Seeburger AS2 Certificate Issue

Hey,
     We are facing an Issue while posting an EDI order to XI.
The sender system receives an error https 403 forbidden.
I assume this is an authorization error.
We had a certificate say XYZ.cert taht expired and hence we uploaded a new certificate say XYZ_1.cert
Now when the sender sends the data, the AS2ID is XYZ and the private key is XYZ.
i would like to know if any of these two values determine the certificate. because if that is the case then the sender data will refer to the old certificate which has expired.
Also if anyone has a different explanation for the error, please mention.
regards,
       Milan Thaker

Hi Milan,
If you receiving EDI documents from your partner then in the sender agreement you will specify following certificates
1. Authenticate Certificate - Partner Public Key used to validate the signature of the partner
2.Decryption Key- Your Private Key (your certificate) to decrypt the message
So if you changed your certificate then you need to give your new certificate (public key) to your partner for encrypting.
Regards,
Prakash

Similar Messages

  • AS2 Certificate Issue

    Hi all,
    While loading AS2 certificate of the Trading Partner in our system it is asking for the password to unloack the certificates but when i contacted the Trading Partner they have not set any password for the certificates . Can any one help what could be the issue ?
    Thanks
    Laks

    Can be one of 2 reasons;
    1. Your partner has provided you with the private key rather than the public cert. What is the extension of this certificate?
    2. There is some enconding issue ; think Xi VA can import only, .cer, .crt and .der files; am not sure though.
    Regards
    Bhavesh

  • Seeburger AS2 connectivity issues.

    Hello,
    is it possible to have one single certificate for both AS2 and SSL, using HTTPS protocol.
    if yes should we upload the certificates twice (AS2 & SSL)?
    Also when we sent some messages via AS2, the seeburger AS2 server seems to be closing the connection abruptly. are there any logs generated on the seeburger side in order to check what actually happened?

    Hi
    AS2 and SSL follows two different protocols. So It's not possible to use same certificate for both of them.
    for AS2 connectivity you can ask your network team to open the network port only for AS2 authentication.
    regards
    chandra

  • Seeburger AS2 Certificates updates

    Dear Experts,
    We're having a problem to add in new certificates from our partner. For your info we're using Seeburger AS2 connect and no one knows how to update the certificates including our vendors. Please let me know how to update the certificates. Thank you

    Hi,
    if you are on PI 7.1x go to Netweaver Administrator (http://server:port/nwa)
    Then go to Configuration Management -->  Security --> Certificates and Keys
    There you shold find several Key Stores ("Key Storage Views")
    Select the Keystore which holds the AS2 certificates.
    If you are not sure which one is the correct one, check your Sender/Receiver Agreements in the Integration Directory.
    The certificates that you specified as TRUSTED\<keystore>\certificate-name in your AS2 configuration are the ones you have to change.
    In the "Key Storage View Details" you can add, modify, delete,... the certificates.
    regards,
    Daniel

  • Seeburger AS2 adapter issue

    Hi experts
    We have migrated from XI 3.0 to PI 7.1.
    The corresponding AS2 seeburger is also upgraded to a compatible version.
    But after that it seems the mapping is not working. I am getting the foollowing error while using AS2 adapter at receiver side.
    Runtime exception during processing target field mapping /LIST/S_ISA/D_I05_2. The message is: Exception:[java.lang.NoClassDefFoundError: com/seeburger/functions/permstore/VariableFactory] in class
    A function in map uses seeburger classes(VariableFactory)
    Thanks and Regards
    Dhanish Joseph

    As Anoop said  check for property store values.
    http://seeburger.com/xi/SeeFunctions  provider.servlet.server ; http://localhost/50100 . check for this entry from property store from see front end.
    make sure all other mapping variables and addressbook values imported properly.
    Regards,

  • Seeburger AS2 error: No Trusted Certificate found

    Dear SAP experts,
    Good day!
    Need your expert advice regarding the error that I am getting in Seeburger AS2.
    Here's the scenario:
    SAP XI is sending messages to Trading Partner via AS2 adapter which resides in Seeburger.
    I've trigerred already messages but they are getting this kind of error:
    Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # : javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER.
    Kindly advice if there are missing or invalid certificates on both sides?
    What would be the cause of the issue?
    Many Thanks!
    Godo

    Godo,
    I think you are using secure communication for your seeburger CC. Can you pls. check if you have installed(keystore) certifcate on J2EE engine and configured certificate provided by ftp client in your CC.
    Also one more important thing,
    Make sure that you have entry with ftp server name and correspoding ip address in hosts.inc on a system where your adapter engine resides.
    Check detail error messsage at:
    http://XI server : port / nwa --> Message Monitoring --> Logs and Trances and select DefaultTrace in second drop down list. You will find all events details with description. ( If you run your interface and check you will find recent activities on XI server. Hope this will give you much better picture)
    Hope this will help.
    Nilesh

  • AS2 Certificate widget scoring issue

    I received a fix from someone on the Captivate forum that is supposed to fix the AS2 Certificate widget scoring issue. The results on my Score Results page appear correctly, but the results on the certificate do not match those on the Score Results page. I tried to use the fix the provided (another widget that you insert at the beginning of the project) but it did not solve my problem. I am desperate for a solution to this and have tested the project what feels like 100 times to try to figure out how to fix this problem. I apologize in advance if this has been addressed in another string. I have spent a great deal of time going through the forums and have found some discussion on this issue, but no concrete solution anywhere. Can anyone offer any insight?
    FYI: I am using Captivate 4 and my project is set to AS2.
    Thanks!

    Weird ... I need to ask a totally unrelated question and came to the forum using a link I'd bookmarked ... to the "Certificate Not Widget Scoring Correctly" thread. And here's your post at the top of the list.
    I haven't played with scoring in quite awhile, so I'm not much help and maybe you've already read this thread, but just in case: here's the link: http://forums.adobe.com/thread/598503.
    Hope it's helpful.

  • Seeburger AS2 - import certificate type .p7b (PKCS#7)

    Dear Seeburger AS2 experts,
    Has anyone ever imported (loaded) a certificate file type *.p7b (PKCS#7)?   I've got a .p7b certificate file from my trading partner but I cannot import it, as XI does not have the option to load this type.  I tried loading a .cer file, but that did not work (as2 authentication error) for some reasons.  My trading partner does not have a .p8 or .p12 certificate.  Is there any way to load a .p7b into XI?
    Thanks.
    Sakkarn

    Is this resolved...
    Regards
    Ravi R

  • Seeburger AS2: How to set up Certificates in PI

    Hi ! ALL
    We are setting up Seeburger AS2 adapters to exchange file with vendors (B2B).
    can you please, share with us ..
    1.How to set up certificates, decryption key, signature key.
    2.Also, instead of the vendors coming directly to the PI box.....can you share if you have set up any DMZ/firewall environment and how it was set up to talk to PI, especially exchanging certificates.
    Your help is greatly appreciated!!
    Thank you,
    Patrick
    Edited by: Patrick Jones on Feb 4, 2009 10:23 PM

    Hi Patrick,
    For secured communication with business partners you need to implement message level security. You need to create certificates in visual administrator and exchange the public key with your business partner. Also you need to import your business partner public key in visual administrator.
    For encryption - Use business partner public key
    For signing - Use your private key.
    For DMZ check the following help link
    http://help.sap.com/saphelp_nw04/helpdata/en/d9/ef2940cbf2195de10000000a1550b0/content.htm
    Regards
    Prakash

  • Renewing public key certificate used for Seeburger AS2

    My general question is when a public key certificate, used for Seeburger AS2 payload decryption and digital signatures, needs to be renewed, how carefully do the certificate renewal steps need to be coordinated for a seamless transition?  More specifically...
    1. Once we import the CSR response from the CA, will the public key currently used by our partner become invalid, or will it continue to work until its expiration date? 
    2. Will our partner be able to validate our signature after the new CSR has been imported, but prior to them applying the new public key certificate in their system? 
    3. Or can we renew the certificate, import the CSR request, provide our partner with the renewed certificate, and let them apply the certificate at their own volition, provided they do it prior to the original certificate expiration?

    Hi Kurt
    In my experience, the renewal/replacement of AS2 certificates for encryption/decryption & signing/authentication requires coordinated effort on both sides.
    This is because AS2 uses asymmetrical encryption, so both parties need to use the same pair of certificates at the same time, i.e. you encrypt on your private key, and partner decrypt on the public key matching your private key. If the keys used do not belong to the same pair, then decryption will not work.
    I'm not sure what AS2 software your partner uses and if it has the feature of automatic rollover of certificate, but PI/Seeburger does not. The approach in PI/Seeburger can either be one of the following:-
    i) import new cert replacing original cert of the same name
    ii) import new cert into new name, manually update sender/receiver agreements
    Due to the manual nature of the tasks, normally it requires coordinated effort during a cutover window.
    Rgds
    Eng Swee

  • AS2 Certificate Problem

    Hi,
    I'm doing one IDOC to AS2 Scenario. Where we are posting the IDOC successfully, but we are not able to receive the message.
    It is giving some certificate error. Definitely some connectivity issue.
    The exact error is :
    "Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # "
    Can someone please tell what exactly can be done to ensure the trusted certificate.
    FYI : The SSL certificate in the communication channel and the Encryption certificate and authentication certificate in receiver agreement are all same.
    Thanks,
    Vikas

    HI Vikas,
       Can you check the expiry date on the AS2 certificate?
    Regards,
    ravi

  • Com.seeburger.ksm.cryptoapi.exception.CryptoApiException in Seeburger AS2

    Hi Experts ,
    I am facing some very weird issue of getting below error whenever I try to enable the Encryption in my Receiver AS2 Seeburger Adapter :
    Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Cannot authenticate the user.
    But the moment I send data without signing and encryption it goes well. We have tried placing certificates in receiver agreement and in key store.
    Thanks
    Abhishek

    Prateek ,
    Thanks we were able to identify the user to be mentioned but now we are facing below error while using certificates with SH1withRSA Encryption and in receiver channel Encryption algorithm as 3DES :
    Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm.
    The problem doesnt ends here ... while our partner trying to send us data to the URL we have provided its getting 403 Forbidden Error. We have tried resolving the steps which were given in manual but again the sxase is same.
    URL : http://server:port/SeeburgerAS2/AS2Server
    Any inputs if you can provide on the above 2 errors .
    Thanks
    Abhishek

  • Client Auth  and SSL with Seeburger AS2 adapter

    Hello All,
    We are using the Seeburger AS2 adapter in our landscape and I am in the process of setting the same up and have made quite some progress in all my issues.
    and I  hope that you will be able to help me out.
    1. Server SSL on Receiver AS2 adapter
    I am sending a message from XI using the Receiver AS2 adapter to my AS2 test tool using Server SSL.
    This is working perfectly fine. In my AS2 adapter I have selected HTTPS as the protocol and the message goes via SSL to the target test tool, is processed and the MDN comes back to XI perfectly.
    The issue here is :
    Irrespective of what is provided in the Server Certificate ( Keystore) , the message goes to my target test tool. I even left this field blank with no certificate entry and still the SSL connection was established and the message went to the target system.
    Is there no validation that XI does here? I am lost what is the use of this entry Server Certificate if XI blindly accepts all SSL connections.
    I am using a Decentral Adapter Engine with LoadBalancer.
    2. Client Auth on Receiver AS2 Adapter
    I tried to perform Client Authentication by proving my Server's private key in the AS2 adapter. The corresponding public key is loaded in my partner's Keystore.
    XI error's with the error "SSL handshake failed - Bad Certificate" .
    I am not sure why XI is erroring out here and I have a feeling that I have misunderstood the use of the fields in the AS2 adapter,
    Server Certificate ( Keystore) and Private Key for Client Authentication.
    Has anyone tried this? If further details are needed, I will be able to furnish the same.
    Regards,
    Bhavesh

    Hello Jens,
    Thanks for your reply.
    1. The Encryption and Signature part of the Interface is working absolutely fine and I use the same concept highlighted by you - The Sender always signs the message with his private key and encrypts with message with the partner's public key in the corresponding agreement.
    2. Server SSL is also working perfectly fine, i.e, when XI initiates the connection the SSL connection is established to the partner.
    3. Mutual Auth was the issue where I was getting the bad certificate issue.
    To investigate further I moved the same setup to my Central Adapter Engine and all the issues I had described above seem to have vanished and things work exactly as I was expecting, ie.
    The field : Server Certificate (Keystore) is used to provide the Target System's Server SSL's public Certificate.
    The field : Private Key for Client Authentication is used where XI provides its own Server SSL's private key for Mutual / Client Authentication.
    The problem seems to be with my Decentral Adapter engine and not my central adapter engine and so I guess,
    1. I either have the incorrect certificates on my Decentral Adapter Engine.
    2. I also have 2 instances of a Decentral Adapter Engine with a Webdispatcher and so maybe the 2 Visual Admin's of the 2 Decentral AE are inconsistent.
    3. Maybe it was just a long day and I did something wrong
    Will investigate further for the root cause but I am glad that my concepts remain intact and things do work as I expected them to work.
    A blog on all this is on the cards sometime soon.
    Cheers,
    Bhavesh

  • Seeburger AS2 Adapter failure

    Hi ,
    Iam trying to test the Outbound AS2 connection though the receiver is not yet ready with the setup but i want to make sure at my side . While testing i got this error message ..
    "Unable to forward message to JCA adapter. Reason: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no certificate with such alias, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Th"
    and Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: com.sap.aii.af.ra.cci.XIRecoverableException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: There is no certificate with such alias, SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.
    Can anyone help me to identify the issue here ?

    The certificate of your client must be maintained in AS2 keystore. Make sure that in the receiver agreement, you have given the same name. If certificate name is test.crt, then receiver agreement should have entry AS2keystore\test.
    Regards,
    Prateek

  • Seeburger AS2 Adapter with HTTPS transport

    The AS2 adapter is generating the following error.
    Message processing failed. Cause: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: HTTP-Client component init failed # java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve alias collection., SEEBURGER AS2: HTTP-Client component init failed # java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve alias collection.
    According to documentation, the SSL Certificate  (keystore) field should point to the keystore, and not a  specific key.  in my communication channel it does.  Thep rivate key points to my key.  I have verified both of these entries are correct.
    Other than that, this scenario is configured the same as my previously configured scenarios that use HTTP, all working without issue.

    Thank you, we had already done that.
    What we found however was the entry for the "keystore" in the communication channel, we needed to fully name the key to be used, as opposed to simply the keystore.
    Once we did that, we cycled the as2 adapter and were able to send a message successfully.

Maybe you are looking for

  • Problem With router related to mIRC?

    Hi Everyone,                     I am having problem with my router (model = WRT54G2 and version = 1) related to mirc, the problem is that whenever i recieve or try to send someone a code something like this I'm a QUEER?DCC SEND "gay???g?" 0 0 0 i ge

  • Mac Book Pro takes forever to wake from sleep

    In the last few weeks, my MBP has started taking forever to wake up if it's asleep for any lengthy period of time. I've checked the logs to see if it is any particular program slowing things. It comes up dark, the goes to a greyed out screen with a p

  • ITunes crashes every time I connect my iPhone 4S.

    I have tried restarting the iPhone and computer and uninstalling and reinstalling iTunes to no avail.

  • Citrix Receiver - AppWorld says for Classic but doesn't work

    (Posted this in the other forum for downloaded apps, reposting here since I seemed to have posted in the wrong forum.) http://appworld.blackberry.com/webstore/content/34621918/?lang=en Something wrong with the compatibility? Website says compatible w

  • Stop seconday database when it is in restoring state

    Hi All, We are planning to perform Switch from primary  to secondary server by using Libelle tool. Before switch we have planned to increase the server resources and make it same as primary. So for that we need to stop database running on secondary s