Hi,
I’m using EDIINT to send the EDI to the Trading Partner.when i use DES encryption algorithm, everything seems to work fine.but the issue is, when i use TripleDES algorithm, there seems to be some problem.i dont see the encrypted payload in the ediintdata entry of the TN Analysis screen.
Is this something to do with any configuration or am i missing something?i’m stuck with this issue and would really appreciate if someone can chime in.
ramesh.
Hi,
One more thing is, i have generated the certificate using OPENSSL and used “genrsa -des3 -out <private>.pem 2048” command to generate the private key and converted it to .der format.is this something to look into?
ramesh.
Yemi,
As per your instructions, i tried to generate the keys.
1.genrsa -out testPrivate 2048
2.req -verbose -config openssl.cnf -new -x509 -sha1 -days 1095 -key testPrivate -out testCert
3.rsa -inform pem -in testPrivate -outform der -out testPrivate.der
4.rsa -inform pem -pubin -in testCert -outform der -out testCert.der
error during converting certificate(4th step)
unable to load Public Key
2100:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib
.c:644:Expecting: PUBLIC KEY
error in rsa
Can you tell me if i’m wrong somewhere.
Thanks
ramesh.
Yemi,
I tried using “x509 -in testCert -inform PEM -out testCert.der -outform DER” to convert certificate to DER format.
I’ll let you know once my testing is done.
ramesh.
Yemi,
The same problem repeats.if i use DES, it is working fine but when i change the encryption algorithm to TripleDES, it fails.i mean, the ediintdata entry in the TN Analysis screen shows only the header info but not the payload.when i use DES option, i can see the encrypted data under ediintdata.
i’m attaching the screenshot.
ramesh.
Yemi,
Even after using x509 command to convert the certificate to DER format, i cant see the encrypted data under the ediintdata entry.
“You should make this change and try your TN setup with TripleDES again”--------Can you tell me what changes are you pointing to?
ramesh.
Yemi,
As per your instructions, i tried to generate the keys.
1.genrsa -out testPrivate 2048
2.req -verbose -config openssl.cnf -new -x509 -sha1 -days 1095 -key testPrivate -out testCert
3.rsa -inform pem -in testPrivate -outform der -out testPrivate.der
4.rsa -inform pem -in testCert -outform der -out testCert.der(tried without -pubin option, but getting an expecting Private Key error)
I would really appreciate if you can tell me the command for converting certificate to der format without the -pubin option.
tried using x509 command, but that doesn’t solve the problem.
ramesh.
Yemi,
I used x509 command and was able to convert the certificate to der format, and changed the encryption algorithm to TripleDES in TN, which doesn’t solve the issue.
“And like I said, I don’t use the x509 because I was getting some weird error with it and TN. I just use the rsa to do the same thing.”------can you tell me the rsa command you have used to do the same thing, as i was getting some errors while trying to do the same thing i.e without the -pubin option.
ramesh.
Yemi,
The issue was nothing to do with generating the keys or certificates, but it was due to the security policy jars of the jvm.replaced them with the correct jars and it worked.
Thanks for your time.
ramesh.
Yemi,
We are using 1.4.2_08 from Sun with IS/TN 6.1 on Windows 2003.
ramesh.
Ramesh,
We are facing the exact same issue as you. Could you let us know where we can find the correct version of the jars for our jvm? We are using IS/TN 6.5_SP3 with JVM 1.5 and Red Hat Linux 4.
Thanks,
Vandana.
Hi Ramesh,
Going through the email looks like you have managed to configure the keys for EDIINT. We are trying to configure the security tab for a partner profile using the private key, but not able to. Could you guide us the steps involved in configuring the security tab. Our requirement is simple.
Encrypt/Decrypt EDI data over HTTP connection. Please be aware that we do not want HTTPS.
Fyi, EDIINT AS2 work fine with plain EDI data. Now would like to test with data encryption.
Your help is much appreciated.
Thanks & REgards
KN