I am using command line tool "keytool" to create a key pair in softhsm.
I have added security.provider in java.security.
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
security.provider.11=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/pkcs11.cfg
and My pkcs11.cfg looks like
name = SoftHSM v2
library = C:/SoftHSM2/lib/softhsm2-x64.dll
slot = 0
While running
keytool.exe -keystore NONE -storetype PKCS11 -list
I am getting the error
keytool error: java.security.KeyStoreException: PKCS11 not found.
Can you please help?
Related
Hashi Vault: Attempting to set a PEM-encoded certificate and private key bundle, using the pki/config/ca endpoint. The bundle.pem is a concatenation of the ca and private key. The following is the command and output
vault write pki2/config/ca pem_bundle=#bundle.pem
What is the proper format for the pem_bundle?
Resolution attempted
1. Removed all blank lines in the bundle.pem
2. Also tried to convert pem files to a string that can be passed in json
awk 'NF {sub(/\r/, ""); printf "%s\n",$0;}' cert-name.pem
3. Also tried the UI as well as the api interface.
4. Reviewed similar items on github regarding 'no data found in PEM block'; did not resolve issue.
vault write pki2/config/ca pem_bundle=#bundle.pem
I expect the output to be:
Success! Data written to: pki/config/ca
The actual results are
PUT http://127.0.0.1:8200/v1/pki2/config/ca
Code: 400. Errors: * no data found in PEM block
After further research, there is an issue with the private key formatting.
The private key needs to be changed from pkcs8 to pkcs1
openssl rsa -in pkcs8.key -out pkcs1.key -outform pem
Then recreate bundle using the pkcs1 formatted private key.
Then the following command is successful.
vault write pki2/config/ca pem_bundle=#bundle.pem
I am trying to load SSL certificate from java keystore to db2 dbm.
I did below steps:
Step 1: List certificates in truststore
$ keytool -list -v -keystore db-truststore
Enter keystore password:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: caintermediate
Creation date: May 24, 2018
Entry type: trustedCertEntry
...
...
Alias name: carootcert
Creation date: May 24, 2018
Entry type: trustedCertEntry
Step 2: Exported these certificates to files
keytool -export -alias carootcert -keystore db-truststore -file rootcert.pem
Enter keystore password:
Certificate stored in file <rootcert.pem>
keytool -export -alias caintermediate -keystore db-truststore -file intermediatecert.pem
Enter keystore password:
Certificate stored in file <intermediatecert.pem>
Step 3: created key database:
gsk8capicmd_64 -keydb -create -db "dbclient.kdb" -pw "passw0rd" -stash
Step 4: Added certificate files to key database
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label carootcert -file rootcert.pem
gsk8capicmd_64 -cert -add -db /full-path/dbclient.kdb -pw passw0rd -label caintermediate -file intermediatecert.pem
Step 5: Added catalog:
db2 => catalog TCPIP NODE phdbdev REMOTE bldbz173038.cloud.dst.ibm.com SERVER 60443 SECURITY SSL
DB20000I The CATALOG TCPIP NODE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
db2 => catalog DATABASE phdbdev AT NODE phdbdev AUTHENTICATION SERVER
DB20000I The CATALOG DATABASE command completed successfully.
DB21056W Directory changes may not be effective until the directory cache is
refreshed.
Step 6: Updated gdm
db2 update dbm cfg using SSL_CLNT_KEYDB /full-path/dbclient.kdb
SQL5133N The configuration parameter was not updated because the specified
value is not valid. Specified value: "0". Configuration parameter name:
"fcm_buffer_size".
Further investigation as suggested:
$ db2level
DB21085I This instance or install (instance name, where applicable: "vizeet")
uses "64" bits and DB2 code release "SQL11010" with level identifier
"0201010F".
Informational tokens are "DB2 v11.1.0.0", "s1606081100", "DYN1606081100AMD64",
and Fix Pack "0".
Product is installed at "/home/vizeet/sqllib".
$ db2 get dbm cfg | grep 'Node type'
Node type = Enterprise Server Edition with local and remote clients
$ db2 get dbm cfg | grep FCM
Number of FCM buffers (FCM_NUM_BUFFERS) = AUTOMATIC(4096)
FCM buffer size (FCM_BUFFER_SIZE) = 0
Number of FCM channels (FCM_NUM_CHANNELS) = AUTOMATIC(2048)
FCM parallelism (FCM_PARALLELISM) = AUTOMATIC(1)
db-truststore works properly with db2 drivers.
Unable to resolve this issue. Kindly help.
I need to access some XML from the internet using MATLAB, and to get it I need to download the security certificate from the website manually and use the following function with the downloaded certificate;
% Title: inportcert
% Author: MathWorks Support Team
% Code Version: 1.0
% Type: MATLAB soruce code https://www.mathworks.com/matlabcentral/answers/uploaded_files/1142/importcert.m
function importcert(filename)
if (nargin == 0)
% If no certificate specified show open file dialog to select
[filename,path] = uigetfile({'*.cer;*.crt','Certificates
(*.cer,*.crt)'},'Select Certificate');
if (filename==0), return, end
filename = fullfile(path,filename);
end
% Determine Java keytool location and cacerts location
keytool = fullfile(matlabroot,'sys','java','jre',computer('arch'),'jre','bin','keytool');
cacerts = fullfile(matlabroot,'sys','java','jre',computer('arch'),'jre','lib','security','cacerts');
% Create backup of cacerts
if (~exist([cacerts '.org'],'file'))
% copyfile(cacerts,[cacerts '.org'])
end
% Construct and execute keytool
command = sprintf('"%s" -import -file "%s" -keystore "%s" -storepass
changeit -noprompt',keytool,filename,cacerts);
dos(command);
which will allow me to use the following command;
xmlread('https://finds.org.uk/database/images/index/format/xml');
These certificates expire and I would not be able to manually change the certificates at that point so I was wondering if;
A) Can I automatically download the certificate using MATLAB instead of doing it manually
B) Just ignore the certificate completely, security isn't an issue.
C) Preferably do A or B without the need for Admin rights
NOTE: It seems that you need to go through this process if you're using a Windows-based system, using MacOSX or Linux you will not need to import the certificates and can access the page without getting an SSL Handshake error.
I am using facebook login integration in my react-native app. Getting invalid hash key error with release key but debug key hash is working fine.
Environment :
"react": "16.0.0"
"react-native": "0.50.4"
"react-native-fbsdk": "^0.7.0"
You have to copy the Hash key of the error, than go to facebook for developer page, select your app, than go to Settings > General and enter the Hask key on the Hash key section. If you test it your Android emulator run this command: keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64, copy the hash key and paste it also on your settings.
Have you tried add new key to FB app ? ( https://developers.facebook.com/apps/ )
I need to use a AsyncHttpClient in my play application to make POST() call on https protocol. I am using play 2.2.x version.
I tried #Esfand's code mentioned in below question's first answer but it is failing for java.io.FileNotFoundException.
How to use Play WS with SSL?
Here is what I did :
1) I used keytool command to generate keyStore on my C drive .. something like this
keytool -import -trustcacerts -alias mypublickey -file "" -keystore "c:\mypublicstore.jks”
It stores file on C drive with name mypublicstore.jks" (note the double quotes at the end)
2) Then I am using following code to read that
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream inputStream = new FileInputStream("C:\\mypublicstore.jks\"");
String certPass = Play.application().configuration().getString("certificate.password");
keyStore.load(inputStream, certPass.toCharArray());
keyManagerFactory.init(keyStore, certPass.toCharArray());
But it is failing at line 3 of the code. It can not find the file on the system. I tried reading another file on the same location and it works fine then why it can not read jks" type of file? Am I doing something wrong here?
In FileInputStream I should give keystore path or certificate path?
Thanks for your help in advance.
I found out that AHC can not be used with play 2.2.x version. I need to upgrade to 2.3.x version.