cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP 403 Error in AS2 Connection

Go to solution
Former Member

on ‎07-14-2009 4:02 AM

0 Kudos

Hi,

Would really appreciate some inputs on this one. Just to give a background, we're tying to establish an AS2 connection between us and a 3rd party. The 3rd party tried to send a test message using our connecton details, but they got an HTTP 403 Error - Forbidden when trying to send a message.

I have confirmed the following:

- All the certificates (AS2 certificate, SSL, etc) needed for this has been uploaded in the 3rd party's system.

- The firewall has be opened for the 3rd party's sending IP address.

- We have also uploaded the 3rd party's certificates to our system.

- I checked the destination url of the message, and it seems that it is up as well.

As I am not very familiar and new to AS2, I'm currently stuck and running out of possible options.

Is anyone familiar with this? And, a possible cause and solution?

Thanks a lot!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-14-2009 5:47 AM
0 Kudos

Hi Angelo,

The issue which you mentioned is very common and the most common cause is an incorrect configuration of AS2IDs in PI Parties.

Pls, verify that the AS2ID of the party for you partner in PI is the correct.

also, verify that the AS2ID of the party which is receiving messages is the correct.

*You can ask to your partner which are Sender and Receiver AS2ID.(maybe you can tell him which AS2IDs you want He uses )

*Sometime It is the better to make tests which cover all possible scenarios using and external tool. then when everything is fine. You can start the intercommunication with your partner.

I give you a link to download an AS2 tool to send/receive messages. There You are able to install the private key(your key) and public certificate(your partner certificate).

AS2 Free Tool

I hope this helps you

Regards

Ivan

Edited by: Jose Iván Reyes Arteaga on Jul 14, 2009 6:48 AM

Show replies
Show replies
Former Member
‎07-14-2009 6:15 AM
0 Kudos

Hi Ivan,

Actually, we have verified our AS2 ID that is set up in the 3rd party already, and it should already be the expected one. Although, I think I will need to ask them the full details already.

I also tried the tool you gave (was helpful btw), and it seems that I was able to send a message successfully to the 3rd party. This was the log:

OUTGOING TRANSMISSION TO ... Originator: ... Recipient: ... Signature: on Encryption: on Compression: off MDN Requested: Asynchronous: http://localhost:8080/AsyncMDN.aspx MDN Signature: on Transmission was successful. -TIMESTAMP Tue, 14 Jul 2009 13:03:20 +08:00 [1247547800343]- Verification of receipt is pending an asynchronous MDN.

The problem is as this software is on my localhost. I'm not sure if it is practical to have the 3rd party test and send to this other connection for this dummy server as this won't be used anyway in the planned implementation.

So I guess the conclusion that I got from this is so far, the configuration that I currently did on the actual connection is supposedly to be correct, and that the problem is on the 3rs party's side? Is that right?

former_member181962
Active Contributor
‎07-14-2009 7:47 AM
0 Kudos

Hi Angelo,

Other possible reasons might be,

1) The AS2 certificates not updated properly (Might be cache issues) wither at your end or the third party's end.

2) The path that you mention in the Receiver/ Sender Agreement for the certoficate location might be wrong.

YOu can check the other reasons for 403 errors and eliminate one by one.

403.1 - Execute access forbidden.

403.2 - Read access forbidden.

403.3 - Write access forbidden.

403.4 - SSL required.

403.5 - SSL 128 required.

403.6 - IP address rejected.

403.7 - Client certificate required.

403.8 - Site access denied.

403.9 - Too many users.

403.10 - Invalid configuration.

403.11 - Password change.

403.12 - Mapper denied access.

403.13 - Client certificate revoked.

403.14 - Directory listing denied.

403.15 - Client Access Licenses exceeded.

403.16 - Client certificate is untrusted or invalid.

403.17 - Client certificate has expired or is not yet valid.

Source: wikipedia.

Regards,

Ravi Kanth Talagana

Former Member
‎07-14-2009 3:06 PM
0 Kudos

Hi Angelo,

Your assumption is valid, pls. talk your partner and ask for AS2 details.

About MDN, take account the type of this, maybe the partner is sending sync. and you are requesting async.

Pls, let me know if you need something more.

Regards

Ivan

Former Member
‎07-15-2009 7:06 AM
0 Kudos

Hi Ravi,

Thanks for the error codes and the answer!

Yup. The issue was due to improper certificates that are uploaded in the 3rd party (the SSL specifically).

Former Member
‎07-15-2009 7:07 AM
0 Kudos

Hi Ivan,

Thanks for all the replies! Actually, your replies were insightful, and will really help me in the future to troubleshoot errors.

Btw, the problem was solved, and it was due to some issues on the certificates uploaded on the 3rd party's side (the SSL specifically).

Answers (3)

Answers (3)

Former Member
‎07-14-2009 5:30 AM
0 Kudos

Hi,

May be service engine in transaction SICF is not activated. Try to activate it by using a path sap/xi/engine.

-Rohit

Show replies
Show replies
RameshGulipall
Active Participant
‎07-14-2009 5:20 AM
0 Kudos

Hi,

Can you check the AS2ID configured in Party and IP Address.

Regards,

Ramesh

Show replies
Show replies
sunil_singh13
Active Contributor
‎07-14-2009 4:20 AM
0 Kudos

Hi Angelo,

The error you are getting could be due to Incorrect folder location, Mailbox path; do not have permission to remote folder/path; AS2 is not enabled/supported on receiving side. Can you make sure that it is not due to one of above reason.

Thanks

Sunil Singh

Show replies
Show replies
Former Member
‎07-14-2009 5:07 AM
0 Kudos

Hi Sunil,

Thanks for the reply!

For the scenarios you've mentioned:

1. I 've checked the url for the folder location, and it seems that it's up.

2. Both our and the 3rd party's certificates were uploaded already, which eliminates any authorization issues. Though I'm confirming if there were any new certificates that need to be added.

3. AS2 is enabled since our AS2 has been in used for quite a while now. This is just another new AS2 connection that is going to be added.

Thanks again!

Ask a Question