Menu
▾
▴
Re: [skce-help] Enquiry about the SKCE
|
From: StrongKey C. H. <skc...@li...> - 2012-12-10 10:33:33
|
Hi Jyothsna ,
Good to see your mail here and for your valuable
information. sorry for the late reply. I am sure that i have configured
glass fish server and imported certificate for application properly as
specified in documentation link, and i did restarted glass fish server too
again same Error. Even with https or http i am facing the same issue. what
could be the mistake, i am unaware of it please suggest me.
On Fri, Dec 7, 2012 at 1:27 AM, Jyothsna Padavala <
jyo...@st...> wrote:
> Hi Pawan,
>
> My name is Jyothsna, an engineer from StrongAuth. I will be helping you
> further with the issues you have working with CryptoEngine.
>
> Regarding the problem you are facing, here are few recommendations.
>
> 1) Make sure you have generated a certificate for cryptoengine and added
> the same to glassfish application server on which cryptoengine is deployed.
> http://www.cryptoengine.org/**skce-docs/42-subinstall/96-**
> install-glassfish31.html<http://www.cryptoengine.org/skce-docs/42-subinstall/96-install-glassfish31.html>
>
> A glassfish restart is needed after this step.
>
> 2) Make sure you have imported the same certificate from the browser and
> add it to the JVM you are using while running javaclient.jar. If you have
> multiple java installations on your machine, make sure you specify the full
> java install path while running javaclient.jar
>
> "C:\Program Files\Java\jdk1.7.0_07\bin\**java.exe" -jar javaClient.jar
>
> 3) Using SSL; You have to use hostname instead of ip address. This is
> because the certificate you have generated in step 1 is tied to the
> hostname and might do a comparison while establishing SSL handshake.
>
> 4) If you are okay with a non-secure communication (using http:// instead
> of https://); using ip address is fine and the port number is 8080 by
> default.
>
> Let me know if these inputs help; I will be happy to help you further.
> Appreciate your efforts in trying CryptoEngine.
>
>
> Please make sure you copy emails to the below address which is the help
> forum for CryptoEngine.
>
> skc...@li....**net <skc...@li...>
>
>
>
> Regards,
>
> --
> Jyothsna Padavala
> Software Engineer
> StrongAuth, Inc.
> www.strongauth.com
>
>
>
>
> On 12/06/2012 07:57 AM, Arshad Noor wrote:
>
>> Can you please help Pawan with this, Jyothsna? Copy
>> skc...@li....**net <skc...@li...> in
>> your reply (you should
>> have added yourself to that distribution list on Sourceforge
>> prior to your reply - since you are a Moderator of the lists
>> now, you should be able to add yourself). Thanks.
>>
>> Arshad
>>
>> -------- Original Message --------
>> Subject: Re: Enquiry about the SKCE
>> Date: Thu, 6 Dec 2012 10:54:11 +0530
>> From: Pawan <pav...@gm...>
>> To: Arshad Noor <ars...@st...>
>>
>>
>>
>> Thank you Arshad, It's working for me, with this i have done whole
>> set-up experimentation with in my Desktop. When I do normal encrypt
>> operation using javaClient.jar i got the follow below error.
>> And When i do Browse
>> https://192.168.31.238:8181/**skce/SKCEWebService?wsdl<https://192.168.31.238:8181/skce/SKCEWebService?wsdl>, its working fine
>> and XML formatted tags rendered in browser. Here is the Explanation for
>> what i have done
>>
>> 1. Installed & configured OpenDS with Database file skce.ldif . OpenDS
>> is running.
>> 2. Installed & configured Glasssfish , and deployed skce.war
>> 3. Imported the CryptoEngine Certificate into JVM
>> 4. configured skce-configuration according my localhost
>> 5. configured skcews-configuration according my localhost
>> 6. configured jets3t-properties according Eucalyptus{Private}
>> 7.Deployed JavaClient.jar in netbeans , supplied proper arguments . run
>> the project
>>
>> Kindly advice me to overcome issue , any thing else i have missed please
>> let me know.
>>
>>
>> Note : instead of hostname , ip is working fine , due to organisation
>> constrains i can't use/alter proxy change configuration
>>
>>
>> javax.xml.ws.**WebServiceException: Failed to access the WSDL at:
>> https://192.168.31.238:8181/**skce/SKCEWebService?wsdl<https://192.168.31.238:8181/skce/SKCEWebService?wsdl>.
>> It failed with:
>> sun.security.validator.**ValidatorException: PKIX path building failed:
>> sun.security.provider.**certpath.**SunCertPathBuilderException: unable to
>> find valid certification path to requested target.
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.tryWithMex(**RuntimeWSDLParser.java:184)
>>
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.parse(**RuntimeWSDLParser.java:166)
>>
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.parse(**RuntimeWSDLParser.java:131)
>>
>> at
>> com.sun.xml.ws.client.**WSServiceDelegate.parseWSDL(**WSServiceDelegate.java:271)
>>
>> at
>> com.sun.xml.ws.client.**WSServiceDelegate.<init>(**WSServiceDelegate.java:234)
>>
>> at
>> com.sun.xml.ws.client.**WSServiceDelegate.<init>(**WSServiceDelegate.java:182)
>>
>> at
>> com.sun.xml.ws.spi.**ProviderImpl.**createServiceDelegate(**ProviderImpl.java:106)
>>
>> at javax.xml.ws.Service.<init>(**Service.java:56)
>> at com.strongauth.skcews.**SKCEWebService.<init>(**
>> SKCEWebService.java:81)
>> at com.strongauth.skce.**javaclient.Main.main(Main.**java:362)
>> Caused by: javax.net.ssl.**SSLHandshakeException:
>> sun.security.validator.**ValidatorException: PKIX path building failed:
>> sun.security.provider.**certpath.**SunCertPathBuilderException: unable to
>> find valid certification path to requested target
>> at com.sun.net.ssl.internal.ssl.**Alerts.getSSLException(Alerts.**
>> java:174)
>> at com.sun.net.ssl.internal.ssl.**SSLSocketImpl.fatal(**
>> SSLSocketImpl.java:1649)
>> at com.sun.net.ssl.internal.ssl.**Handshaker.fatalSE(Handshaker.**
>> java:241)
>> at com.sun.net.ssl.internal.ssl.**Handshaker.fatalSE(Handshaker.**
>> java:235)
>> at
>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**serverCertificate(**ClientHandshaker.java:1206)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**processMessage(**ClientHandshaker.java:136)
>>
>> at com.sun.net.ssl.internal.ssl.**Handshaker.processLoop(**
>> Handshaker.java:593)
>> at
>> com.sun.net.ssl.internal.ssl.**Handshaker.process_record(**Handshaker.java:529)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.readRecord(**SSLSocketImpl.java:893)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.**performInitialHandshake(**SSLSocketImpl.java:1138)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandshake(**SSLSocketImpl.java:1165)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**SSLSocketImpl.startHandshake(**SSLSocketImpl.java:1149)
>>
>> at sun.net.www.protocol.https.**HttpsClient.afterConnect(**
>> HttpsClient.java:434)
>> at
>> sun.net.www.protocol.https.**AbstractDelegateHttpsURLConnec**
>> tion.connect(**AbstractDelegateHttpsURLConnec**tion.java:166)
>> at
>> sun.net.www.protocol.http.**HttpURLConnection.**getInputStream(**HttpURLConnection.java:1177)
>>
>> at
>> sun.net.www.protocol.https.**HttpsURLConnectionImpl.**getInputStream(**
>> HttpsURLConnectionImpl.java:**234)
>> at java.net.URL.openStream(URL.**java:1010)
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.**createReader(**RuntimeWSDLParser.java:837)
>>
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.resolveWSDL(**RuntimeWSDLParser.java:294)
>>
>> at
>> com.sun.xml.ws.wsdl.parser.**RuntimeWSDLParser.parse(**RuntimeWSDLParser.java:151)
>>
>> ... 8 more
>> Caused by: sun.security.validator.**ValidatorException: PKIX path
>> building
>> failed: sun.security.provider.**certpath.**SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>> at sun.security.validator.**PKIXValidator.doBuild(**
>> PKIXValidator.java:323)
>> at
>> sun.security.validator.**PKIXValidator.engineValidate(**PKIXValidator.java:217)
>>
>> at sun.security.validator.**Validator.validate(Validator.**java:218)
>> at
>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.validate(**X509TrustManagerImpl.java:126)
>>
>> at
>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**checkServerTrusted(
>> **X509TrustManagerImpl.java:209)
>> at
>> com.sun.net.ssl.internal.ssl.**X509TrustManagerImpl.**checkServerTrusted(
>> **X509TrustManagerImpl.java:249)
>> at
>> com.sun.net.ssl.internal.ssl.**ClientHandshaker.**serverCertificate(**ClientHandshaker.java:1185)
>>
>> ... 23 more
>> Caused by: sun.security.provider.**certpath.**
>> SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>> at
>> sun.security.provider.**certpath.SunCertPathBuilder.**engineBuild(**SunCertPathBuilder.java:174)
>>
>> at java.security.cert.**CertPathBuilder.build(**CertPathBuilder.java:238)
>> at sun.security.validator.**PKIXValidator.doBuild(**
>> PKIXValidator.java:318)
>> ... 29 more
>> Java Result: 1
>>
>>
>>
>>
>> Thanks in Advance .
>>
>>
>>
>>
>> On Thu, Dec 6, 2012 at 8:24 AM, Arshad Noor <ars...@st...
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>
>> wrote:
>>
>> Yes, that is correct. Glassfish requires that the alias of the
>> certificate be "s1as" (it is the number one, not the letter L)
>> for the SSL port to become active.
>>
>> Arshad
>>
>> On 12/05/2012 03:36 AM, Pawan wrote:
>>
>> Hi Arshad Noor ,
>>
>> Here
>>
>> http://www.cryptoengine.org/__**skce-docs/42-subinstall/96-__**
>> install-glassfish31.html<http://www.cryptoengine.org/__skce-docs/42-subinstall/96-__install-glassfish31.html>
>>
>> <http://www.cryptoengine.org/**skce-docs/42-subinstall/96-**
>> install-glassfish31.html<http://www.cryptoengine.org/skce-docs/42-subinstall/96-install-glassfish31.html>>
>>
>> web age , step 3
>>
>> {
>> " Now we will back up the original certificate. Type the command
>> below
>> to do so. Also replace the required variables with the values
>> set up in
>> your environment.
>>
>> keytool -changealias -alias s1as -destalias s1as.original
>> -keystore
>> <Glassfish Home>/domains/domain1/config/_**_keystore.jks
>> -storepass changeit "
>>
>> }
>>
>>
>>
>> "slas" means alias name which is created in step 2 ??
>>
>>
>> Please suggest me.
>>
>>
>> Thanks & Regards
>> pawan.A
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Sat, Dec 1, 2012 at 5:50 AM, Arshad Noor
>> <ars...@st... <mailto:arshad.noor@**strongauth.com<ars...@st...>
>> >
>> <mailto:arshad.noor@__strongau**th.com <http://strongauth.com>
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>>
>> wrote:
>>
>> There is no additional documentation on the source code,
>> Pawan. The
>> expectation is that software developers have a sufficient
>> understanding
>> in Java to follow the code. If you have specific questions
>> on sections
>> of the code, feel free to highlight them in your e-mail
>> with specific
>> questions and we'll be happy to respond.
>>
>> The <https://<host:port> implies that you've setup the
>> CryptoEngine as
>> a web-service on your network (following the instructions
>> given at
>> http://www.cryptoengine.org/__**__skce-docs/37-skce-install.**
>> html <http://www.cryptoengine.org/____skce-docs/37-skce-install.html>
>> <http://www.cryptoengine.org/_**_skce-docs/37-skce-install.**html<http://www.cryptoengine.org/__skce-docs/37-skce-install.html>
>> >
>> <http://www.cryptoengine.org/_**_skce-docs/37-skce-install.**html<http://www.cryptoengine.org/__skce-docs/37-skce-install.html>
>> <http://www.cryptoengine.org/**skce-docs/37-skce-install.html<http://www.cryptoengine.org/skce-docs/37-skce-install.html>
>> **>__>__).
>>
>> Once you've setup the CryptoEngine as a web-service on your
>> network,
>> then you will specify the fully-qualified domain name and
>> the port
>> number of the server where the CryptoEngine web-service is
>> running
>> to test the JavaClient.jar program. That's what the
>> https://<host:port>
>> refers to.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> On 11/29/2012 10:48 PM, Pawan wrote:
>>
>> Hi Arshad Noor,
>>
>>
>>
>> Once again thank you for your
>> Information. I
>> made an
>> attempt to explore source of SKCE, but SKCE source
>> code a bit
>> complicated to understand a person new to SKCE like me.
>> I would
>> like to
>> request you Please provide any Documentation or
>> information
>> about source
>> code. And When we ran the jar file JavaClient.Jar
>> which takes a
>> bunch
>> of arguments as input, in that what does it means
>> "*https://<host:port>*" ?
>>
>>
>>
>>
>>
>> On Tue, Nov 27, 2012 at 5:19 PM, Arshad Noor
>> <ars...@st... <mailto:arshad.noor@**strongauth.com<ars...@st...>
>> >
>> <mailto:arshad.noor@__strongau**th.com <http://strongauth.com>
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>
>> <mailto:arshad.noor@ <mailto:arshad.noor@>__stronga**u__th.com<http://strongau__th.com>
>> <http://strongauth.com>
>> <mailto:arshad.noor@__strongau**th.com <http://strongauth.com>
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>>>
>> wrote:
>>
>> Yes, it is possible to use this in your
>> application even if
>> your
>> application does not require authentication. You
>> can create a
>> credential in LDAP and put those credentials in
>> the SKCE
>> configuration properties file, so your users don't
>> have to
>> supply a
>> credential.
>>
>> If you want to eliminate ALL authentication, then,
>> just
>> comment out
>> that section os the SKCE code and build your own
>> jar/war
>> file for
>> your application.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> On Nov 26, 2012, at 10:23 PM, Pawan
>> <pav...@gm... <mailto:pav...@gm...>
>> <mailto:pav...@gm... <mailto:pav...@gm...>**>
>> <mailto:pav...@gm... <mailto:pav...@gm...>
>> <mailto:pav...@gm... <mailto:pav...@gm...>**>__>__>
>> wrote:
>>
>> Hi Arshad Noor ,
>>
>>
>> Thanks for your information ,
>> it is very
>> helpful
>> for me . I have understood and analysed what
>> actually
>> happened in
>> StrongAuth Crypto Engine. According to our
>> Cloud-stack (
>> Eucalyptus , XEN ) and features we have a
>> specific portal
>> (application). Application which does n't
>> requires LDAP
>> Authentication. Is it Possible to use this
>> Encryption/Decryption
>> Web-service in my application. if possible
>> please
>> provide me
>> information.
>>
>>
>> Thanks in Advance.
>>
>>
>>
>> On Mon, Nov 26, 2012 at 11:06 PM, Arshad Noor
>> <ars...@st... <mailto:arshad.noor@**strongauth.com<ars...@st...>
>> >
>> <mailto:arshad.noor@__strongau**th.com <http://strongauth.com>
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>
>> <mailto:arshad.noor@ <mailto:arshad.noor@>__stronga**u__th.com<http://strongau__th.com>
>> <http://strongauth.com>
>> <mailto:arshad.noor@__strongau**th.com <http://strongauth.com>
>> <mailto:arshad.noor@**strongauth.com <ars...@st...>>>>>
>> wrote:
>>
>> Hi Pawan,
>>
>> You can do precisely what you described in
>> your
>> e-mail, with the
>> CryptoEngine. Take a look at the
>> source-code of
>> the StrongKey
>> CryptoCabinet
>>
>> (http://www.cryptocabinet.org/**____how-skcc-works.html<http://www.cryptocabinet.org/____how-skcc-works.html>
>> <http://www.cryptocabinet.org/**__how-skcc-works.html<http://www.cryptocabinet.org/__how-skcc-works.html>
>> >
>> <http://www.cryptocabinet.org/**__how-skcc-works.html<http://www.cryptocabinet.org/__how-skcc-works.html>
>> <http://www.cryptocabinet.org/**how-skcc-works.html<http://www.cryptocabinet.org/how-skcc-works.html>
>> >>)
>> and you'll see how the CryptoEngine can be
>> integrated into your
>> application.
>>
>> If you need any additional help, just join
>> the Help
>> forum at
>> Sourceforge
>> (http://sourceforge.net/____**projects/skce/forums<http://sourceforge.net/____projects/skce/forums>
>> <http://sourceforge.net/__**projects/skce/forums<http://sourceforge.net/__projects/skce/forums>
>> >
>> <http://sourceforge.net/__**projects/skce/forums<http://sourceforge.net/__projects/skce/forums>
>> <http://sourceforge.net/**projects/skce/forums<http://sourceforge.net/projects/skce/forums>>>)
>> and
>> we'll be more than happy to help with
>> additional
>> questions.
>>
>> Arshad Noor
>> StrongAuth, Inc.
>>
>> P.S. You can also get an idea of how the
>> CryptoEngine can be
>> used by reviewing this article on RC3:
>> http://ibm.co/rc3dw
>>
>>
>> On 11/26/2012 12:56 AM, StrongAuth
>> Webmaster wrote:
>>
>> From Pawan at pav...@gm...
>> <mailto:pav...@gm...>
>> <mailto:pav...@gm... <mailto:pav...@gm...>**>
>> <mailto:pav...@gm... <mailto:pav...@gm...>
>> <mailto:pav...@gm... <mailto:pav...@gm...>**>__>
>> : Hi
>>
>> i am pawan working in CDAC as
>> Project
>> Engineer.i
>> just got working out with Eucalyptus
>> Walrus(Open Source
>> 2.0.2 ). Here To communicate with
>> Eucalyptus
>> Walrus we are
>> using Jets3t (Third party) API.
>>
>> I have gone through your web-site
>> thoroughly
>> and i got
>> stuck up with this question in mind,
>> that How
>> this can be
>> integrated with my Application which
>> will
>> communicate with
>> Walrus. Please Help me in this issue.
>> And i
>> want to use
>> CryptoEngine to Encrypt Files(data)
>> and upload
>> into Cloud
>> , Decrypt file(data) and download from
>> Cloud.
>>
>>
>>
>> Thanks in Advance.
>> [14.139.180.34, safari 537.11]
>>
>>
>>
>>
>>
>>
>>
>
|
