Bad Certificate on Outbound AS2

I had to install new certificates yesterday for out production RI server. Inbound AS2 transactions work perfectly fine, they come in I decrypt them and everything is processed. When I try to send something outbound to a customer I get the following in TN.

Task jhd45j005oied1l20000042s failed at Feb 14, 2011 11:10:11 AM attempting retry 2: Probable reason for failure - Delivery service for jhd45j005oied1l20000042s failed with a status of fail and status message of java.io.IOException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate

This is so confusing. In the RI IS certificates tab, I have all of the information filled out. In my Enterprise TN profile I have the new cert in place. For some reason just outbound gives me an error?

Please check this thread/resolution steps may be some configuration could be missing:

[url]http://advantage.webmethods.com/article/?id=1614327652[/url]

HTH,
RMG

This is already done. I have a RI server and an internal IS server. I put these certs on the RI server in the security - > certificates tab. Also in TN i have them on my enterprise profile.

If we try to send to the partner we get the bad certificate. So I linked our dev and prod environments over AS2. If I post from prod to the dev EDIINT url it works fine. This is confusing.

Issue is with external entity…Did you also check network/firewall layer also while outbound SSL handshake both ends (source,customer end) for troubleshoot?

I know this setup always a confusing/time consuming and at the end it turns out to be a simple root cause :slight_smile:

HTH,
RMG

Is certificates in your Internal Servers and RI servers different? Here it looks like certificate used by Outbound transaction could be different from what your client/target is expecting.
Since you have configured connection between Dev/Prod, you can increase log level in dev and do a transaction. It will write the certificate that your prod server is sending. You can then check with your partner to see if they are using that certificate or something else.

May be you can check above also and troubleshoot: