AS2 Certificate Handling

AS2 Certificate Handling
- How To Guide -
SEEBURGER AG
Platform: PI
Release: 7.1x/7.3x
SEEBURGER AG

How To Guide
Inhalt
AS2 CERTIFICATE HANDLING
Creating a Keystore View
Importing certificates
Creating a new private key and certificate
Exporting a certificate
Granting Keystore View access to adapter users
CONFIGURATION ERRORS
11
General
11
Errors in the Runtime-Workbench

No encryption certificate
Could not retrieve certificate \USER\ABC\XYZ
No signature certificate
MDN requested, but appropriate report channel is missing
Unrecognized SSL message
No trusted certificate found
11
11
12
12
13
14
14
Errors in the SEEBURGER-Workbench

Decryption certificate missing
Decryption failed
Authentication error
Authentication certificate missing
Key invalid in message
MDN not signed
MDN not authenticated
16
16
16
17
17
18
19
19
APPENDIX
21
Further Information
21
Seite 2/21
19.03.2013
SEEBURGER AG

How To Guide
Icons
Symbol
Description
Caution
Warning
Note
Recommendation
Requirements
Information
Example
Code
Seite 3/21
19.03.2013
SEEBURGER AG

How To Guide

Note:
The following instructions do not replace the official SEEBURGER documentation. Please
follow the documents outlined in Further Information
Creating a Keystore View

All certificates and private keys for signed and encrypted communication have to be stored in the SAP
Key Storage. For this purpose a new Keystore View has to be created.
Go to http://<servername>:<port>/nwa and open the SAP Netweaver Administrator. From the start
page switch to Configuration Management > Security > Certificates and Keys.
In the Keystorage Content tab click Add View.
Fill in View Name and Description for the new view. Click Create.
The result should look like this.

Seite 4/21
19.03.2013
SEEBURGER AG

How To Guide
Importing certificates
To be able to verify signed messages from trading partners their certificates have to be imported in the
new Keystore View.
To import a certificate from a trading partner click the Import Entry button in the Key Store View
Details pane.
Choose X.509 Certificate, select the certificate file from the file system and click Import.
Note:
The name of the imported certificate can be changed using the Rename button.
Creating a new private key and certificate

Select the Keystore View and click Create in the Key Storage View Details pane.
Fill in an Entry Name and check Store Certificate to create a certificate (otherwise only a private key
will be created). Click Next.
Seite 5/21
19.03.2013
SEEBURGER AG

How To Guide
Fill in the Subject Properties. If required, properties can be added or removed by clicking the Add or
Remove button. Skip Step 3 and 4 by clicking the Finish button.
Seite 6/21
19.03.2013
SEEBURGER AG

How To Guide
The result should look like this.
Exporting a certificate
Export own certificates to provide them to trading partners by selecting the certificate which shall be
exported and clicking the Export Entry button.
Select the preferred export format and click the Download link.
Seite 7/21
19.03.2013
SEEBURGER AG

How To Guide
Granting Keystore View access to adapter users

To be able to use the certificates and keys stored in the Keystore View within the SEEBURGER
communications adapters, the adapter users need access to the view.
Go to Configuration Management > Security > Identity Management.
Search for see* to get a list of adapter users.

Note:
The adapter users must be created before.
Seite 8/21
19.03.2013
SEEBURGER AG

How To Guide
Select the user seeas2 and switch to the Assigned Roles tab in the Details of User pane. Click
Modify.
Search for the Role view-creator*. Select the role of the Keystore view and Add it to the user. Save
the changes.
Seite 9/21
19.03.2013
SEEBURGER AG

How To Guide
Seite 10/21
19.03.2013
SEEBURGER AG

How To Guide
Configuration Errors
General
Note:
The following errors were provoked by an AS2 adapter but can be devolved to every other
SEEBURGER adapter using encryption and signing.
Errors in the Runtime-Workbench

No encryption certificate
Error:
Solution:
Check your Receiver Agreement
Seite 11/21
19.03.2013
SEEBURGER AG

How To Guide
Could not retrieve certificate \USER\ABC\XYZ

Error:
Solution:
Check the adapter user in the Identity Management of the Netweaver Administrator (NWA). There has
to be an assigned role to the Keystore view which contains the certificates and private keys.
No signature certificate
Error:
Solution:
Check your Receiver Agreement
Seite 12/21
19.03.2013
SEEBURGER AG

How To Guide
MDN requested, but appropriate report channel is missing

Error:
Solution:
Check if a Report channel and the corresponding Sender Agreement are configured.
Seite 13/21
19.03.2013
SEEBURGER AG

How To Guide
Unrecognized SSL message

Error:
Solution:
No trusted certificate found

Error:
Solution:
Check your SSL configuration in the communication channel
Seite 14/21
19.03.2013
SEEBURGER AG

How To Guide
and make sure the SSL certificate is in the Key Storage and valid.
Caution:
If a SSL certificate is newly imported a restart of the J2EE Engine is required in order that the
changes take effect.
Seite 15/21
19.03.2013
SEEBURGER AG

How To Guide
Errors in the SEEBURGER-Workbench

Decryption certificate missing
Error:
Solution:
Check the Decryption Key in your Sender Agreement.
Decryption failed
Error:
Solution:
Check the Decryption Key in your Sender Agreement.
Seite 16/21
19.03.2013
SEEBURGER AG

How To Guide
Authentication error
Error:
Solution:
Check the Authentication Certificate in your Sender Agreement.
Authentication certificate missing

Error:
Seite 17/21
19.03.2013
SEEBURGER AG

How To Guide
Solution:
Check the Authentication Certificate in your Sender Agreement.
Also check if the system property mail.mime.multipart.bmparse is set to false.

Go to SEEBURGER Workbench > System Status > Important Server Properties
Caution:
If not OK, apply SAP Note 1287778.
Key invalid in message

Error:
Seite 18/21
19.03.2013
SEEBURGER AG

How To Guide
Solution:
Check if the Unlimited Strength Policy files are installed on all server nodes.
Caution:
If not OK, see SeeMasterInstallationGuide.pdf chapter 4 Note on Cryptography and
SAP Note 989517.
MDN not signed

Error:
Solution:
Check the Signing Key in your Sender Agreement.
MDN not authenticated

Error:
Solution:
Check the Authentication Certificate in your Sender Agreement for the Report channel.
Seite 19/21
19.03.2013
SEEBURGER AG

How To Guide
Seite 20/21
19.03.2013
SEEBURGER AG

How To Guide
Appendix
Further Information
Information:
For further information refer to the SEEBURGER Master Configuration Guide and the Adapter
manuals coming with the solution release.
Seite 21/21
19.03.2013

AS2 Certificate Handling - How To

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

AS2 Certificate Handling - How To

Загружено:

Авторское право:

Доступные форматы