cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Seeburger AS2 - DECRYPTION_ERROR - Could not retrieve certificate

Former Member

on ‎05-24-2011 11:39 PM

0 Kudos

Hi

Can anyone suggest a reason why I am getting this error regarding failed Decryption:

Error while parsing AS2 message: DECRYPTION_ERROR # Error while loading decryption certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate TRUSTED\STEVEB\XX.com.seeburger.ediint.edi.EDIMessageException: cannot decrypt message (certificate or private key missing)

I am pretty sure that the configuration is correct...

Configuration:

[View Creator Role|http://i1111.photobucket.com/albums/h469/SBentley2011/ViewCreatorRole.png]

[JCA Connection Factory |http://i1111.photobucket.com/albums/h469/SBentley2011/connectionFactory.png]

[Keystore View|http://i1111.photobucket.com/albums/h469/SBentley2011/keystore.png]

[PI7.1 Config|http://i1111.photobucket.com/albums/h469/SBentley2011/config.png]

BTW I am using PI7.1 ENH 1 and Seeburger 2.5.1

Thanks for looking.

Edited by: Andy Cliff on May 25, 2011 12:40 AM

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

vijayabaskaranj
Explorer
‎05-27-2011 9:02 PM
0 Kudos

AS2SEEBURGER user needs view admin role to access the keystore.

Show replies
Show replies
prateek
Active Contributor
‎05-25-2011 7:05 AM
0 Kudos

Once the steps of your screenshot "JCA Connection Factory" were performed, was a Java restart done? Also make sure that user SEEBURGERAS2 is not locked.

Regards,

Prateek Raj Srivastava

Show replies
Show replies
Former Member
‎05-26-2011 10:48 PM
0 Kudos

Hi. User is not locked and Java has been restarted, but the error remains.

Former Member
‎05-27-2011 12:38 AM
0 Kudos

Did you provided your public cert XX-cert to partner(sender)?

Regards,

Pinkle

prateek
Active Contributor
‎05-27-2011 7:19 AM
0 Kudos

What role is assigned to this user?

Regards,

Prateek Raj Srivastava

Former Member
‎06-01-2011 6:27 AM
0 Kudos

Hi

User SEEBURGERAS2 has Assigned Role "view-creator.STEVEB" in UME.

In SU01 in PI7.1, User SEEBURGERAS2 has no Role Assignments.

Thanks.

prateek
Active Contributor
‎06-01-2011 6:48 AM
0 Kudos

Assign role SAP_J2EE_ADMIN to the user, perform Java restart and try again.

Regards,

Prateek Raj Srivastava

Former Member
‎06-01-2011 10:42 PM
0 Kudos

Hi

Really strange, but no joy at all. Even going for the alternative 'Code Based Access' option described below, I continually get Error:

java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate

_Code Based Access to the SAP Keystore_

Creating/Inserting a New Certificate

1. Create a personalized key store view. Certificates and private key entries should be stored in this

view.

2. Using the Security tab of the key storage service web interface, assign the following list of

permissions to the codebase of the adapter in use:

4. Note that permissions that are view based only need to be set once per view and

codebase/domain combination, but entry based permissions need to be set for each entry in the

view to the codebase/domain!

5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection

Factory for the respective adapter. In the lower pane, select the Configuration Properties and

adjust the adapterUser to an empty String (delete the previously entered name). This disables the

user based access and enables code based access. Do not forget to Save your changes.

The following table lists the adapters and the corresponding codebases/domains:

SEEBURGER Adapter Configuration for SAP NW Process Integration 19

In case you experience errors which read as "Reauthentication failed" or "Error

construction implementation" you might need to restart the J2EE server

u2022 VIEW_ALIASES

u2022 GET_VIEW

u2022 LIST_VIEW

u2022 IS_VIEW_EXISTS

u2022 FIND_ALIAS

u2022 LIST_ENTRY

u2022 READ_ENTRY

u2022 IS_ENTRY_A_KEY

u2022 IS_ENTRY_EXISTS

u2022 CREATE_ENTRY_AT_VIEW (for pending keystores)

4. Note that permissions that are view based only need to be set once per view and

codebase/domain combination, but entry based permissions need to be set for each entry in the

view to the codebase/domain!

5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection

Factory for the respective adapter. In the lower pane, select the Configuration Properties and

adjust the adapterUser to an empty String (delete the previously entered name). This disables the

user based access and enables code based access. Do not forget to Save your changes.

vijayabaskaranj
Explorer
‎06-01-2011 11:32 PM
0 Kudos

Try assiging the following groups to the seeburgeras2 user in the assigned group tab in identity management

SAP_J2EE_ADMIN

Everyone

Authenticated users

thanks

VJ

Former Member
‎06-02-2011 6:47 PM
0 Kudos

Hi All

I've tried all of these things, but nothing is working.

Even using signing only (without encryption), the authentication cert is not being accessed.

I still get:

AUTHENTICATION_ERROR # Error while loading authentication certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate

I have successfully configured this scenario on a different installation of the same PI and Seeburger versions, and it works fine.

Whatever the problem is with this installation, It's beyond me.

Former Member
‎05-25-2011 12:30 AM
0 Kudos

Check if the security settings in the Sender Agreement contain the reference to the entry in KeyStore ({TRUSTED USERS}\<Views>\<certificate_name>). Please note that this entry is case sensitive.

Show replies
Show replies
Ask a Question