Certificate present but not found

Hi, I am trying to establish a communication link with partner and get following error
mendelson-opensource-AS4-170824162201-3802877@: [Inbound data processing] A problem occured during processing of inbound AS4 data (Module Processing , FailedAuthentication: EBMS:0101 [The certificate with the issuer "C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Certification Authority - L1K" and the serial "xxxxxx (dec), xxxxxx (hex)" is requested but does not exist in the system ([Security verification], signature verification)])
The certificate is imported in the Sign/Crypt store qith all the chain.
Any idea what it might be?

Forum
AS4

Comments

Permalink

I tried to install the new version on several machines but everywhere there is no way to open the Sign/Crypt store of certificates
Does it happen to you too?

The certificate is indicated in the key store as
Issuer: C=US,O=Entrust\, Inc.,OU=See www.entrust.net/legal-terms,OU=(c) 2012 Entrust\, Inc. - for authorized use only,CN=Entrust Certification Authority - L1K

and the verify procedure is looking for
Issuer: C=US, O="Entrust, Inc.", OU=See www.entrust.net/legal-terms, OU="(c) 2012 Entrust, Inc. - for authorized use only", CN=Entrust Certification Authority - L1K

I have already imported the certificate many times.
As you can see from the attached image, the serial number of the certificate it is looking for to verify the signature is the same as the certificate present in the keystore.
The certificate is also correct because the encryption uses the same certificate and works fine.

File attachments
Profile picture for user service
Permalink

lgrassi,

thats not the point. In AS4 there are 3 different ways for the message signer to signal to the receiver the certificate that should be used for the signature verification. This is the certificate issuer, the certificate subject or something called Subject Key Identifier (have forgotten what exactly this is, have to look it up if you are interested). Your partner has chosen to transmit the issuer. As this is not the one that is found in your underlaying keystore the system will not find the right certificate for the verification. Means either you dont have the right certificate or your partner has transmitted the wrong issuer in the signature that should be verified. The fingerprint or serial (what you looked for) is not relevant for the certificate selection on the receiver side if the signer sends the issuer - then its only the issuer. And this does not match.

Regards