problem with https INBOUND\OUTBOUND

Hi all,

I'm new with mendelson AS2, I'm using it to make some test with our DEV enviroment.

I configure the mendelson on my local pc, and I've done connection test succesfully with HTTP IN\OUT.
I configured the certificates in the stores (../etc/KEYSTORE and certificate.p12)
When I try to send something via AS2 HTTPS, I have some problem.

DIRECTION IN (for mendelson)
When our system try to send to my local I find this error in the logs :

Msg from Transport is: Error connecting to host 10.131.86.175 at port 8080. Invalid SSL message, peer seems to be talking plain!

DIRECTION OUT (for mendelson)

[5:58:04 PM] 1012872165.195.1369151886220.JavaMail.tibco@ensv1hik.eni.pri: MDN is the answer to AS2 message "mendelson_opensource_AS2-1369151883909-2@21x000000001118I_17X100A100R03017".
[5:58:04 PM] 1012872165.195.1369151886220.JavaMail.tibco@ensv1hik.eni.pri: MDN is signed.
[5:58:04 PM] 1012872165.195.1369151886220.JavaMail.tibco@ensv1hik.eni.pri: Using certificate "K_17x100a100r03017" to verify signature.
[5:58:04 PM] 1012872165.195.1369151886220.JavaMail.tibco@ensv1hik.eni.pri: Verification of digital signature failed Verification failed

Signature certificate information:
Serial number (dec):
Issuer: CN=QuoVadis EU Issuing Certification Authority,OU=Issuing Certification Authority,O=QuoVadis Limited\, Bermuda,C=NL

Verification certificate information:
Serial number (dec):
Issuer: CN=17X100A100R03017, OU=Supplier, O=EASEE-GAS, C=IT
[5:58:04 PM] Error verifying the senders digital signature: Verification failed

Signature certificate information:
Serial number (dec):
Issuer: CN=QuoVadis EU Issuing Certification Authority,OU=Issuing Certification Authority,O=QuoVadis Limited\, Bermuda,C=NL

Verification certificate information:
Serial number (dec):
Issuer: CN=17X100A100R03017, OU=Supplier, O=EASEE-GAS, C=IT.

Ithink I'm using correct certs because the same one is used to sign and encript for both entities.

Someone can help me?

Tnks in advance
Paolo

Forum
AS2

Comments

Permalink

Hi all,

I solved my problem in OUTBOUND (for mendelson) and now I'm able to send via AS2 https messages correctly.

The only problem now is that when I try to send messages from my DEV enviroment to the mendelson, I receive this error message:

Retrying sending Document to the Trading Partner via https://10.131.86.114:8080/as2/HttpReceiver. StatusCode from Transport is: 699. StatusMsg from Transport is: Error connecting to host 10.131.86.114 at port 8080 . Invalid SSL message, peer seems to be talking plain!

There is something wrong on my port config?
Is not 8080 the correct one for https?I think is the correct one,because I receive the MDN response message correctly when I send something.

Can anyone help me?

Profile picture for user service
Permalink

Paolo,

Its not the number of the port but you have to bind the SSL protocol to the port in the file etc/jetty.xml

Regards

Permalink

Hi "Service",
Tnks for the answer, now the connection https works, but I have a new problem... :(

I receive back this log, when I try to send messages from DEV Enviroment to Mendelson As2 :

Notification did not reach trading partner.Encrypted Signed EDIDocument could not be sent to the Trading Partner due to following reason:Error connecting to host 10.131.86.114 at port 8443 . Server certificate rejected by ChainVerifier

The IP adress is my localhost, and this is correct. The problem is in my Keystore, but I didn't understand where I have to put my CA.

I put my certs for https connection in KEYSTORE, and I put cert\keys in my certificates.p12, but I wrong something. I don't understand how I can take my CA to put in my certificates.p12, because all types of file I try to use in Portecle, it dosn't like them. Can someone try to explain me how and what I have to do?

Tnks in adavance :)
Paolo

Permalink

I serch on the forum if someone as the same error, but I don't find somithing similar,and I don't understand what is the issue.

I try to modify my local_policy.jar and US_export_policy.jar in C:\Program Files\Java\jre7\lib\security, but nothing is changed. If I put this two files into the mendelson JRE path (C:\mendelson_AS2\opensource\as2\jre\lib\security) the only thing that happens,is that mendelson tool does'n start, and I can see a Info popup, with no message.

Anyone can help me?

Tnk in advance,
Paolo

Permalink

I can't attach image... :(

The error is : Could not open CA cert C:\ProgramFiles(x86)\Java\Jre7\lib\security\cacert as a keystore.
Attempt where made....etcetc
Note that this may be because of an incorrect password

Permalink

The cerificates are installed in our dev enviroment and they works.

What I understand today, is that the certificate I put in the certificates.p12 file, are not correct, because they doesn't contain the keys.

The problem is when I try to load the counterparty cert in my keystore, because it has a password and when I fill "test" to load it, i receive an error like (attached image). I think if a solve this problem, I can use the correct keys to sign and cript my message, and then it will be ok! :)

Profile picture for user service
Permalink

Paolo,

looks as if you certificate has no serial number, how have you created it?

Regards

Permalink

Hi All,
I am new to Mendelson so please bear with me. I am using Mendelson 1.1 b51, I am able to successfully send messages via HTTP. Now I want to implement sending messages in HTTPS, so far from what I have read from articles and here on community I need to uncomment the SSL config in jetty.xml which I already did.
Now, what is the next step? do I need to also update my MDN url from what is set in jetty.xml?

I am following this guide http://www.mad-computer-scientist.com/blog/2010/02/08/setting-up-mendel… but it seems its outdated, where can I find the guides on how to implement HTTPS for Mendelson?

Regards,
Law