date:20240403

Re: PKCS#8 encryption algorithm unrecognized

2024-04-03 Thread Konstantin Kolinko

> Caused by: java.security.NoSuchAlgorithmException: The PKCS#8 encryption
> algorithm with DER encoded OID of [2a864886f70d010c0103] was not recognised

If I google for the above hex number, it finds the following:

'2A864886F70D010C0103' -- 1.2.840.113549.1.12.1.3
pbeWithSHAAnd3-KeyTripleDES-CBC (PKCS #12 PbeIds)

(actually a comment in some random source file, but it explains what
the value is).

If I manually decode that value, thanks to
https://stackoverflow.com/a/24720842
I get the same value:

2a = 42 = 1 * 40 + 2 -> "1.2"
8648 = (0x06 * 128) + 0x48 = 6 * 128 + 72 = 840
86f70d = ((0x06 * 128) + (0x77 * 128) + 0x0d = ((6 * 128) + 119) * 128
+ 13 = 113549
01 = 1
0c = 12
01 = 1
03 = 3

I saw that you mentioned
> The ASN.1 is  OBJECT IDENTIFIER=Sha256WithRSAEncryption 
> (1.2.840.113549.1.1.11)

but the value is different.
*.1.1.11 vs *.1.12.1.3

Maybe it helps.

What is your version of Java?

Isn't the algorithm (mentioned in the error message) deprecated,
because it uses SHA-1 ?

> SSLCertificateChainFile="C:Certificate\Public Key\WSD-2DNX4M3...cer"

A '\' is missing after ':'.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: PKCS#8 encryption algorithm unrecognized

2024-04-03 Thread Timothy Resh

Sure, I can provide the entire setup for you.   I'll work on that tonight .

On Sun, Mar 31, 2024 at 2:05 PM Mark Thomas  wrote:

> On 25/03/2024 16:56, Timothy Resh wrote:
> > Sorry for the delay.  Our certificate creation process was automated
> > several years ago and I had to go through the code to figure out the
> > commands being used for the certificates
> >
> > First, we use the createcert.exe from the Sybase 17 installation to
>
> I don't have access to that application so I am unable to follow the
> provided instructions.
>
> Given you do have access to the application, it will likely be simpler
> if you provide a test key and certificate that don't work that we can
> use for investigation.
>
> If you want to provide those offline, feel free to email the pem files
> to me directly.
>
> Mark
>
>
> > generate a DB cert for ODBC connectivity.  Please see the following link
> > for more information.
> >
> https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.1/dbadmin/gencert-ml-ref1.html
> > -t encryption type
> > -b length
> > -ca "1"  Create Certificate Authority
> > -u 3,4,5,6
> >
> > - 3. Key Encipherment
> > - 4. Data Encipherment
> > - 5. Key Agreement
> > - 6. Certificate Signing
> >
> > -v 6 years
> > -co Public Certificate
> > -x Generates a self-signed certificate
> >
> > *C:\tmp12>ECHO. | "C:\Program Files\SQL Anywhere 17\Bin64\createcert.exe"
> > -t "rsa" -b "2048" -ca "1" -io "C:\tmp12\DB\Application Certificate
> > Files\Private Keys\ASA12 SAMM Vessel.pem" -ko "C:\tmp12\DB\Application
> > Certificate Files\Private Keys\ASA12 SAMM Vessel.key" -kp "changeit" -x
> -co
> > "C:\tmp12\DB\Application Certificate Files\Public Keys\ASA12 SAMM
> > Vessel.pub" -sc "US" -scn "WSD-2DNX4M3.mydomain.com
> > " -sl "Norfolk" -so "Vessel Ships" -sou
> > "Engineering" -sst "VA" -u 3,4,5,6 -v "6"*
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *SQL Anywhere X.509 Certificate Generator Version 17.0.10.6160Warning:
> The
> > certificate will not be compatible with older versionsof the software
> > including version 12.0.1 prior to build 3994 and version 16.0prior to
> build
> > 1691. Use the -3des switch if you require compatibility.Generating key
> > pair...Certificate will be a self-signed rootSerial number [generate
> GUID]:
> > Generated serial number: 42455c10a27d441db3e3d09f39f35452*
> >
> >
> > This creates a  ASA12 SAMM Vessel.pub  that is then copied to the Tomcat
> > Application Server as "Client Configuration.pem"
> >
> > our next commands are all openssl or keytool
> >
> > openssl.exe genrsa -aes256 -passout pass:"changeit" -out
> > "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key" 2048
> > 1>nul 2>&1
> > openssl.exe req -new -key "C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.mydomain.com.key" -subj "/CN=
> > WSD-2DNX4M3.mydomain.com/OU=USN/OU=PKI/OU=DoD/O=U.S.Government/C=US"
> -out
> > "C:\tmp12\Certificate\Keystore\WSD-2DNX4M3.mydomain.com.csr" -passin
> > pass:"changeit"1>nul 2>&1
> >
> > echo basicConstraints = CA:FALSE  1>"C:\tmp12\openssl\v3.ext"
> > echo keyUsage = digitalSignature, keyEncipherment
> >   1>>"C:\tmp12\openssl\v3.ext"
> > ECHO [SAN]   1>>"C:\tmp12\openssl\v3.ext"
> > ECHO subjectAltName=DNS:WSD-2DNX4M3.mydomain.com
> > 1>>"C:\tmp12\openssl\v3.ext"
> >
> > openssl.exe x509 -req -extfile "C:\tmp12\openssl\v3.ext" -signkey
> > "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key" -in
> > "C:\tmp12\Certificate\Keystore\WSD-2DNX4M3.mydomain.com.csr" -out
> > "C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer" -passin
> > pass:"changeit" -days "2190" -extensions SAN
> > Certificate request self-signature ok
> > subject=CN = WSD-2DNX4M3.mydomain.com, OU = USN, OU = PKI, OU = DoD, O =
> > U.S.Government, C = US
> >
> > COPY "C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer"
> > "C:\tmp12\Certificates\CA\"   1>nul 2>&1
> >
> > openssl.exe pkcs12 -export -in "C:\tmp12\Certificate\Public
> > Key\WSD-2DNX4M3.mydomain.com.cer" -inkey "C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.mydomain.com.key" -out "C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.mydomain.com.p12" -name WSD-2DNX4M3.mydomain.com -CAfile
> > "C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer" -caname
> > WSD-2DNX4M3.mydomain.com -passin pass:"changeit" -passout
> pass:"changeit"
> >
> > keytool.exe -importkeystore -deststorepass "changeit" -destkeypass
> > "changeit" -destkeystore "C:\tmp12\Certificate\Keystore\Vessel.jks"
> > -srckeystore "C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.mydomain.com.p12" -srcstoretype PKCS12 -srcstorepass
> > "changeit" -alias WSD-2DNX4M3.mydomain.com
> > Importing keystore C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.mydomain.com.p12 to
> > C:\tmp12\Certificate\Keystore\Vessel.jks...
> > DEL /Q "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.p12"
> >
> > openssl.exe rsa -in "C:\tmp12\Certificate\Private
> > Key\WSD-2DNX4M3.my

Participate in the ASF 25th Anniversary Campaign

2024-04-03 Thread Brian Proffitt

Hi everyone,

As part of The ASF’s 25th anniversary campaign[1], we will be celebrating
projects and communities in multiple ways.

We invite all projects and contributors to participate in the following
ways:

* Individuals - submit your first contribution:
https://news.apache.org/foundation/entry/the-asf-launches-firstasfcontribution-campaign
* Projects - share your public good story:
https://docs.google.com/forms/d/1vuN-tUnBwpTgOE5xj3Z5AG1hsOoDNLBmGIqQHwQT6k8/viewform?edit_requested=true
* Projects - submit a project spotlight for the blog:
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=278466116
* Projects - contact the Voice of Apache podcast (formerly Feathercast) to
be featured: https://feathercast.apache.org/help/
*  Projects - use the 25th anniversary template and the #ASF25Years hashtag
on social media:
https://docs.google.com/presentation/d/1oDbMol3F_XQuCmttPYxBIOIjRuRBksUjDApjd8Ve3L8/edit#slide=id.g26b0919956e_0_13

If you have questions, email the Marketing & Publicity team at
mark...@apache.org.

Peace,
BKP

[1] https://apache.org/asf25years/

[NOTE: You are receiving this message because you are a contributor to an
Apache Software Foundation project. The ASF will very occasionally send out
messages relating to the Foundation to contributors and members, such as
this one.]

Brian Proffitt
VP, Marketing & Publicity
VP, Conferences

Re: PKCS#8 encryption algorithm unrecognized

Re: PKCS#8 encryption algorithm unrecognized

Participate in the ASF 25th Anniversary Campaign

3 matches

Site Navigation

Mail list logo

Footer information