Ariba HTTPS

vinod.ravi.20798 · May 2, 2003, 5:29pm

Sonam, Ariba does a certificate validity check. If the Issued To" field doesnt match your URL domain ie. your ip
address, the certificate generated is rejected by Ariba.

And the error page generated is not page cannot be displayed, it is "The XML page cannot be displayed "

Thanks

Guest · May 5, 2003, 5:38am

VR:

> Sonam, Ariba does a certificate validity check. If the Issued To"
> field doesnt match your URL domain ie. your ip
> address, the certificate generated is rejected by Ariba.

You’re right - I dug around a bit, and found this Ariba notice from March about migrating the remaining HTTP customers to HTTPS by June.

It looks like Ariba requires the Certificate Common Name (the “CN” portion in the WM certs web admin screen) to be the server DNS name. That’s how we have it here anyway.

Ariba seem to not accept IP addresses though, so I am not sure what you mean by “URL domain/IP address”.

Event ID: 172045 - Ariba Supplier Network Notice of Migration to HTTPS

Ariba strongly recommends certificates that support 128-bit encryption
(common encryption strengths are 40, 56 and 128 bits). The domain name
in the certificate must be identical to the name you enter in the
Configuration area of your Ariba SN account or the name contained in
your cXML profile response. You cannot provide IP addresses in the
Configuration area of your Ariba SN account. Certificate names are not
dependent on the Web server port, so multiple Web server instances on
different ports can use the same certificate. Multiple Web servers
cannot share a single certificate.

The immediate problem for Gerald though, seem to be an faulty WM IS settting.

> And the error page generated is not page cannot be displayed, it
> is "The XML page cannot be displayed "

I was going on the error Gerald reported, which was “page cannot be displayed”. I got a similar message in IE 6, for those 5 cases listed above.

Give Mozilla a go sometime - I sincerely think you’d find it the better debugging browser.

Guest · May 5, 2003, 4:35pm

Hi Sonam,
Ariba does accept URL’s for punchout and order submission. For example, the URL for Ariba users to punchout could be something like
[url=“http://https://100.100.100.100:5566/invoke/punchoutpackage.punchout:punchoutflow”]https://100.100.100.100:5566/invoke/punchoutpackage.punchout:punchoutflow[/url]
And if the Certificate is issued for the name of the server (in this case with the ip address 100.100.100.100), let us assume the name of the server is “universe”, then Ariba will reject the certificate saying that the certificate is issued to “universe” and not to the ip 100.100.100.100.

Hope this helps.
thanks

waser · May 22, 2003, 5:27pm

Hello there

I’m back with my https problem with Ariba…

I got a certificate from verisign
when i try to start the port 5050 i get the following error message:

Failed to start HTTPSListener@5050: Can’t parse PrivateKeyInfo

I think my certs a ok and the certificate config in WM also.

I believe i have a missunderstanding somewhere.

any help is very appreciated.

thanks

begebege · May 22, 2003, 5:38pm

Hi,

I do not think IS 4.6 accepts anything but PKCS1 compatible DER encoded RSA private keys.

bruno