IBM Support

Troubleshooting Inbound AS2 Configuration: decryption-failed

Technical Blog Post


Abstract

Troubleshooting Inbound AS2 Configuration: decryption-failed

Body

One of the most common sources of an error in Inbound AS2, when a partner is sending data to you, is a mismatch in the Exchange certificate (which is used for decrypting the data being sent to you).

Assuming you saw something like this when you searched in Business Process > Monitor > Central Search for EDIINTParse processes with errors:

image



If you click on the equivalent of the 2 link (which might show 1, 2 or some other number), you will see a list of failed EDIINTParse workflow IDs. If you click on the one you are investigating, you will see the workflow, which is all of the steps that ran when EDIINTParse was executed.

Look down the list of steps for the step that says EDIINTPipelineParse, and look in the Advanced Status column.

If EDIINTPipelineParse looks like this:

image

Then your problem is with the Exchange Certificate.

Briefly, you sent your partner the certificate you define as your Exchange Certificate in your AS2 Organization. They used that certificate to encrypt data they send to you. More to the point, they should have, but there was a problem somehow. They might have used the certificate from your test system to send to your production system, or they might have mis-keyed the certificate somehow. You might have sent the wrong certificate, or selected the wrong certificate in your AS2 Organization, or you might not be using the AS2 Organization you thought you were.

Just go to your Trading Partner > AS2 screen, and view your AS2 relationship. You can use Greg's explanation here to review it:

Setting up AS2 (Part 3): The AS2 Relationship

Edit or view the AS2 Organization:

Setting up AS2, part 1 (The AS2 Organization)

Check the field for "Exchange Certificate". Make a note of the name you used, then go to Trading Partner > Digital Certificates > System Certificates, and find that certificate.

Check it out (instructions are in the link above), and send it to your partner. Ask them to verify they are using it, and then to send you another transaction.

Have any comments? I would love to read them.

As always, your Support department is available to help. Please open a PMR if we can help you in any way.

Thanks!

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11122009