cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AS2 Sender channel micAlg validation failed with SHA-256

Go to solution
martin_stampfl3
Explorer

on ‎07-26-2016 8:23 AM

0 Kudos

Hi everybody,

we have a AS2 - PI - IDOC scenario where we have the problem of micAlg validation against AS2-channel (see attachment). The partner is sending with SHA-256 as configured in our communication AS2 channel. Do you have a idea why this problem occurs?

Thanks for your help

Regards Martin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Harish
Active Contributor
‎07-26-2016 8:35 AM
0 Kudos

Hi Martin,

As per the error, message is not encrypted and channel is configure with SHA 256. try to remove the encryption config and test.

also test the below thread

MIC-field in MDN missing :Sender AS2 adapter | SCN

regards,

Harish

Show replies
Show replies
martin_stampfl3
Explorer
‎07-26-2016 9:15 AM
0 Kudos

Hi Harish,

thanks a lot for your reply. That was also my first guess. I spoke with our partner and have verified that the micalg really is SHA-256:

When we configure our Sender AS2-Channel with SHA-1 and without any changes on partner side, the message was successfully sent.

Regards Martin

Answers (1)

Answers (1)

martin_stampfl3
Explorer
‎08-04-2016 9:01 AM
0 Kudos

Hi everybody,

unfortunately i didn't find any solution for this problem. We tried a lot of different configurations with our partner, but nothing worked. Do you still maybe have any suggestions.

Thanks already.

Regards Martin

Show replies
Show replies
Ryan-Crosby
Active Contributor
‎08-04-2016 1:28 PM
0 Kudos

Hi Martin,

We had a similar issue recently with one of our partners and it was occurring for a couple of reasons.  Our scenario was outbound instead of inbound but some of the information may help you out.

1. They asked us to switch to SHA-256 so we setup our configuration but then continued to sign using SHA-1.

2. We were requesting a synchronous MDN but they were sending it asynchronously.

I see you are using Mendelson and we used that to confirm locally that PO was working just fine and that was when we were able to identify the issues with what they were doing on their end.  If you are still having trouble I would recommend setting up a fake end to end scenario with Mendelson running on a desktop and you can validate with a second fake certificate.

Regards,

Ryan Crosby

Ask a Question