|
»
Problem with certificates
|
View:
New views
20 Messages
—
Rating Filter:
Alert me
|
| < Prev | 1 - 2 | Next > |
 |
Problem with certificates
by metro-3
::
Rate this Message:
I need to import into the glassfish certificates with public and private keys, i try to use the keytool.exe but i can't to import the private keys into the glassfish store.
Anybody can tell me how i import the certificates with both keys. I need that to use in a interop scenario between .NET and Netbeans. Thanks. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=349581 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by kumarjayanti
::
Rate this Message:
metro@... wrote:
You can use openssl, you can also use the following :I need to import into the glassfish certificates with public and private keys, i try to use the keytool.exe but i can't to import the private keys into the glassfish store. Anybody can tell me how i import the certificates with both keys. I need that to use in a interop scenario between .NET and Netbeans.
Thanks. Thanks. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=349581 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I use the software "Portecle" to manage mys certificates.
[Message sent by forum member 'jferrandi' (jferrandi)] http://forums.java.net/jive/thread.jspa?messageID=349701 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I try to interop between NetBeans and .NET. I have working a client in .NET and a STS, the client consume a service created in NetBeans. I fix a problem with the SHA1thumprint as explain in the next link
http://forums.java.net/jive/message.jspa?messageID=346503#346503 But now i try to build the other scenario (STS, client using Metro, service .NET) and i have a problem in the token receive in the service for validation (created in the STS). I looking for the problem and i assume i have a problem with the certificates. But i have the same problem that i have in the other side, i recieve SHA1thumprint in the message incoming from the STS in .NET, but when i use a STS in Java i recieve X509SubjectKeyIdentifier. Here is the error display by .NET when i try to use the service provide by Metro: (message translated from spanish.. sorry) System.ServiceModel.Security.MessageSecurityException: Message Security Verification Failed. ---> System.IdentityModel.Tokens.SecurityTokenException: The identifier SecurityKeyIdentifier that was found in the element SamlSubject can not be resolved in a SecurityToken. SecurityTokenResolver must contain an element SecurityToken ID SecurityKeyIdentifier to carry out the resolution. Thanks for the help. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=350598 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I try to import in the glassfish keystore using the import tool a certificate created using Certificate Service from windows 2003 (certificates with SKI). But if i use the certificate in a example working with the wssip certificate it fails (i try to sustitute the wssip for the new certificate).
Can anyone help me with that problem. Thanks. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=352213 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Have you imported the STS certificate in the service key/trust store?
[Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=352390 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
and have you imported the service certificate to the STS trust store
and setting the certAlias for the <tc:ServiceProvider for the .Net service? [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=352392 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Check this blog entry for more information:
http://blogs.sun.com/trustjdg/entry/managing_multiple_services_with_metro Thanks! Jiandong [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=352395 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I install a certificate with private/public key in the keystore and truststore in the glassfish. I change the configuration in the STS from default to de alias of the certificate.
the configuration in the xml of the STS is the next: <tc:ServiceProvider endpoint="http://localhost:8081/ShopI/ShopService"> <tc:CertAlias>certificado</tc:CertAlias> <tc:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</tc:TokenType> </tc:ServiceProvider> It seems like the STS tries to verify the CA, but the certificate was created by the Certificate Service tool (Windows 2003) for testing propose. If that is the case, i need to skip the CA verification. I can't found how i do that. When i invoke the service i receive the next error from the glassfish java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250) at com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.validateCertificate(WSITProviderSecurityEnvironment.java:1003) at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.processKeyInfo(KeyInfoProcessor.java:227) at com.sun.xml.ws.security.opt.impl.incoming.processor.KeyInfoProcessor.getKey(KeyInfoProcessor.java:127) at com.sun.xml.ws.security.opt.impl.incoming.Signature.process(Signature.java:274) at com.sun.xml.ws.security.opt.impl.incoming.Signature.process(Signature.java:346) at com.sun.xml.ws.security.opt.impl.incoming.SAMLAssertion.process(SAMLAssertion.java:323) at com.sun.xml.ws.security.opt.impl.incoming.SAMLAssertion.<init>(SAMLAssertion.java:126) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.handleSecurityHeader(SecurityRecipient.java:496) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.cacheHeaders(SecurityRecipient.java:281) at com.sun.xml.ws.security.opt.impl.incoming.SecurityRecipient.validateMessage(SecurityRecipient.java:223) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.verifyInboundMessage(WSITServerAuthContext.java:533) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:318) at com.sun.xml.wss.provider.wsit.WSITServerAuthContext.validateRequest(WSITServerAuthContext.java:231) at com.sun.enterprise.webservice.CommonServerSecurityPipe.processRequest(CommonServerSecurityPipe.java:168) at com.sun.enterprise.webservice.CommonServerSecurityPipe.process(CommonServerSecurityPipe.java:129) at com.sun.xml.ws.api.pipe.helper.PipeAdapter.processRequest(PipeAdapter.java:115) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:629) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:588) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:573) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:470) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:269) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:471) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:244) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:135) at com.sun.enterprise.webservice.JAXWSServlet.doPost(JAXWSServlet.java:176) at javax.servlet.http.HttpServlet.service(HttpServlet.java:738) at javax.servlet.http.HttpServlet.service(HttpServlet.java:831) at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:290) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632) at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568) at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813) at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341) at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263) at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214) at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265) at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106) [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=352422 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Get the CA cert for your Certificate Service and import it to the GF trust store (cacerts.jks).
[Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=352439 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I forgot something else...
I have two service providers in the STS configuration. One is for the service of .NET and the other for the service of Metro. The Metro service works fine. However the .NET service still have a problem with the certificate, because occurs the same exception as previously described in this thread. "System.ServiceModel.Security.MessageSecurityException: Message Security Verification Failed." What else can be missing? I need another change to work with .NET service? Thanks. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=352819 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
1. Can you provide the request message from the client to the service?
2. Is the certificate specified in <tc:ServiceProvider endpoint="http://localhost:8081/ShopI/ShopService"> <tc:CertAlias>certificado</tc:CertAlias> <tc:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 (sina.com)</tc:TokenType> </tc:ServiceProvider> the one for the service? Thanks! Jiandong [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=352843 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Does your cert support SubjectKeyIdentifier? I am wondering if you hit this issue:
https://wsit.dev.java.net/issues/show_bug.cgi?id=1162 [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=353213 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I look in the request from the client to the server for the value descripted in the issue, and the keyinfo have information. I attach the request from the client to the server and the response of that.
Thanks for all. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=353238 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I don't find the problem yet but, i modify the attach in the previous post with the client request to the service provide by .NET.
Thanks [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=354006 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Again, is the cert as specified here:
<tc:ServiceProvider endpoint="http://localhost:8081/ShopI/ShopService"> <tc:CertAlias>certificado</tc:CertAlias> <tc:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1 (sina.com) (sina.com)</tc:TokenType> </tc:ServiceProvider> the cert for the service: is it available in the service key store (.Net)? [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=354521 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
> Again, is the cert as specified here:
> > <tc:ServiceProvider > endpoint="http://localhost:8081/ShopI/ShopService"> > <tc:CertAlias>certificado</tc:CertAlias> > <tc:TokenType>http://docs.oasis-open.org/wss/oasis-wss > -saml-token-profile-1.1#SAMLV1.1 (sina.com) > (sina.com)</tc:TokenType> > </tc:ServiceProvider> > > the cert for the service: is it available in the > service key store (.Net)? Also the private key for the cert. [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=354522 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
I have imported the cert using by .NET in the keystore and trustore in glassfish. When i import the cert (a .pfx file) i put the alias of the cert as "certificado".
In .NET "certificado" is the friendly name and the CN is administrator. I have the private key and the cert is avaiable in the service keystore in .NET. Thanks. [Message sent by forum member 'matrix2' (matrix2)] http://forums.java.net/jive/thread.jspa?messageID=354555 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
Have you resolved this problem?
It is likely an issue on the .Net side. Have you tried the forum there. Is this helpful: http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/da7019df-27aa-427a-acdb-8fdeaa1859fa [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=357488 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
|
|
Re: Problem with certificates
by metro-3
::
Rate this Message:
The other way is to customize the Metro STS token provider to reference
the service certificate in the SAML assertion with SHA1thumprint. [Message sent by forum member 'jdg6688' (jdg6688)] http://forums.java.net/jive/thread.jspa?messageID=357490 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@... For additional commands, e-mail: users-help@... |
| < Prev | 1 - 2 | Next > |
| Free embeddable forum powered by Nabble | Forum Help |
