Hi Experts,

After resolving our issue for Anonymous login, we are facing a different issue now. We cannot decrypt the message the customer is sending to us. We have configured the certificates correctly (uploaded both private and public key in NWA, used those for decrypting, etc.) in the Sender Comm Channel. To provide some more background, we have a GoDaddy CA Signed certificate which we use for SSL Client Authentication as well.

The Certificate has the following for the intended purposes:

1. Ensures the identity of a remote computer

2. Proves your identity to a remote computer

3. 2.16.840.1.114413.1.7.23.1

Key Usage is listed as follows: Digital Signature, Key Encipherment (a0)

Subject:

CN = SAP PI Quality Instance domainname

OU = Domain Control Validated

Here is the error we receive in B2B Log and Communication Channel Monitoring:

Error occured while decrypting the AS2-message: Cannot decrypt message: org.bouncycastle.cms.CMSException: key invalid in message

I have confirmed with the partner that they are indeed encrypting the message using the public certificate we provided (which again, used the same for SSL Authentication). I have seen some posts that mention that a new certificate must be generated specifically for data encryption and signature authentication.

We have B2B Add-on SP4 installed on a SAP PI 7.31 Dual Stack.

Any feedback will be appreciated. Do we need to configure something or is this a certificate mismatch?

Regards,

Rommel