395">
<![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="15:02:32.058+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3833">
<![LOG[Certificate Issuer 1 [CN=THE_NAME_OFTHE_CA; DC=DOMAIN; DC=LOCAL]]LOG]!><time="15:02:32.058+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3849">
<![LOG[Based on Certificate Issuer 'THE_NAME_OFTHE_CA' found Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.082+300" date="03-12-2014" component="ClientIDManagerStartup"
context="" type="1" thread="716" file="ccmcert.cpp:3931">
<![LOG[Begin validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.082+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1245">
<![LOG[Completed validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1386">
<![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716"
file="ccmcert.cpp:3992">
<![LOG[Begin to select client certificate]LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="ccmcert.cpp:4073">
<![LOG[Begin validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.085+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1245">
<![LOG[Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME' doesn't have private key or caller doesn't have access to private key.]LOG]!><time="15:02:32.086+300" date="03-12-2014" component="ClientIDManagerStartup"
context="" type="2" thread="716" file="ccmcert.cpp:1372">
<![LOG[Completed validation of Certificate [Thumbprint SOMETHUMBPRINT_1] issued to 'CLIENTMACHINENAME']LOG]!><time="15:02:32.086+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1"
thread="716" file="ccmcert.cpp:1386">
<![LOG[Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:GUID";
DateTime = "20140312200232.090000+000";
HRESULT = "0x87d00283";
ProcessID = 6380;
ThreadID = 716;
]LOG]!><time="15:02:32.090+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="event.cpp:706">
<![LOG[Failed to submit event to the Status Agent. Attempting to create pending event.]LOG]!><time="15:02:32.092+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="2" thread="716"
file="event.cpp:728">
<![LOG[Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
ClientID = "GUID:GUID";
DateTime = "20140312200232.090000+000";
HRESULT = "0x87d00283";
ProcessID = 6380;
ThreadID = 716;
]LOG]!><time="15:02:32.092+300" date="03-12-2014" component="ClientIDManagerStartup" context="" type="1" thread="716" file="event.cpp:761">
<![LOG[Unable to find PKI Certificate matching SCCM certificate selection criteria. 0x87d00283]
Thanks LanceHi,
It seems that there are something wrong with you PKI system.
Here are some steps for your reference.
SCCM 2012: Part II – Certificate Configuration
http://gabrielbeaver.me/2012/08/sccm-2012-part-ii-certificate-configuration/
Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Encrypt text without full blown public/private keys or certificates?
hello,
i would like to encrypt small texts (up to about 1000 characters) to save them in a file and later load them and decrypt the text. what solutions in Java are available without setting up a full blown key store with public and private keys and/or certificates. i think about a small method/class that en- and decrypts arbitrary text.
any suggestions?
thanks in advance!okay, i found my solution:
Blowfish (http://www.counterpane.com/blowfish.html) :
BlowfishEasy be = new
e = new BlowfishEasy("somekey");
String crypted = be.encryptString(plaintext);
Now, this I call easy and quite secure!
:-)hey can u please tell me where u got the code from on
blowfish website above
I go there and click and the "Free source code" link.
I then try and download the java implementation (which
are packed as zip files), When I unzip them though
the file just has up to the class declaration?????
eg. public class BlowFish ... {
and nothing else????
Can u tell me what u did please
Maybe you are looking for
-
How to reject Line Items in a Service Contract?
Hello friends, Can anyone help me understand how do we reject items in a Service Contract? I don't see any Reject field. Is it one of the Status I need to configure for Item Level Status Profile? Even if I add a 'Reject' status, how do I link it to R
-
Hi Experts, I want to set-up a mail server so as to perform some email-related scenarios, so please tell me the procedure to set-up a mail server in my local desktop. Is it cumbersome to set-up a mail server for testing purposes? Can I use one of the
-
How to get the name of the current class...
I'm writing a method for a superclass, to be used by all dervied classes. In the method, I want to be able to find out what class is running, and then use the instanceof operation on it. How do I do this? Something like: String className = this.getCl
-
Just purchased a new album on my iphone. The album shows up in my itunes account but has exclamation points after it and I'm not able to play those songs. How do I fix this?
-
How to I determine the Device ID on Windows Moblile 5 and CreMe Java
Hi there, I was wondering if there is an easy way to determine the Device ID (the number that shows up when you bring up the dmagent application). I want to use this number as part of a unique barcode number (ie xxxx xxxx 0101 xxxx), but I am not sur