on 03-06-2011 6:07 PM
Hello!
Due to the fact that our certificate for the connection to the
brasilian gouvernment (SEFAZ) was valid until March 3rd we imported a
new one in the key storage on February 15th. The old entry which was in
the view NFE was named TY_NFE. So we created a new entry in the
view NFE called TY11. After a reboot of the system where the GRC is
installed and the PI system on February 15th we deleted the old entry
TY_NFE in the key storage.
We had no problems until March 3rd. As soon as the old (already in the
key storage deleted) certificate was no longer valid we were not able
to sign messages. We thought that the system was already using the new
certificate we created under TY11 but it didn`t.
When we want the system to use the certificate under TY11 we receive
the error message: "Error signing input XML: Error accessing Keystore"
in the SXMB_MONI of the GRC system.
So we created again an entry in the view NFE called TY_NFE (the
old name) as we assumed that the name is cached anywhere. If the system
tries to use the new entry TY_NFE we receive the error
message "Error signing input XML: Certificate not valid: Valid date
expired". The system can not recognize that the certificate behind the
new entry TY_NFE ist valid until 2012.
Somewhere in the system the information of the old certificate seems to
be used and if we create a new entry with a new name (TY11) we get the
message that there is an error accessing the keystore.
We restarted both systems (system with GRC and PI 7.11 with keystorage) several times to get rid of old cached/old information but it didn`t work.
Does anyone have an idea how to solve this problem?
Thank you!
Regards
Christian
Hi Chris,
Please check the communication channel - receiver agreement, (if you change the keystore view - you have to make appropriate change in the communication channel agreement) following link may help:
http://help.sap.com/saphelp_nwpi71/helpdata/en/86/0222417c22f323e10000000a155106/content.htm
if this doesn't help, please give us more info on what type of adapter you are using and in which system you are checking the keystore.
Regards
Prashanth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello!
It was an error in the configuration as the key files have to be stored twice (PI and GRC).
Regards
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.