IBM Support

Can't check in certificate for AS2 containing Extended Validation fields

Troubleshooting


Problem

Unable to check in certificate with Extended Validation fields for an AS2 partner in Sterling B2B Integrator

Symptom

Attempting to check in a certificate with Extended Validation fields into the Trusted certificate session throws the following error in the UI:

We tried to process this file as DER encoded object. DER decoding failed with java.security.cert.CertificateException: Error parsing DER data com.trustpoint.asn.AsnException: Cannot find a class that corresponds to Oid 1.3.6.1.4.1.311.60.2.1.1; please see oid.map for details.

Changing the format of the certificate results in the same error:

We tried PKCS7. PKCS7 decoding failed with java.security.cert.CertificateException: Error parsing PKCS7 SignedData com.trustpoint.asn.AsnException: Cannot find a class that corresponds to Oid 1.3.6.1.4.1.311.60.2.1.1; please see oid.map for details

Cause

Sterling B2B Integrator does not yet support Extended Validation. The fields in the certificate causing a problem for SI were as follows:

1.3.6.1.4.1.311.60.2.1.1 = Shanghai
1.3.6.1.4.1.311.60.2.1.2 = Shanghai
1.3.6.1.4.1.311.60.2.1.3 = CN

These OIDs refer to the “IncorporationLocality”. “IncorporationStateOrProvince”, and “IncorporationCountry” fields in the certificate.

Excerpts from EV Cert Guideline:

9.2.5 Subject Jurisdiction of Incorporation or Registration Field

Certificate fields:

Locality (if required):
subject: jurisdictionOfIncorporationLocalityName (OID: 1.3.6.1.4.1.311.60.2.1.1)
ASN.1 - X520 LocalityName as specified in RFC 5280

State or province (if required):
subject: jurisdictionOfIncorporationStateOrProvinceName (OID: 1.3.6.1.4.1.311.60.2.1.2)
ASN.1 - X520 StateOrProvinceName as specified in RFC 5280

Country:
subject: jurisdictionOfIncorporationCountryName (OID: 1.3.6.1.4.1.311.60.2.1.3)
ASN.1 – X520 countryName as specified in RFC 5280
Required/Optional: Required

Resolving The Problem

Once the partner recreated the certificate without extended validation fields, the certificate could be checked in without issue.

[{"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"5.1;5.2.4.1;5.2.4;5.2.3;5.2;5.2.1;5.2.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21649708