Everything is setup correctly I believe. I have our certs defined in our profile and Walmart’s are there as well. I provided our cert to Walmart in DER format. The serial numbers match. We get the following error when we receive the EDIINT document:
In error log:
Just to confirm the setup is correct:
- We use their AS2 Name as a DUNS # in the profile
- Under delivery method we have primary HTTP chosen with their URL to send txns to
- Under Extended Fields, we put our internal URL to accept inbound txns from Walmart
- Security tab:
- Sign and Decrypt have our public, private and CA chain
- Encrypt and Verify have Walmart’s cert and chain which are the same file
Has anyone else seen this error?? What’s the cause??
I think I found the reason. We were using IBM’s JVM(installed separately) and apparently it doesnt like that JVM. Switched to the one that ships with webMethods, rebooted and it worked fine. Not sure if it was the new JVM or the reboot that solved the issue.
It was really a remarkable observation. Thanks for bringing it to light.
I am inclined to think it is the reboot that fixed the issue. We use IBM JVM and we havent run into this type of error.
I should have updated this issue earlier. Apparently the iBM JVM comes with some supplied security classes that conflict with the EDIINT security classes from WM… You need to remove these from the IBM JVM directory unless you are specifically invoking them for some other reason… thats why the decrpytion failed…
It doesnt occur with the webmethods supplied JVM since these classes arent present… Removal of 4 files(cant find the exact names now) fixed the issue… There is a FAQ in advantage thats related…
This is for 6.0.1 and for a different issue but removal of these classes solved the problem. I recreated it by putting the files back and restarting the server, and the problem came up again. Reboot without files and we’re good…
DG i cant speak to your implementation… we were on NT, using IBM JVM 1.3.0 and the EDIINT module… if you have a similar config and those files are present in your JVM’s lib directory, Id be interested in knowing how you avoided this error
Chances are you ran into a library packaging issue with the IBM VM. Most of the IMB 1.3.x and higher VMs ship with an implementation of the Java Crypto Extensions that typically require signed jars for JCE providers. Integration Servers up through 6.0.1 do not contain signed providers; however 6.1 now has signed providers (caveat–read the readme for any additional details on IBM VM usage).
One alternative for pre 6.1 Integration Servers is to slightly modify the VM installation to utilize the JCE interfaces and classes that come with the Integration Server. Typically this can be done by removing the jce.jar from jre/lib or jre/lib/ext.
This is related as well… This is probably why when we tried to use IBM JVM 1.3.1 the server wouldnt start…