on 04-29-2016 9:08 AM
Hi All,
We have a scenario wherein we are communicating with Bank using Seeburger AS2 with HTTPS while sending data.
We have sent them our certificate chain having our public certificate in .p7b format and vice-verse they have sent their 3 chained SSL certificate in .cer format.
Now, the issue is that when we use HTTPS with AS2, we have 2 additional fields to be filled.
So,
1. I am not sure what needs to filled in these fields.
2. The received SSL certificate chain needs to installed individually in NWA or as one only
3. The location of SSL certificates in NWA. Which view should i use?
4. Is there any other setting to use SSL connection. We already have 443 SSL port enabled and in green status.
I believe once this SSL handshake is successful, the the role of AS2 certificate will come into play.
Please suggest.
Thanks
Neha
Hi All,
After using XPI Inspector logs we found that "Bad Certificate" error while sending data to 3rd Party using AS2 with HTTPS option is coming because our certificate which we sent them was only capable of Server Authentication and 3rd party needs it to be capable of Client authentication as well.
So, we sent our certificate chain to our CA - Entrust and they Enhanced key usage to Client authentication as well.
Now, I have the updated certificate chain with me.
Can someone please guide if i need to create a new Key Pair to import this CSR response or do Import CSR response in existing Private Key/Certificate pair.
Thanks
Neha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I got 4 certificates from CA. 2 Intermediate , 1 Server and 1 Root. I imported them only in the existing Private key (PI_AS2_CERT) and it is updated with new capabilities and validity date.
But the certificate(PI_AS2_CERT-cert) associated with it is same and unchanged. DO i need to bother about tht also.
Please clarify.
Thanks
Neha
As I understand, Your key pair aka private key seems to have been imported perfectly. The issue as I understand seems to be with your public certificate. What you can do is -
Note : As you are performing Client Authentication with AS2, this PI_AS2_CERT-cert is not used in your PI in both configuration and runtime. You only use your Private key. Hence, performing step 5 and 6 are not really required technically but will help make sure if any future needs arises, the certificate is consistent.
Let me know if there are any issues our questions you may have ( this is a topic I am really passionate on )
Regards
Bhavesh
Hi,
Thanks for an elaborate answer but when i try to import certificate from Private key i only have 2 options - PKCS8 or PKCS12.
With PKCS8 option i got 4 .crt files and 1 .p8 file. On the other hand the certificate exported from Step 1 is of Type - .cert.
How should i import back the public key from private key as said in Step 2.
Also, we have already shared our new certificate chain with our partner.
Please suggest.
Thanks
Neha
Like I mentioned, this step is a redundant step and not required, your current set up as-is is good to go! The .cert file is just a reference created by SAP in the keystore!
Regards
Bhavesh
One last question..
Wat if i keep both public certificates in the same keystore.
This is imp because we have shared old one with our old partners using AS2 with normal HTTP and this new one is shared only with our new partner utilizing AS2 with HTTPS.
Is it possible that old partners get authentication error as the old certificate sent to them is no more in the key store.
Please suggest.
Thanks
Neha
pls check the serial number of the old and new certificate.in my experience this should be the same as the CA just signs the cert and does not change any of its properties. If the serial number is same nothing to worry.if it is different then you need to share the new cert with the partner.
I do think that it would he same though.
Hi All,
I am getting below error for all my AS2 interfaces.
Transmitting the message to endpoint <local> using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate USER/SEEBAS2/PI_AS2_CERT., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate USER/SEEBAS2/PI_AS2_CERT.
I havent done any changes in Certificates or Identity mgmt. PFB snapshot.
Any suggestions.
Thanks Neha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Neha,
This is a new issue, hence typically a new post should be created.
This points to a issue where the seeburger user does not have access to the corresponding View.
Please check the seeburger configuration guide for this. They described how the user needs to be provided the corresponding access to the view.
Unfortunately i do not have access to these guides at this moment. but there is a setting that needs to be done to assign seeburger user to various views.
Regards
Bhavesh
Hello Neha,
check the below links and do the seetings accordingly.
For certificates you should import in NWA->Certificates and Keys->Trusted CAS.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Neha,
Am not 100% sure on this,
Guess you need to mention the keystore here.not individual certificates.
Refer the below link and see if it helps
Hi Nitin,
We have a Bank as our 3rd party. They have already sent us their 3 chained public SSL certificates which i have imported in PI NWA - TrustedCAs keystore.
Why will they send us the private key. Can you plz elaborate more on this.
Also, I referred Root certificate out of the the 3 certificates in the channel but am again n again getting "Bad Certificate" error.
Please suggest.
Thanks
neha
User | Count |
---|---|
83 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.