Search Results

Search found 171 results on 7 pages for 'keystore'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/7 | < Previous Page | 1 2 3 4 5 6 7  | Next Page >

  • Create a Self Signed Sertificate on WLS 10.3.5 Supporting SHA 256 Algorthim.

    - by adejuanc
    1) Set domain to call the keytool $. setDomainEnv.sh 2) Generate the key $ keytool -genkey -alias selfsignedcert -keyalg RSA -sigalg SHA256withRSA -keypass privatepassword -keystore identity.jks -storepass password -validity 365 What is your first and last name? [Unknown]: adejuan-desktop.cl.oracle.com What is the name of your organizational unit? [Unknown]: a What is the name of your organization? [Unknown]: e What is the name of your City or Locality? [Unknown]: i What is the name of your State or Province? [Unknown]: o What is the two-letter country code for this unit? [Unknown]: U Is CN=adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U correct? [no]: yes 3) Export the root certificate $ keytool -export -alias selfsignedcert -sigalg SHA256withRSA -file root.cer -keystore identity.jks Enter keystore password: Certificate stored in file <root.cer> 4) Import the root certificate to the trust store $ keytool -import -alias selfsignedcert -sigalg SHA256withRSA -trustcacerts -file root.cer -keystore trust.jks Enter keystore password: Re-enter new password: Owner: CN=adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U Issuer: CN=adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U Serial number: 4f17459a Valid from: Wed Jan 16 15:33:22CLST 2012 until: Thu Jan 15 15:33:22 CLST 2013 Certificate fingerprints: MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1 SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B Signature algorithm name: SHA256withRSA Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore 5) To check the contents of the keystore keytool -v -list -keystore identity.jks Enter keystore password: ***************** WARNING WARNING WARNING ***************** * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * ***************** WARNING WARNING WARNING ***************** Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: selfsignedcert Creation date: Jan 18, 2012 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U Issuer: CN=adejuan-desktop.cl.oracle.com, OU=a, O=e, L=i, ST=o, C=U Serial number: 4f17459a Valid from: Wed Jan 16 15:42:16CLST 2012 until: Thu Jan 15 15:42:16 CLST 2013 Certificate fingerprints: MD5: 7F:08:FA:DE:CD:D5:C3:D3:83:ED:B8:4F:F2:DA:4E:A1 SHA1: 87:E4:7C:B8:D7:1A:90:53:FE:1B:70:B6:32:22:5B:83:29:81:53:4B Signature algorithm name: SHA256withRSA Version: 3 ******************************************* ******************************************* 6) In some cases, this parameter is needed in the server start up parameters. -Dweblogic.ssl.JSSEEnabled=true Otherwise, enable it from the Server configuration -> SSL -> Use JSSE checkbox.

    Read the article

  • How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet

    - by mv
    How to export ECC key and Cert from NSS DB and import into JKS keystore and Oracle Wallet In this blog I will write about how to extract a cert and key from NSS Db and import it to a JKS Keystore and then import that JKS Keystore into Oracle Wallet. 1. Set Java Home I pointed it to JRE 1.6.0_22 $ export JAVA_HOME=/usr/java/jre1.6.0_22/ 2. Create a self signed ECC cert in NSS DB I created NSS DB with self signed ECC certificate. If you already have NSS Db with ECC cert (and key) skip this step. $export NSS_DIR=/export/home/nss/ $$NSS_DIR/certutil -N -d . $$NSS_DIR/certutil -S -x -s "CN=test,C=US" -t "C,C,C" -n ecc-cert -k ec -q nistp192 -d . 3. Export ECC cert and key using pk12util Use NSS tool pk12util to export this cert and key into a p12 file      $$NSS_DIR/pk12util -o ecc-cert.p12 -n ecc-cert -d . -W password 4. Use keytool to create JKS keystore and import this p12 file 4.1 Import p12 file created above into a JKS keystore $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v But if an error as shown is encountered, keytool error: java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available java.security.UnrecoverableKeyException: Get Key failed: EC KeyFactory not available        at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineGetKey(Unknown Source)         at java.security.KeyStoreSpi.engineGetEntry(Unknown Source)         at java.security.KeyStore.getEntry(Unknown Source)         at sun.security.tools.KeyTool.recoverEntry(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStoreSingle(Unknown Source)         at sun.security.tools.KeyTool.doImportKeyStore(Unknown Source)         at sun.security.tools.KeyTool.doCommands(Unknown Source)         at sun.security.tools.KeyTool.run(Unknown Source)         at sun.security.tools.KeyTool.main(Unknown Source) Caused by: java.security.NoSuchAlgorithmException: EC KeyFactory not available         at java.security.KeyFactory.<init>(Unknown Source)         at java.security.KeyFactory.getInstance(Unknown Source)         ... 9 more 4.2 Create a new PKCS11 provider If you didn't get an error as shown above skip this step. Since we already have NSS libraries built with ECC, we can create a new PKCS11 provider Create ${java.home}/jre/lib/security/nss.cfg as follows: name = NSS     nssLibraryDirectory = ${nsslibdir}    nssDbMode = noDb    attributes = compatibility where nsslibdir should contain NSS libs with ECC support. Add the following line to ${java.home}/jre/lib/security/java.security :      security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg Note that those who are using Oracle iPlanet Web Server or Oracle Traffic Director, NSS libs built with ECC are in <ws_install_dir>/lib or <otd_install_dir>/lib. 4.3. Now keytool should work Now you can try the same keytool command and see that it succeeds : $JAVA_HOME/bin/keytool -importkeystore -srckeystore ecc-cert.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore ecc.jks -srcstorepass password -deststorepass password -srcalias ecc-cert -destalias ecc-cert -srckeypass password -destkeypass password -v [Storing ecc.jks] 5. Convert JKS keystore into an Oracle Wallet You can export this cert and key from JKS keystore and import it into an Oracle Wallet if you need using orapki tool as shown below. Make sure that orapki you use supports ECC. Also for ECC you MUST use "-jsafe" option. $ orapki wallet create -pwd password  -wallet .  -jsafe $ orapki wallet jks_to_pkcs12 -wallet . -pwd password -keystore ecc.jks -jkspwd password -jsafe AS $orapki wallet display -wallet . -pwd welcome1  -jsafeOracle PKI Tool : Version 11.1.2.0.0Copyright (c) 2004, 2012, Oracle and/or its affiliates. All rights reserved.Requested Certificates:User Certificates:Subject:        CN=test,C=USTrusted Certificates:Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=USSubject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USSubject:        CN=test,C=US As you can see our ECC cert in the wallet. You can follow the same steps for RSA certs as well. 6. References http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356 http://old.nabble.com/-PATCH-FOR-REVIEW-%3A-Support-PKCS11-cryptography-via-NSS-p25282932.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

    Read the article

  • Java Trusting ssl CA

    - by LuigiEdlCarno
    I guess I am out of ideas here. I am trying to consume a web service in java which has an ssl certificate. I createt a a keystore file in which I have added the certificate. The file lies in my project folder. I imported it using: System.setProperty("javax.net.ssl.keyStore", "folder\\keystore.jks"); System.setProperty("javax.net.ssl.keyStorePassword", "SECRET"); Apparently, the web service call checks the keystore because when giving a wrong path to the file the application throws an exception when invoking the WS, not when setting the system property. Anyway, when giving the correct path to the keystore file, I still get AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Authorization Required Someone told me I had to trust the CA, before any of this would work. How do I do this?

    Read the article

  • Keystore and Aliases - is there a use to multiple aliases?

    - by Steve H
    When exporting a signed Android application using Eclipse, is there a purpose to using multiple aliases? According to the official guide about signing, it's recommended that you sign all applications with the same certificate to allow your applications to share data, code and be updated in modular fashion. Assuming that "alias", "key" and "certificate" are essentially interchangeable in this context, is there a reason why someone would want to use different aliases for all their applications? The only reason I can think of is that it adds more security to your applications, in the sense that a compromised key/password doesn't compromise everything. Are there other reasons? Also, is the generated key dependent on the name of the alias? In other words, if you change the name of the alias but not the password, would the generated certificate be different? Thanks.

    Read the article

  • throws SecurityException when signing with the default debug keystore

    - by Omer
    I am receiving a SecurityException since yesterday when I launch the service using signature protection level for permission with the default debug keystore. The strange thing is I wasn't receiving this error before yesterday and I didn't make any security related change. On the other hand, my own keystore using for releases is still working good. Related AndroidManifest.xml part: <permission android:name="com.my.app.privateservices" android:protectionLevel="signature" /> <service android:name=".MyService" android:permission="com.my.app.privateservices" />

    Read the article

  • Android - how to set keystore

    - by teepusink
    Hi, I'm running a sample application that has a map component to it. The app launch find, but I don't see the map loading. I read sometime ago that it might be caused by keystore mismatch? How do I set keystore? Been trying to find it from google and eclipse but can't find where I can change that. Thanks, Tee

    Read the article

  • Which linux x86 hardware keystore?

    - by byeo
    I'm terminating SSL/TLS in my DMZ and I have to assume that machine will be hacked. At which point my certificates are compromised. Previously I've used nCipher hardware keystore/accelerator to solve this issue. These cards won't reveal the private key even to root. The card performs the encryption and decryption onboard and is hardened against physical attack. The only way to get at the keys is by attaching a smart card reader to the card itself. I'm having trouble finding information about something to recreate this approach. Is this the domain of specialist switches and firewalls these days? This old page references some of the old hardware: http://www.kegel.com/ssl/hw.html#cards

    Read the article

  • Establishing WebLogic Server HTTPS Trust of IIS Using a Microsoft Local Certificate Authority

    - by user647124
    Everyone agrees that self-signed and demo certificates for SSL and HTTPS should never be used in production and preferred not to be used elsewhere. Most self-signed and demo certificates are provided by vendors with the intention that they are used only to integrate within the same environment. In a vendor’s perfect world all application servers in a given enterprise are from the same vendor, which makes this lack of interoperability in a non-production environment an advantage. For us working in the real world, where not only do we not use a single vendor everywhere but have to make do with self-signed certificates for all but production, testing HTTPS between an IIS ASP.NET service provider and a WebLogic J2EE consumer application can be very frustrating to set up. It was for me, especially having found many blogs and discussion threads where various solutions were described but did not quite work and were all mostly similar but just a little bit different. To save both you and my future (who always seems to forget the hardest-won lessons) all of the pain and suffering, I am recording the steps that finally worked here for reference and sanity. How You Know You Need This The first cold clutches of dread that tells you it is going to be a long day is when you attempt to a WSDL published by IIS in WebLogic over HTTPS and you see the following: <Jul 30, 2012 2:51:31 PM EDT> <Warning> <Security> <BEA-090477> <Certificate chain received from myserver.mydomain.com - 10.555.55.123 was not trusted causing SSL handshake failure.> weblogic.wsee.wsdl.WsdlException: Failed to read wsdl file from url due to -- javax.net.ssl.SSLKeyException: [Security:090477]Certificate chain received from myserver02.mydomain.com - 10.555.55.123 was not trusted causing SSL handshake failure. The above is what started a three day sojourn into searching for a solution. Even people who had solved it before would tell me how they did, and then shrug when I demonstrated that the steps did not end in the success they claimed I would experience. Rather than torture you with the details of everything I did that did not work, here is what finally did work. Export the Certificates from IE First, take the offending WSDL URL and paste it into IE (if you have an internal Microsoft CA, you have IE, even if you don’t use it in favor of some other browser). To state the semi-obvious, if you received the error above there is a certificate configured for the IIS host of the service and the SSL port has been configured properly. Otherwise there would be a different error, usually about the site not found or connection failed. Once the WSDL loads, to the right of the address bar there will be a lock icon. Click the lock and then click View Certificates in the resulting dialog (if you do not have a lock icon but do have a Certificate Error message, see http://support.microsoft.com/kb/931850 for steps to install the certificate then you can continue from the point of finding the lock icon). Figure 1: View Certificates in IE Next, select the Details tab in the resulting dialog Figure 2: Use Certificate Details to Export Certificate Click Copy to File, then Next, then select the Base-64 encoded option for the format Figure 3: Select the Base-64 encoded option for the format For the sake of simplicity, I choose to save this to the root of the WebLogic domain. It will work from anywhere, but later you will need to type in the full path rather than just the certificate name if you save it elsewhere. Figure 4: Browse to Save Location Figure 5: Save the Certificate to the Domain Root for Convenience This is the point where I ran into some confusion. Some articles mentioned exporting the entire chain of certificates. This supposedly works for some types of certificates, or if you have a few other tools and the time to learn them. For the SSL experts out there, they already have these tools, know how to use them well, and should not be wasting their time reading this article meant for folks who just want to get things wired up and back to unit testing and development. For the rest of us, the easiest way to make sure things will work is to just export all the links in the chain individually and let WebLogic Server worry about re-assembling them into a chain (which it does quite nicely). While perhaps not the most elegant solution, the multi-step process is easy to repeat and uses only tools that are immediately available and require no learning curve. So… Next, go to Tools then Internet Options then the Content tab and click Certificates. Go to the Trust Root Certificate Authorities tab and find the certificate root for your Microsoft CA cert (look for the Issuer of the certificate you exported earlier). Figure 6: Trusted Root Certification Authorities Tab Export this one the same way as before, with a different name Figure 7: Use a Unique Name for Each Certificate Repeat this once more for the Intermediate Certificate tab. Import the Certificates to the WebLogic Domain Now, open an command prompt, navigate to [WEBLOGIC_DOMAIN_ROOT]\bin and execute setDomainEnv. You should then be in the root of the domain. If not, CD to the domain root. Assuming you saved the certificate in the domain root, execute the following: keytool -importcert -alias [ALIAS-1] -trustcacerts -file [FULL PATH TO .CER 1] -keystore truststore.jks -storepass [PASSWORD] An example with the variables filled in is: keytool -importcert -alias IIS-1 -trustcacerts -file microsftcert.cer -keystore truststore.jks -storepass password After several lines out output you will be prompted with: Trust this certificate? [no]: The correct answer is ‘yes’ (minus the quotes, of course). You’ll you know you were successful if the response is: Certificate was added to keystore If not, check your typing, as that is generally the source of an error at this point. Repeat this for all three of the certificates you exported, changing the [ALIAS-1] and [FULL PATH TO .CER 1] value each time. For example: keytool -importcert -alias IIS-1 -trustcacerts -file microsftcert.cer -keystore truststore.jks -storepass password keytool -importcert -alias IIS-2 -trustcacerts -file microsftcertRoot.cer -keystore truststore.jks -storepass password keytool -importcert -alias IIS-3 -trustcacerts -file microsftcertIntermediate.cer -keystore truststore.jks -storepass password In the above we created a new JKS key store. You can re-use an existing one by changing the name of the JKS file to one you already have and change the password to the one that matches that JKS file. For the DemoTrust.jks  that is included with WebLogic the password is DemoTrustKeyStorePassPhrase. An example here would be: keytool -importcert -alias IIS-1 -trustcacerts -file microsoft.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase keytool -importcert -alias IIS-2 -trustcacerts -file microsoftRoot.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase keytool -importcert -alias IIS-2 -trustcacerts -file microsoftInter.cer -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase Whichever keystore you use, you can check your work with: keytool -list -keystore truststore.jks -storepass password Where “truststore.jks” and “password” can be replaced appropriately if necessary. The output will look something like this: Figure 8: Output from keytool -list -keystore Update the WebLogic Keystore Configuration If you used an existing keystore rather than creating a new one, you can restart your WebLogic Server and skip the rest of this section. For those of us who created a new one because that is the instructions we found online… Next, we need to tell WebLogic to use the JKS file (truststore.jks) we just created. Log in to the WebLogic Server Administration Console and navigate to Servers > AdminServer > Configuration > Keystores. Scroll down to “Custom Trust Keystore:” and change the value to “truststore.jks” and the value of “Custom Trust Keystore Passphrase:” and “Confirm Custom Trust Keystore Passphrase:” to the password you used when earlier, then save your changes. You will get a nice message similar to the following: Figure 9: To Be Safe, Restart Anyways The “No restarts are necessary” is somewhat of an exaggeration. If you want to be able to use the keystore you may need restart the server(s). To save myself aggravation, I always do. Your mileage may vary. Conclusion That should get you there. If there are some erroneous steps included for your situation in particular, I will offer up a semi-apology as the process described above does not take long at all and if there is one step that could be dropped from it, is still much faster than trying to figure this out from other sources.

    Read the article

  • java keytool question

    - by user384706
    Hi, I created a java keystore programmatically of type jks (i.e. default type). It is initially empty so I created a DSA certificate. keytool -genkey -alias myCert -v -keystore trivial.keystore How can I see the public and private keys? I.e. is there a command that prints the private key of my certificate? I could only find keytool -certreq which in my understanding prints the certificate as a whole: -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl -----END NEW CERTIFICATE REQUEST----- I assume this is the whole certificate. How can I see private (or public key) via keytool? Thank you

    Read the article

  • java.io.FileNotFoundException (The system cannot find the path specified)

    - by xenom
    I get this exception when I want to open a keystore java.io.FileNotFoundException: \resources\keystore (The system cannot find the path specified) Basically my application is like src/ client.java server.java resources/ keystore truststore And the faulty code : System.setProperty("javax.net.ssl.keyStore","/resources/keystore"); System.setProperty("javax.net.ssl.keyStorePassword", "ebanking"); I also tried ./resources/keystore, resources/keystore, \\resources\\keystore etc.. My application is supposed to work in an executable jar so no absolute path technique please.

    Read the article

  • How can I persist certificates in Java's cacerts?

    - by Alan Spark
    We need to have a certificate in Java's cacerts keystore for one of our servers that is authenticated by LDAP. We are using Ubuntu server. We have successfully done this by updating the cacerts file in /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/security but occasionally a Java update is installed and the cacerts file seems to be getting replaced by a default one that doesn't contain our changes. This doesn't happen very often but it is becoming a bit of a pain when it does happen. Is there a better way of adding things to cacerts so that they don't get lost when a Java update happens? Thanks, Alan

    Read the article

  • RSA C# Encrypt Java Decrypt

    - by user353030
    Hi guys, In my program (server side - Java) I've created keystore file, with command: keytool -genkey -alias myalias -keyalg RSA -validity 10000 -keystore my.keystore and exported related X509 certificate with: keytool -export -alias myalias -file cert.cer -keystore my.keystore After I saved cert.cer on client side (C#) and I write this code: X509Certificate2 x509 = new X509Certificate2(); byte[] rawData = ReadFile("mycert.cer"); x509.Import(rawData); RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PublicKey.Key; byte[] plainbytes = System.Text.Encoding.ASCII.GetBytes("My Secret"); byte[] cipherbytes = rsa.Encrypt(plainbytes, true); String cipherHex = convertToHex(cipherContent); byte[] byteArray = encoding.GetBytes(cipherHex); .... I write this Java code on server side: keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(new FileInputStream("C:\\my.keystore"), "mypass".toCharArray()); Key key = keyStore.getKey("myalias", "mypass".toCharArray()); if (key instanceof PrivateKey) { Certificate cert = keyStore.getCertificate("myalias"); PublicKey pubKey = cert.getPublicKey(); privKey = (PrivateKey)key; } byte[] toDecodeBytes = new BigInteger(encodeMessageHex, 16).toByteArray(); Cipher decCipher = Cipher.getInstance("RSA"); decCipher.init(Cipher.DECRYPT_MODE, privKey); byte[] decodeMessageBytes = decCipher.doFinal(toDecodeBytes); String decodeMessageString = new String(decodeMessageBytes); I receive this error: javax.crypto.BadPaddingException: Data must start with zero Can you help me, please? Thanks thanks,

    Read the article

  • How to access the FirstData web service integration WSDL file?

    - by rcampbell
    FirstData has horrendous customer support, but I have to integrate with their Global Gateway web service for a project I'm working on. I'm simply trying to run the Axis2 wsdl2java tool according to the instructions in their manual. This basically consists of adding the keyStore and keyStorePassword JVM parameter. I've done both, but I continue to get Connection reset errors when trying to run: wsdl2java.bat -uri https://www.staging.linkpointcentral.com/fdggwsapi/order.wsdl -S C:\ When I try to access the URL with my browser, I get Error 101 (net::ERR_CONNECTION_RESET): Unknown error. I assume there are developers out there who have completed a FirstData web service integration. What am I doing wrong? I've also tried connecting via cURL: C:\curl-7.19.7-ssl-sspi-zlib-static-bin-w32>curl --cert C:\FDGGWS\WSXXXXXXXXXX._.1.pem --key C:\FDGGWS\WSXXXXXXXXXX._.1.key --insecure https://www.staging.linkpointcentral.com/fdggwsapi/order.wsdl Enter PEM pass phrase: curl: (52) SSL read: error:00000000:lib(0):func(0):reason(0), errno 10054 I know I'm entering the correct key password because when I enter a fake one I get: curl: (58) unable to set private key file: 'C:\FDGGWS\WSXXXXXXXXXX._.1.key' type PEM

    Read the article

  • How to generate, sign and import SSL certificate from Java

    - by Demiurg
    I need to generate a self signed certificates at run time, sign them and import to the Java keystore. I can do this using "keytool" and "openssl" from command line in the following way: keytool -import -alias root -keystore keystore.txt -file cacert.pem keytool -genkey -keyalg RSA -keysize 1024 -alias www.cia.gov -keystore keystore.txt keytool -keystore keystore.txt -certreq -alias www.cia.gov -file req.pem openssl x509 -req -days 3650 -in req.pem -CA cacert.pem -CAkey cakey.pem -CAcreateserial -out reqsigned.pem keytool -import -alias www.cia.gov -keystore keystore.txt -trustcacerts -file reqsigned.pem I can, of course, ship my application with keytool and openssl binaries and execute the above commands from Java, but I'm looking for a cleaner approach which would allow me to do all of the above using pure Java. Any libraries I can use ?

    Read the article

  • Keystore in PKCS12 format seems empty to keytool, but is read by Firefox?!

    - by hjh
    I have a problem with a keystore in pkcs12 format, which contains a private key I need to use to authenticate myself (using mutual authentication) to a remote SSL server. The keystore file can be read perfectly fine by Firefox, and when used, I can access the remote server without problems. However, my Java program does not work with the keystore file. And if I use keytool to list keys inside the file, it seems empty -- while it is clearly not! How can I get Java/keytool to see the private key inside the keystore?

    Read the article

  • How to Convert a PFX Certificate into a JKS Certificate to configure it on WebLogic

    - by adejuanc
    To convert a pfx cert file to a jks file, please follow these instructions: 1. Set up the environment for the domain, by executing the setDomainEnv.sh script, typically located at $DOMAIN_HOME/bin. $ . ./setDomainEnv.sh 2. Use OpenSSL to check the pfx certificate's content. $ openssl pkcs12 -in <certificate.pfx> -out KEYSTORE.pem -nodesAt this point, a password for the pfx file will be requested. Expected output: $ openssl pkcs12 -in <certificate.pfx> -out KEYSTORE.pem -nodesEnter Import Password:MAC verified OK3. Open KEYSTORE.pem file, from step 2. This should look similar to this:You will find three certificates on it and the private key: Bag Attributes Microsoft Local Key set: <No Values> localKeyID: 01 00 00 00 friendlyName: le-36c42c6e-ec49-413c-891e-591f7e3dd306 Microsoft CSP Name: Microsoft RSA SChannel Cryptographic ProviderKey Attributes X509v3 Key Usage: 10-----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEAtPwoO3eOwSyOapzZgcDnQOH27cOaaejHtNh921Pd+U4N+dlm...EDITING...R5rsB00Yk1/2W9UqD9Nn7cDuMdilS8g9CUqnnSlDkSG0AX67auKUAcI=-----END RSA PRIVATE KEY-----Bag Attributes localKeyID: 01 00 00 00 friendlyName: *.something.comsubject=/serialNumber=sj6QjpTjKcpQGZ9QqWO-pFvsakS1t8MV/C=US/ST=Missouri/L=CHESTERFIELD/O=Oracle_Corp, Inc./OU=Oracle/CN=*.something.comissuer=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CA-----BEGIN CERTIFICATE-----MIIErzCCA5egAwIBAgIDAIH6MA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAlVT...EDITING...wA5JxaU55teoWkuiAaYRQpuLepJfzw+qMk5i5FpMRbVMMfkcBusGtdW5OrAoYDL94rgR-----END CERTIFICATE-----Bag Attributes friendlyName: GeoTrust Global CAsubject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA-----BEGIN CERTIFICATE-----MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT...EDITING...5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==-----END CERTIFICATE-----Bag Attributes: <Empty Attributes>subject=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA-----BEGIN CERTIFICATE-----MIID2TCCAsGgAwIBAgIDAjbQMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT...EDITING...TpnKXKBuervdo5AaRTPvvz7SBMS24CqFZUE+ENQ=-----END CERTIFICATE-----4. Identify and store contents from KEYSTORE.pem certificate, to proceed and create jks files:At this point, you will find three certificates on KEYSTORE.pem and the private key. 4.1 Private Key.To identify the private key, look for the following headings: -----BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY-----Both above mentioned tags will be surrounded the private key. Go ahead and save the content of it into a file called: my_key_pk.pem. This has to include the headings. Expected file: -----BEGIN RSA PRIVATE KEY-----MIIEpQIBAAKCAQEAtPwoO3eOwSyOapzZgcDnQOH27cOaaejHtNh921Pd+U4N+dlm...EDIT...Y4ZrW12PRa9/EOBGTG5teKAEada/K4yKReTyQQAGq6j5RjErmuuKkKgPGMSCjvMSR5rsB00Yk1/2W9UqD9Nn7cDuMdilS8g9CUqnnSlDkSG0AX67auKUAcI=-----END RSA PRIVATE KEY-----4.2 Root Certificate.To identify the Root Certificate, look for the following headings: subject=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA issuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Subject and issuer must be the same. Go ahead and save the content of it into a file called: my_key_root.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included.4.3 Intermediate Certificate.To identify an Intermediate Certificate, look for the following heading: subject=/C=US/O=GeoTrust, Inc./CN=GeoTrust SSL CAissuer=/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA Subject and issuer are different only on the CN. Go ahead and save the content of it into a file called: my_key_intermediate.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included. NOTE: This certificate is optional and there are some cases where it'll not be present. If this is the case, go ahead and skip this step. In any other case, this needs to be added to the identity keystore jks file. 4.4 Server Certificate. To identify a Server Certificate, look for the following heading: friendlyName: some.thing.comsubject=/serialNumber=sj6QjpTjKcpQGZ9QqWO-pFvsakS1t8MV/C=US/ST=Missouri/L=CHESTERFIELD/O=Oracle_Corp, Inc./OU=Oracle/CN=some.thing.com        A server certificate includes a heading called Friendly Name. Go ahead and save the content of it into a file called: my_key_crt.pem. Include all the content from BEGIN CERTIFICATE TO END CERTIFICATE, both included.5. Create a Trust Keystore and import the Root certificate into it. $ keytool -import -trustcacerts -file my_key_root.pem -alias my_key_root -keystore my_key_trust.jks -storepass <store_pass> -keypass <key_pass>Expected Output: Certificate already exists in system-wide CA keystore under alias <geotrustglobalca> Do you still want to add it to your own keystore? [no]: yes Certificate was added to keystore6. Generate an Identity Keystore and import Server into it. $java utils.ImportPrivateKey -keystore my_key_identity.jks -storepass <store_pass> -storetype JKS -keypass <key_pass> -alias server_identity -certfile my_key_crt.pem -keyfile my_key_pk.pem -keyfilepass <pfx_password> With these instructions, two jks files will be produced: my_key_identity.jks my_key_trust.jks With both files, the next step is to configure Custom Identity and Custom Trust on WebLogic Server.

    Read the article

  • What Java tools/apis to use for decrypting/encrypting

    - by Java_bear
    I am trying to decrypt (and later encrypt) an email message (ebXML). The message contains a Signature element that contains child elements to specify the SignedInfo, SignatureValue and KeyInfo. Also, the message contains an encrypted attachment. Question: What Java tools/apis should be used for decrypting? I would like to find some tool/api that would (automagically) instantiate objects based on whatever is included with the Signature element, so that the data (message) could be easily validated. And the other way around: Creating objects (specifying methods, signature value and keyinfo) and then outputting the xml to go into the message.

    Read the article

  • Using an empty keystore password used to be possible?

    - by TomTasche
    When signing an apk after a long break from Android development I was surprised that I'm no longer able to enter an empty keystore password to unlock it. Is it just me or has this been possible before? If so, when did that change and how can I manage to unlock the keystore anyway? Some background: maybe I'm just crazy and didn't use an empty password for the keystore before, but the one and only possible password that I could have been using instead doesn't work either (I swear, there's no chance I'd have used another password!).

    Read the article

  • Enable SSL with Jetty 8

    - by Jerec TheSith
    I received certificates from GoDaddy an I'm trying to enable SSL with Jetty but receive an error 107 SSL protocol error when connecting to https://server.com:8443 I generated the keystore using these commands : keytool -keystore keystore -import -alias gd_bundle -trustcacerts -file gd_bundle.crt keytool -keystore keystore -import -alias server.com -trustcacerts -file server.com.crt and placed it in /opt/jetty/etc/ And used the following configuration in jetty.xml : <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector"> <Arg> <New class="org.eclipse.jetty.http.ssl.SslContextFactory"> <Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> <Set name="keyStorePassword">**password1**</Set> <Set name="keyManagerPassword">**password1**</Set> <Set name="trustStore"><SystemProperty name="jetty.home" default="."/>/etc/keystore</Set> <Set name="trustStorePassword">**password1**</Set> </New> </Arg> <Set name="port">8443</Set> <Set name="maxIdleTime">30000</Set> <Set name="Acceptors">2</Set> <Set name="statsOn">false</Set> <Set name="lowResourcesConnections">20000</Set> <Set name="lowResourcesMaxIdleTime">5000</Set> </New> </Arg> </Call> Am I missing something in jetty's configuration ?

    Read the article

  • Java Access Token PKCS11 Not found Provider

    - by oracleruiz
    Hello I'm trying to access the keystore from my smartcard in Java. And I'm using the following code.. I'm using the Pkcs11 implementation of OpenSc http://www.opensc-project.org/opensc File windows.cnf = name=dnie library=C:\WINDOWS\system32\opensc-pkcs11.dll Java Code = String configName = "windows.cnf" String PIN = "####"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-dnie"); =)(= char[] pin = PIN.toCharArray(); keyStore.load(null, pin); When the execution goes by the line with =)(= throws me the following exeption java.security.KeyStoreException: PKCS11 not found at java.security.KeyStore.getInstance(KeyStore.java:635) at ObtenerDatos.LeerDatos(ObtenerDatos.java:52) at ObtenerDatos.obtenerNombre(ObtenerDatos.java:19) at main.main(main.java:27) Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-dnie at sun.security.jca.GetInstance.getService(GetInstance.java:70) at sun.security.jca.GetInstance.getInstance(GetInstance.java:190) at java.security.Security.getImpl(Security.java:662) at java.security.KeyStore.getInstance(KeyStore.java:632) I think the problem is "SunPKCS11-dnie", but I don't know to put there. I had tried with a lot of combinations... Anyone can help me...

    Read the article

  • Is there a FAST way to export and install an app on my phone, while signing it with my own keystore?

    - by Alexei Andreev
    So, I've downloaded my own application from the market and installed it on my phone. Now, I am trying to install a temporary new version from Eclipse, but here is the message I get: Re-installation failed due to different application signatures. You must perform a full uninstall of the application. WARNING: This will remove the application data! Please execute 'adb uninstall com.applicationName' in a shell. Launch canceled! Now, I really really don't want to uninstall the application, because I will lose all my data. One solution I found is to Export my application, creating new .apk, and then install it via HTC Sync (probably a different program based on what phone you have). The problem is this takes a long time to do, since I need to enter the password for the keystore each time and then wait for HTC Sync. It's a pain in the ass! So the question is: Is there a way to make Eclipse automatically use my keystore to sign the application (quickly and automatically)? Or perhaps to replace debug keystore with my own? Or perhaps just tell it to remember the password, so I don't have to enter it every time...? Or some other way to solve this problem?

    Read the article

  • verisign certificate into jboss server SSL

    - by rfders
    Hi all, i'm trying to enable jboss to uses ssl protocol using a previously generated certificate from verisign, i imported both certificate, server certificate and ca certificate into the keytore file, and i configured the server.xml to use that keystore and activate ssl protocol, then when i run the jboss, I got this error "certificate or key corresponds to the SSL cipher suites which are enabled" Question, reading some post on internet, i found that every example was made it generating a Certificate Request, it stricly necesary to do that if i already have the server certificate and that CSR has to be imported into the keystore as well ? at this point i'm very confused about this issue, i tried almost every solutions posted in several forums but till now i haven't any luck !! can you give me some tips in order to solve this problem. thanks in advance this are my keystore file: Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries j2ee, Dec 29, 2009, trustedCertEntry, Certificate fingerprint (MD5): 69:CC:2D:2A:2D:EF:C4:DB:A2:26:35:57:06:29:7D:4C ugent, Dec 29, 2009, trustedCertEntry, Certificate fingerprint (MD5): AC:D8:0E:A2:7B:B7:2C:E7:00:DC:22:72:4A:5F:1E:92 and my server.xml configuration:

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7  | Next Page >