IBM Support

AS2: Which certificates are causing the issue?

Technical Blog Post


Abstract

AS2: Which certificates are causing the issue?

Body

When setting up AS2 communications you are automatically dealing with multiple certificates.  If you throw SSL into the mix you possibly just doubled the number of certificates.  So, when you do encounter an issue, or error, which certificate do you need to look at?    

A quick guide to get your debugging started.

NOTE: all of the following errors are not necessarily caused by a bad or mismatched certificate. Once certificates are verified your debugging can evolve into the AS2 configuration (Payload Type, Signing Algorithm, etc)

 

__________________________________________________________________________________________________________________________

'Handshake' errors

This is an issue with the SSL certificates.

Errors typically seen in the perimeter.log, httpclient.log, http.log and in the business process details of a workflow.

If caused by a certificate, you need to look at the following places.

There are 2 types of ssl authentication; 1 way ssl (Server authentication), and 2 way ssl (Client authentication)

1-way authentication requires only the HTTP Servers certificate, 2 way authentication requires the HTTP Server and Client certificates.

For outbound errors:

The Partner AS2 configuration screen:

 

For Inbound errors:

The HTTP Server adapter configuration:

image

__________________________________________________________________________________________________________________________

"Authentication-failed" 

"verification failed: Expected signer info not found".

Errors typically seen in the ediint.log, pipeline.log and in the business process details of a workflow.

This is a mismatch between the private certificate used to sign the message and the public certificate used to verify that signature.

If caused by a certificate, you need to look at the following places.

The Partner AS2 configuration screen:

image

 

The Organization AS2 configuration screen:

image

__________________________________________________________________________________________________________________________

"decryption-failed" errors.

Errors typically seen in the ediint.log, pipeline.log and in the business process details of a workflow.

This is a mismatch between the public certificate used to encrypt the message and the private certificate used to decrypt the message.

If caused by a certificate, you need to look at the following place.

The Partner AS2 configuration screen:

image

The Organization AS2 configuration screen:

image

 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11121091

Page Feedback