I have an error when uploading certificate in TN partner. Here is the situation:
For Unit and Integration test, we simulate TN Partners (A supplier and our company), that means we launch reception of document by launching a test service with Developer. We are in 7.1.1 Release. And we create selfsign certificat with openssl on Windows 2003 Server 64bits. We use AS2 protocol.
First we create our Certificate Authority with this procedure : - openssl genrsa -out caPrivKey.pem 1024 - openssl req -new -key caPrivKey.pem -out caRequest.pem - openssl ca -keyfile caPrivKey.pem -out caCertificate.pem -selfsign -infiles caRequest.pem
Secondly, we’ll get private key and certificate for the server: - openssl genrsa -out testKey.pem 1024 - openssl req -new -key testKey.pem -out testKeyRq.pem - openssl ca -keyfile caPrivKey.pem -cert caCertificate.pem -out testKeyCert.pem -infiles testKeyRq.pem
Third, we transform .pem in .der format : - certificats : openssl x509 -in cert.pem -out cert.der -outform DER - Keys : openssl rsa -in userkey.pem -out userkey.der -outform DER
We tested the CA certificate by installing it in server side. That’s work.
On MWS, we create the test partner. On certificats tab, I do : 1 / put the CA certificate in “sign/verify” : Ok 2/ put the key in Encrypt/decrypt : Ok 3/ put the certificate in Encrypt/decrypt : KO, we raised the error
Entrust cannot verify the certificate chain: [ISC.0009.9002] Error in certificate chain
Tell me if you need some more information. We investigated but without success …
If you are self-signed, you need to tell the underlying IS for your TN instance to trust your CA key.
Put your caCertificate.der in your trusted certificates directory (location of the directory configurable via IS Administrator Security → Certificates.)
Thanks for the tips, I’ll will try it.
Nut a little question on this administrative screen : when I’ll upload the caCertificate.der, which Usage I have to put ? I think “Verify” but I’m not sure … I’m not very familiar with Certificats and AS2 protocol.
Actually I don’t use HTTPS connection but HTTP connection (in AS2 protocol). So in this case, open the Partner (example your Supplier) , go in “delivery settings” tab and “Add delivery Method”.
In my case I chose Primary HTTP and only filled “Host”, “Port” and “Location”.
For my “company partner”, it is the same thing
Just another note : for each “external ID” tab (Supplier and MyCompany) I put one “EDIINT AS2” ID type and one or more “user Defined 1” ID Type.
Anyway it’s working on my DEV and TEST Environment (Simulation of exchange and real exchange) but not in my SIMULATIOn Environement (It is why I opened this thread).
we resolved the problem.
We created Certificates and Keys as defined before with OpenSSL.
When defined security in Partner, we have to upload Key, CA and certificates on the same action and click the “Ok” button only at the end.
Before we upload Key, and click ok , CA certificat and click ok and also the certificate and click ok. It was not good. Just “upload” everything on the same time and after click OK.
(It is why I opened this thread).