Hi Stefan,

thanks a lot for your answer and for your offer to send me the official documentation. I already have this documentation available.The certificate and Troubleshooting Guide for Seeburger AS2 adapter is awesome!!! It should be part of the official documentation.

I will keep you informed about the progress...

Thanks again!

Christian

Hi Stefan,

now I am getting the following error message:

Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # .

Do you have any idea how to fix it?

Thank you!

Regards

Christian

Hi Christian

There are threads on SCN that refers to that issue - here is a search on them SCN Search. You can check them out.

In general, most of them indicate an issue with the certificate chain of trust, which is also details in the following Wiki entry.

TroubleShootingContent_PKIX path building failed - End-User Experience Monitoring - SCN Wiki

Please check that you have also installed in NWA the corresponding intermediate/CA/root certificates related to the SSL cert - the service provider should have provided you those as well.

Rgds

Eng Swee

Message was edited by: Eng Swee Yeoh

Hi,

can you please provide some additional information, like screenshots of the channel settings and NWA-KeyStore ?

(to verify that the steps that were already mentioned earlier by

have been implemented properly.)

Kind Regards

Stefan

Hi Stefan,

I will create screenshots of the the channel settings.

I just activated signing and encryption and now I am getting the following error message:

Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm., SEEBURGER AS2: AS2 Adapter failure # java.lang.Exception: AS2 message composition failed: java.io.IOException: org.bouncycastle.cms.CMSException: key inappropriate for algorithm..

Regards

Christian

Hi Stefan,

I will start at the beginning. We received a link to a Verisign server. With this link (and a password) we were able to export/download 3 files:

1. a private key file

2. a public key file (DER encoded binary X.509 (.CER))

3. a managed intermediate CA (DER encoded binary X.509 (.CER), saved with .DER extension.

We also received the following information from our partner:

These files were attached to the information from our partner:

I imported all these files 6 files (3 downloads and 3 attachments) to the AS2 view.

This is the Keystore view:

This is my actual error message:

Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # .

Does this error message mean that they certificate can't be found (wrong path) or that the system can find the path but the certificates located in this paths can't be used?

Once again I checked the AS2 Certificate Handling Howto Guide from Seeburger. In some screenshots they used the praefix "USER\" instead of "TRUSTED\". In which case do I have to use the "USER\" praefix? I always used the following entry:

This is the corresponding view/entry:

Thank you very much in advance for your help!

Regards

Christian

Hi Christian

Just to share - for our case, we imported the SSL public key into TicketKeystore, and the intermediate and root certs into TrustedCAs.

Then in the receiver AS2 channel, we configured the SSL certificate as below:-

TRUSTED/TicketKeystore/<SSL_public_key>

This configuration worked for us.

Rgds

Eng Swee

Hi Eng Swee,

thanks a lot for your reply.

I tried it like you described it but I am still receiving the same error message:

Delivering the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target # .

What is meant with "target #"? For me it looks like anything is missing and the system uses "#" as substiute in the error message.

Best regards

Christian

Hi Eng,

we fixed all problems - it was due to wrong certificates.

Now I would like to set a fixed file name for the transmission. In the guide "SEEBURGER EDIINT AS2 Adapter for SAP NW Process Integration, Configuration Guide" I found on page 12 the information that 2 namespaces have to be used for using AS2 specific attributs.

Are you familiar with these settings? If possible could you please provide a screenshot?

It tried it like this but I am not sure if this works:

Thanks a lot!

Regards

Christian

Hi Christian

You can set the AS2 filename via dynamic configuration. You just need to populate a value for field "dtAS2FileName" of namespace "http://seeburger.com/xi/AS2".

You can do this either with in a mapping UDF or using the DynamicConfigurationBean. There are plenty of examples of both approaches on SCN for you to search.

Rgds

Eng Swee

Hi Eng,

thanks a lot for your answer! In SCN I found some hints and I set the configuration like this:

I have to send a file with a file adapter 1:1 (without any conversion/mapping) to the AS2 receiver. For a first connection test I should just send a file with the file name RAAB_TestIn to the partner. Later I should add a time stamp to the file name or use the original file name (as it is on the FTP server). I understood that I have to check the "Use dynamic attributes" checkbox if I want to add anything in the module chain.

Using the AttribMapper yesterday our partner reported that he can't see any file name. This sounds strange to me as I got the following entry in the audit protocol in the Runtime Workbench:

Some questions:

1. Do I have to check the box "File Name" (first screen shot) although I create an entry in the module chain? Or does this checkbox have another purpose?

2. Are all entries in the module chain OK from your professional point of view?

3. Does it matter which Payload Mode (first screen shot) is used?

4. What is the difference between the AttribMapper (AttribMapper - Assign AS2 Filename Dynamically - Process Integration - SCN Wiki) and the DynamicConfigurationBean?

Thank you very much!

Regards

Christian

Hi Christian,

1. I think I am on an older Seeburger release that yours. I only have the following. I think you should try keeping both "Use dynamic attributes" and "File Name" checked.

2. The entries are incorrect for the bean usage. Please change it to the following. You can refer to the link below for more details.

http://help.sap.com/saphelp_nwpi711/helpdata/en/45/da2239feb22e98e10000000a155369/frameset.htm

3. You can just keep it as Main Document.

4. AttribMapper is a module delivered by Seeburger whilst DynamicConfigurationBean is by SAP. There are overlaps between both on usage.

I'm not sure why your partner is not seeing the filename even though it is shown by the AttribMapper in the audit log. Personally, I've not tried using the AttribMapper for this case, but I've successfully done so via setting the DynamicConfiguration in a mapping UDF (we needed some dynamic values.)

Rgds

Eng Swee

Hi Eng,

thank you for your quick response!

I changed the configuration back to DynamicConfiguration:

I made a new test and received the following entries in the audit log:

From my point of view it looks pretty good. Now I have to wait for the response of the receiving partner (other time zone.. 😞 ).

Do you know if there is any log file where I can check 100% if the file was sent to the partner with the correct file name?

Thank you!

Regards

Christian

Hi Christian

Unfortunately, I'm not aware of any logs in PI or Seeburger Workbench that shows the filename. If you can capture the HTTP transmission, you might be able to see it there.

One indirect way is refer the MDN back to PI. Normally the filename is stated in the MDN sent back by the partner (but will also depend on what AS2 software they use.) In the MDN, normally the filename is stated. Here's an example below:

Rgds

Eng Swee

Hi Eng,

how did you confgure the MDN in the receiver channel? .

Actually I am using this configuration:

I am receiving a MDN but I don't have a second entry in payload like you show it in the screenshot.

Regards

Christian

Hi Christian

My MDN configuration is the same. The additional attachment in the MDN payload might be dependent on the behavior on the partner AS2 system. There is no extra configuration done on PI side for the MDN.

Rgds

Eng Swee

Hi Eng Swee,

the configuration you suggested worked great! The partner received the file name specified in the module chain. THANK YOU!!!

I used this one:

There is only one topic left; I should forward the original file name of the source file. I used the adapter specific message attribute "file name" in the sender file adapter:

This entry works well and the original file name is now contained in the message:

Do you know which entry is needed in the module chain to forward this file name?

Thank you!

Regards

Christian

Hi Christian

Good to hear of the progress.

To use the filename from sender dynamic configuration instead of hardcoded value, just change the parameter value for "value.0" from "RAABin.txt" to the following:-

@http://sap.com/xi/XI/System/File/FileName

You should then get something like below in the audit log (note that my example is the reverse direction, ie AS2 Filename to FTP Filename)

Rgds

Eng Swee

Hi Eng Swee,

I am getting the following in the audit log:

Is this OK?

My receiving partner was not able to find the message with the file names (this can have several reasons...). I just want to be sure that the file name is forwarded properly.

I am using the following module chain:

If I am using a static entry the receiving partner receives the file with the static file name:

It would be great to have any AS2 log file on my side which contains the file name which is sent to the partner.

Regards

Christian

Hi Christian

If you want to be able to see the actual filenames in the audit log, you can use this neat trick by

For this, you need to use a two step DynamicConfigurationBean instead of one, and use the write/read operations instead of the insert operation.

Your processing sequence would be like this:

1) Module name - AF_Modules/DynamicConfigurationBean, Module key - getFilename

2) Module name - AF_Modules/DynamicConfigurationBean, Module key - setAS2Filename

And the configuration parameters:    

1) getFilename parameters:

key.0           write http://sap.com/xi/XI/System/File FileName
value.0        module.filename

2) setAS2Filename parameters:

key.0           read http://seeburger.com/xi/AS2 dtAS2FileName
value.0        module.filename

This will write and read the filenames from the DynamicConfiguration fields and store them into the adapter framework module variable. Note that the value in "value.0" can be any arbitrary value but needs to have the prefix "module.", example "module.var1"

Using this approach, you would be able to see that actual value from the dynamic configuration header being stored into the module variable. An example below (note again that my scenario is in the reverse order, i.e. AS2 File Name --> FTP File Name)

Rgds

Eng Swee

Hi Eng Swee,

thanks a lot for all your help!!!

Regards

Christian