on 05-24-2011 11:39 PM
Hi
Can anyone suggest a reason why I am getting this error regarding failed Decryption:
Error while parsing AS2 message: DECRYPTION_ERROR # Error while loading decryption certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate TRUSTED\STEVEB\XX.com.seeburger.ediint.edi.EDIMessageException: cannot decrypt message (certificate or private key missing)
I am pretty sure that the configuration is correct...
Configuration:
[View Creator Role|http://i1111.photobucket.com/albums/h469/SBentley2011/ViewCreatorRole.png]
[JCA Connection Factory |http://i1111.photobucket.com/albums/h469/SBentley2011/connectionFactory.png]
[Keystore View|http://i1111.photobucket.com/albums/h469/SBentley2011/keystore.png]
[PI7.1 Config|http://i1111.photobucket.com/albums/h469/SBentley2011/config.png]
BTW I am using PI7.1 ENH 1 and Seeburger 2.5.1
Thanks for looking.
Edited by: Andy Cliff on May 25, 2011 12:40 AM
AS2SEEBURGER user needs view admin role to access the keystore.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Once the steps of your screenshot "JCA Connection Factory" were performed, was a Java restart done? Also make sure that user SEEBURGERAS2 is not locked.
Regards,
Prateek Raj Srivastava
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Really strange, but no joy at all. Even going for the alternative 'Code Based Access' option described below, I continually get Error:
java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate
_Code Based Access to the SAP Keystore_
Creating/Inserting a New Certificate
1. Create a personalized key store view. Certificates and private key entries should be stored in this
view.
2. Using the Security tab of the key storage service web interface, assign the following list of
permissions to the codebase of the adapter in use:
4. Note that permissions that are view based only need to be set once per view and
codebase/domain combination, but entry based permissions need to be set for each entry in the
view to the codebase/domain!
5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
Factory for the respective adapter. In the lower pane, select the Configuration Properties and
adjust the adapterUser to an empty String (delete the previously entered name). This disables the
user based access and enables code based access. Do not forget to Save your changes.
The following table lists the adapters and the corresponding codebases/domains:
SEEBURGER Adapter Configuration for SAP NW Process Integration 19
In case you experience errors which read as "Reauthentication failed" or "Error
construction implementation" you might need to restart the J2EE server
u2022 VIEW_ALIASES
u2022 GET_VIEW
u2022 LIST_VIEW
u2022 IS_VIEW_EXISTS
u2022 FIND_ALIAS
u2022 LIST_ENTRY
u2022 READ_ENTRY
u2022 IS_ENTRY_A_KEY
u2022 IS_ENTRY_EXISTS
u2022 CREATE_ENTRY_AT_VIEW (for pending keystores)
4. Note that permissions that are view based only need to be set once per view and
codebase/domain combination, but entry based permissions need to be set for each entry in the
view to the codebase/domain!
5. Open the NetWeaver Administrator - Application Resources and select the JCA Connection
Factory for the respective adapter. In the lower pane, select the Configuration Properties and
adjust the adapterUser to an empty String (delete the previously entered name). This disables the
user based access and enables code based access. Do not forget to Save your changes.
Hi All
I've tried all of these things, but nothing is working.
Even using signing only (without encryption), the authentication cert is not being accessed.
I still get:
AUTHENTICATION_ERROR # Error while loading authentication certificate: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: java.security.PrivilegedActionException: com.seeburger.ksm.cryptoapi.exception.CryptoApiException: Could not retrieve certificate
I have successfully configured this scenario on a different installation of the same PI and Seeburger versions, and it works fine.
Whatever the problem is with this installation, It's beyond me.
Check if the security settings in the Sender Agreement contain the reference to the entry in KeyStore ({TRUSTED USERS}\<Views>\<certificate_name>). Please note that this entry is case sensitive.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.