Partner SelfSigned certificate

jessica_herron.10363 · January 29, 2004, 4:59am

I am using wm.EDIINT.processMsg and when a partner is sending a message with their self signed certificate it is giving an errorCode = 7 which indicates an “Untrusted Certificate”.

In the partner’s TN profile all I have in the Security tab for Encrypt and Verify tabs is the Lowes(partner) self signed certificate. This is the first partner to use a self signed certificate. We therefore do not have a CA Chain for this- I don’t know much about certificates and the partner told me there wasn’t a CA Chain… is this accurate? Or should we request some other piece of information.

We are in a testing phase for an EDIINT implementation and would like to resolve this ASAP. We are running IS 6.0.1 on HPUX.

Thank you, ALL help is appreciated!
Jessica

K_Menzies · January 29, 2004, 7:47am

The TN profile should have the self signed cert. in both the Certificate and CA Chain fields/boxes of the Verify (and Encrypt) tabs.
The cert. should also have been placed (prior) in the CA Certificate Directory of the IS server and the server restarted to read all certs that have been placed in this directory.

ddgnani · January 29, 2004, 8:22am

If it is a partner’s self signed certificate, this is what i would do

1)I would leave the CA chain field blank (unselected) in encrypt and verify tabs in TN Console. The fact the cert is self signed and no CA chain is there, it makes sense to leave this field blank.

2)I would place the self signed certificate in CATrusted directory of IS file system. This is the directory that is selected in Administrator/certificates webpage.

3)Bounce the server to bring this CATrusted folder/self signed cert in effect.

HTH

DG

jessica_herron.10363 · January 29, 2004, 8:34pm

Kevin,

If I place the self signed cert in the CA Chain field it says “The CA Chain you tried to import already exists as the Client Certificate” – Therefore I will leave the CA chain field blank-

HTH,

I will try placing the cert in the CATrusted directory and bouncing the server. For wm.EDIINT.rules:processMsg-- it looks like it pulls the CA Chain from the profile of partner… will this be affected if the CA Chain is blank and instead, the cert is in the trusted CA directory?

Any other suggestions?

Thank you both for your comments,
Jessica

ddgnani · January 29, 2004, 9:50pm

CA Chain will be pulled only if it signed by CA / intermediate CA’s.

DG

jessica_herron.10363 · January 29, 2004, 10:39pm

So if its not signed by an intermediary, it gets defaulted to those certificates that are located in the Trusted Certificates CA Certificates directory ?

Hope that works-- I have to wait till after hours to bounce the production IS- Thanks
Jessica

jessica_herron.10363 · February 1, 2004, 9:34am

It worked! thanks so much for your help!

Jessica