on 07-14-2009 4:02 AM
Hi,
Would really appreciate some inputs on this one. Just to give a background, we're tying to establish an AS2 connection between us and a 3rd party. The 3rd party tried to send a test message using our connecton details, but they got an HTTP 403 Error - Forbidden when trying to send a message.
I have confirmed the following:
- All the certificates (AS2 certificate, SSL, etc) needed for this has been uploaded in the 3rd party's system.
- The firewall has be opened for the 3rd party's sending IP address.
- We have also uploaded the 3rd party's certificates to our system.
- I checked the destination url of the message, and it seems that it is up as well.
As I am not very familiar and new to AS2, I'm currently stuck and running out of possible options.
Is anyone familiar with this? And, a possible cause and solution?
Thanks a lot!
Hi Angelo,
The issue which you mentioned is very common and the most common cause is an incorrect configuration of AS2IDs in PI Parties.
Pls, verify that the AS2ID of the party for you partner in PI is the correct.
also, verify that the AS2ID of the party which is receiving messages is the correct.
*You can ask to your partner which are Sender and Receiver AS2ID.(maybe you can tell him which AS2IDs you want He uses )
*Sometime It is the better to make tests which cover all possible scenarios using and external tool. then when everything is fine. You can start the intercommunication with your partner.
I give you a link to download an AS2 tool to send/receive messages. There You are able to install the private key(your key) and public certificate(your partner certificate).
I hope this helps you
Regards
Ivan
Edited by: Jose Iván Reyes Arteaga on Jul 14, 2009 6:48 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ivan,
Actually, we have verified our AS2 ID that is set up in the 3rd party already, and it should already be the expected one. Although, I think I will need to ask them the full details already.
I also tried the tool you gave (was helpful btw), and it seems that I was able to send a message successfully to the 3rd party. This was the log:
OUTGOING TRANSMISSION TO ... Originator: ... Recipient: ... Signature: on Encryption: on Compression: off MDN Requested: Asynchronous: http://localhost:8080/AsyncMDN.aspx MDN Signature: on Transmission was successful. -TIMESTAMP Tue, 14 Jul 2009 13:03:20 +08:00 [1247547800343]- Verification of receipt is pending an asynchronous MDN.
The problem is as this software is on my localhost. I'm not sure if it is practical to have the 3rd party test and send to this other connection for this dummy server as this won't be used anyway in the planned implementation.
So I guess the conclusion that I got from this is so far, the configuration that I currently did on the actual connection is supposedly to be correct, and that the problem is on the 3rs party's side? Is that right?
Hi Angelo,
Other possible reasons might be,
1) The AS2 certificates not updated properly (Might be cache issues) wither at your end or the third party's end.
2) The path that you mention in the Receiver/ Sender Agreement for the certoficate location might be wrong.
YOu can check the other reasons for 403 errors and eliminate one by one.
403.1 - Execute access forbidden.
403.2 - Read access forbidden.
403.3 - Write access forbidden.
403.4 - SSL required.
403.5 - SSL 128 required.
403.6 - IP address rejected.
403.7 - Client certificate required.
403.8 - Site access denied.
403.9 - Too many users.
403.10 - Invalid configuration.
403.11 - Password change.
403.12 - Mapper denied access.
403.13 - Client certificate revoked.
403.14 - Directory listing denied.
403.15 - Client Access Licenses exceeded.
403.16 - Client certificate is untrusted or invalid.
403.17 - Client certificate has expired or is not yet valid.
Source: wikipedia.
Regards,
Ravi Kanth Talagana
Hi,
May be service engine in transaction SICF is not activated. Try to activate it by using a path sap/xi/engine.
-Rohit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Can you check the AS2ID configured in Party and IP Address.
Regards,
Ramesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Angelo,
The error you are getting could be due to Incorrect folder location, Mailbox path; do not have permission to remote folder/path; AS2 is not enabled/supported on receiving side. Can you make sure that it is not due to one of above reason.
Thanks
Sunil Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sunil,
Thanks for the reply!
For the scenarios you've mentioned:
1. I 've checked the url for the folder location, and it seems that it's up.
2. Both our and the 3rd party's certificates were uploaded already, which eliminates any authorization issues. Though I'm confirming if there were any new certificates that need to be added.
3. AS2 is enabled since our AS2 has been in used for quite a while now. This is just another new AS2 connection that is going to be added.
Thanks again!
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.