on 04-09-2014 11:42 AM
Hello!
Could anyone please help me with a AS2 configuration over HTTPs? We would like to send data to our partner.
When I am activating HTTPs I am getting the following screen:
Can anyone tell me which certificate is expected in the field "server certificate (keystore)"? Where should this certificate be stored?
Does anyone know where to find a documentation for AS2 over HTTPs?
Thank you!
Regards
Christian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Stefan,
thanks a lot for your answer and for your offer to send me the official documentation. I already have this documentation available.The certificate and Troubleshooting Guide for Seeburger AS2 adapter is awesome!!! It should be part of the official documentation.
I will keep you informed about the progress...
Thanks again!
Christian
Hi Stefan,
now I am getting the following error message:
Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # .
Do you have any idea how to fix it?
Thank you!
Regards
Christian
Hi Christian
There are threads on SCN that refers to that issue - here is a search on them SCN Search. You can check them out.
In general, most of them indicate an issue with the certificate chain of trust, which is also details in the following Wiki entry.
TroubleShootingContent_PKIX path building failed - End-User Experience Monitoring - SCN Wiki
Please check that you have also installed in NWA the corresponding intermediate/CA/root certificates related to the SSL cert - the service provider should have provided you those as well.
Rgds
Eng Swee
Message was edited by: Eng Swee Yeoh
Hi Stefan,
I will create screenshots of the the channel settings.
I just activated signing and encryption and now I am getting the following error message:
Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm..
Regards
Christian
Hi Stefan,
I will start at the beginning. We received a link to a Verisign server. With this link (and a password) we were able to export/download 3 files:
1. a private key file
2. a public key file (DER encoded binary X.509 (.CER))
3. a managed intermediate CA (DER encoded binary X.509 (.CER), saved with .DER extension.
We also received the following information from our partner:
These files were attached to the information from our partner:
I imported all these files 6 files (3 downloads and 3 attachments) to the AS2 view.
This is the Keystore view:
This is my actual error message:
Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # .
Does this error message mean that they certificate can't be found (wrong path) or that the system can find the path but the certificates located in this paths can't be used?
Once again I checked the AS2 Certificate Handling Howto Guide from Seeburger. In some screenshots they used the praefix "USER\" instead of "TRUSTED\". In which case do I have to use the "USER\" praefix? I always used the following entry:
This is the corresponding view/entry:
Thank you very much in advance for your help!
Regards
Christian
Hi Christian
Just to share - for our case, we imported the SSL public key into TicketKeystore, and the intermediate and root certs into TrustedCAs.
Then in the receiver AS2 channel, we configured the SSL certificate as below:-
TRUSTED/TicketKeystore/<SSL_public_key>
This configuration worked for us.
Rgds
Eng Swee
Hi Eng Swee,
thanks a lot for your reply.
I tried it like you described it but I am still receiving the same error message:
Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # .
What is meant with "target #"? For me it looks like anything is missing and the system uses "#" as substiute in the error message.
Best regards
Christian
Hi Eng,
we fixed all problems - it was due to wrong certificates.
Now I would like to set a fixed file name for the transmission. In the guide "SEEBURGER EDIINT AS2 Adapter for SAP NW Process Integration, Configuration Guide" I found on page 12 the information that 2 namespaces have to be used for using AS2 specific attributs.
Are you familiar with these settings? If possible could you please provide a screenshot?
It tried it like this but I am not sure if this works:
Thanks a lot!
Regards
Christian
Hi Christian
You can set the AS2 filename via dynamic configuration. You just need to populate a value for field "dtAS2FileName" of namespace "http://seeburger.com/xi/AS2".
You can do this either with in a mapping UDF or using the DynamicConfigurationBean. There are plenty of examples of both approaches on SCN for you to search.
Rgds
Eng Swee
Hi Eng,
thanks a lot for your answer! In SCN I found some hints and I set the configuration like this:
I have to send a file with a file adapter 1:1 (without any conversion/mapping) to the AS2 receiver. For a first connection test I should just send a file with the file name RAAB_TestIn to the partner. Later I should add a time stamp to the file name or use the original file name (as it is on the FTP server). I understood that I have to check the "Use dynamic attributes" checkbox if I want to add anything in the module chain.
Using the AttribMapper yesterday our partner reported that he can't see any file name. This sounds strange to me as I got the following entry in the audit protocol in the Runtime Workbench:
Some questions:
1. Do I have to check the box "File Name" (first screen shot) although I create an entry in the module chain? Or does this checkbox have another purpose?
2. Are all entries in the module chain OK from your professional point of view?
3. Does it matter which Payload Mode (first screen shot) is used?
4. What is the difference between the AttribMapper (AttribMapper - Assign AS2 Filename Dynamically - Process Integration - SCN Wiki) and the DynamicConfigurationBean?
Thank you very much!
Regards
Christian
Hi Christian,
1. I think I am on an older Seeburger release that yours. I only have the following. I think you should try keeping both "Use dynamic attributes" and "File Name" checked.
2. The entries are incorrect for the bean usage. Please change it to the following. You can refer to the link below for more details.
http://help.sap.com/saphelp_nwpi711/helpdata/en/45/da2239feb22e98e10000000a155369/frameset.htm
3. You can just keep it as Main Document.
4. AttribMapper is a module delivered by Seeburger whilst DynamicConfigurationBean is by SAP. There are overlaps between both on usage.
I'm not sure why your partner is not seeing the filename even though it is shown by the AttribMapper in the audit log. Personally, I've not tried using the AttribMapper for this case, but I've successfully done so via setting the DynamicConfiguration in a mapping UDF (we needed some dynamic values.)
Rgds
Eng Swee
Hi Eng,
thank you for your quick response!
I changed the configuration back to DynamicConfiguration:
I made a new test and received the following entries in the audit log:
From my point of view it looks pretty good. Now I have to wait for the response of the receiving partner (other time zone.. 😞 ).
Do you know if there is any log file where I can check 100% if the file was sent to the partner with the correct file name?
Thank you!
Regards
Christian
Hi Christian
Unfortunately, I'm not aware of any logs in PI or Seeburger Workbench that shows the filename. If you can capture the HTTP transmission, you might be able to see it there.
One indirect way is refer the MDN back to PI. Normally the filename is stated in the MDN sent back by the partner (but will also depend on what AS2 software they use.) In the MDN, normally the filename is stated. Here's an example below:
Rgds
Eng Swee
Hi Eng Swee,
the configuration you suggested worked great! The partner received the file name specified in the module chain. THANK YOU!!!
I used this one:
There is only one topic left; I should forward the original file name of the source file. I used the adapter specific message attribute "file name" in the sender file adapter:
This entry works well and the original file name is now contained in the message:
Do you know which entry is needed in the module chain to forward this file name?
Thank you!
Regards
Christian
Hi Christian
Good to hear of the progress.
To use the filename from sender dynamic configuration instead of hardcoded value, just change the parameter value for "value.0" from "RAABin.txt" to the following:-
@http://sap.com/xi/XI/System/File/FileName
You should then get something like below in the audit log (note that my example is the reverse direction, ie AS2 Filename to FTP Filename)
Rgds
Eng Swee
Hi Eng Swee,
I am getting the following in the audit log:
Is this OK?
My receiving partner was not able to find the message with the file names (this can have several reasons...). I just want to be sure that the file name is forwarded properly.
I am using the following module chain:
If I am using a static entry the receiving partner receives the file with the static file name:
It would be great to have any AS2 log file on my side which contains the file name which is sent to the partner.
Regards
Christian
Hi Christian
If you want to be able to see the actual filenames in the audit log, you can use this neat trick by
For this, you need to use a two step DynamicConfigurationBean instead of one, and use the write/read operations instead of the insert operation.
Your processing sequence would be like this:
1) Module name - AF_Modules/DynamicConfigurationBean, Module key - getFilename
2) Module name - AF_Modules/DynamicConfigurationBean, Module key - setAS2Filename
And the configuration parameters:
1) getFilename parameters:
key.0 write http://sap.com/xi/XI/System/File FileName
value.0 module.filename
2) setAS2Filename parameters:
key.0 read http://seeburger.com/xi/AS2 dtAS2FileName
value.0 module.filename
This will write and read the filenames from the DynamicConfiguration fields and store them into the adapter framework module variable. Note that the value in "value.0" can be any arbitrary value but needs to have the prefix "module.", example "module.var1"
Using this approach, you would be able to see that actual value from the dynamic configuration header being stored into the module variable. An example below (note again that my scenario is in the reverse order, i.e. AS2 File Name --> FTP File Name)
Rgds
Eng Swee
Hi Eng Swee,
,
Currently i am working on Interface, flow is: External system(AS2) -->XI-->ECC(SFTP).
External system is sending the PDF file with Delivery no(Delivery no will vary file to file) as filename, same file need to place in ECC application directory. PI will just manage the file transfer(no ESR).
Can you please help me, how to place the same file name (Source filename) in target directory.
Thanks,
MP Reddy
Hi Christian
Yet another link for you! has a very thorough guide on dealing with AS2 related certificate issues.
There is a document you can download from the blog, please refer to page 15 for the configuration. Also, do note the caution on Page 15 that a newly imported SSL cert requires a J2EE engine restart.
We just implemented an AS2 connection over HTTPS following that and it works perfectly.
Rgds
Eng Swee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Christian,
you need to upload the SSL certificate in keystore. you can upload through NWA
Please check below discussion
https://scn.sap.com/thread/1540337
regards,
Harish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Harish,
thanks for your answer. At the moment I am getting the following error message:
Adapter Framework caught exception: Fatal
exception: javax.resource.ResourceException: SEEBURGER AS2:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target # , SEEBURGER AS2:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid
certification path to requested target #
Do you have any idea how to fix it?
Regards
Christian
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.