MDN not signed
878 views
Skip to first unread message
Jean-François
Jan 3, 2011, 11:38:21 AM1/3/11
to Hermes 2.0 Discussion List
Hi all,
We are implementing Hermes2 as AS2 Messaging Gateway and it's working
fine with our first partner.
We are now implementing a second connection, and everything seems ok
at Hermes2 level, but my counterparty tolds me that he received an
unsigned MDN.
If I look in my config, the Signed Receipt is set to "yes", so...
It seems my counterparty is receiving signed message ok, and that
everything is ok at message level. Only a problem of signed MDN.
Counterparty's product is Axway gateway Interchange.
Date: Jan 3, 2011 04:06:12 PM GMT
Backup filename: F:/Axway/Gateway_Interchange/common/........
Content length: 3981
Signed: False
Receipt content: Message received
Failure: The receiving system was unable to verify the message
signature: Unable to verify signature on signed content; Caused by:
Unable to verify the message signature
Thanks for your feedback
Jef
We are implementing Hermes2 as AS2 Messaging Gateway and it's working
fine with our first partner.
We are now implementing a second connection, and everything seems ok
at Hermes2 level, but my counterparty tolds me that he received an
unsigned MDN.
If I look in my config, the Signed Receipt is set to "yes", so...
It seems my counterparty is receiving signed message ok, and that
everything is ok at message level. Only a problem of signed MDN.
Counterparty's product is Axway gateway Interchange.
Date: Jan 3, 2011 04:06:12 PM GMT
Backup filename: F:/Axway/Gateway_Interchange/common/........
Content length: 3981
Signed: False
Receipt content: Message received
Failure: The receiving system was unable to verify the message
signature: Unable to verify signature on signed content; Caused by:
Unable to verify the message signature
Thanks for your feedback
Jef
Jean-François
Jan 5, 2011, 8:36:45 AM1/5/11
to Hermes 2.0 Discussion List
Correction: with our other partner, MDN is not signed either.
So this is my question: how can I sign my MDN?
The message itself is encrypted & signed ok, but not the MDN
Thanks
JF
So this is my question: how can I sign my MDN?
The message itself is encrypted & signed ok, but not the MDN
Thanks
JF
florent....@gmail.com
Jan 5, 2011, 9:56:08 AM1/5/11
to Hermes 2.0 Discussion List
In my knowledge and understanding of AS2, the MDN signature is
requested by the original message sender. In H2O, you have that option
"Signed Receipt" when you setup a partnership to send messages to a
partner. When set to YES, H2O adds headers in the message to ask the
partner to send a signed-MDN back to you.
When H2O is used as a receiver, I suppose that MDN are signed if
requested by the sender.
Do the messages you're receiving contains that headers? (something
like : disposition-notification-options: signed-receipt-
protocol=optional and disposition-notification-options: sha1)
requested by the original message sender. In H2O, you have that option
"Signed Receipt" when you setup a partnership to send messages to a
partner. When set to YES, H2O adds headers in the message to ask the
partner to send a signed-MDN back to you.
When H2O is used as a receiver, I suppose that MDN are signed if
requested by the sender.
Do the messages you're receiving contains that headers? (something
like : disposition-notification-options: signed-receipt-
protocol=optional and disposition-notification-options: sha1)
Jean-François
Jan 5, 2011, 10:10:01 AM1/5/11
to Hermes 2.0 Discussion List
Thanks for your feedback, Florent.
Yes, the as2 message sent by the counterparty contains this:
disposition-notification-to: ad...@company.com
disposition-notification-options: signed-receipt-protocol=optional
disposition-notification-options: pkcs7-signature; signed-receipt-
micalg=optional
disposition-notification-options: sha1
So when they send a message, it seems H2O is not signing the MDN, as
requested.
I configured a second partnership > mycounterparty-to-myself
What do I have to configure for encryption/verification certificates?
Do I need to copy the .cer of my counterparty in my <HERMES2 HOME>/
plugins/hk.hku.cecid.edi.as2/security directory?
Do I need to convert anything in PKCS12 (H2O cannot upload .p12
certificates, only .cer)? In the documentation, "keystore MUST be
PKCS12 format" ??
It's a little bit confused for me, sorry if my questions are too
trivial :-)
JF
On 5 jan, 15:56, "florent.paill...@gmail.com"
Yes, the as2 message sent by the counterparty contains this:
disposition-notification-to: ad...@company.com
disposition-notification-options: signed-receipt-protocol=optional
disposition-notification-options: pkcs7-signature; signed-receipt-
micalg=optional
disposition-notification-options: sha1
So when they send a message, it seems H2O is not signing the MDN, as
requested.
I configured a second partnership > mycounterparty-to-myself
What do I have to configure for encryption/verification certificates?
Do I need to copy the .cer of my counterparty in my <HERMES2 HOME>/
plugins/hk.hku.cecid.edi.as2/security directory?
Do I need to convert anything in PKCS12 (H2O cannot upload .p12
certificates, only .cer)? In the documentation, "keystore MUST be
PKCS12 format" ??
It's a little bit confused for me, sorry if my questions are too
trivial :-)
JF
On 5 jan, 15:56, "florent.paill...@gmail.com"
Jean-François
Jan 6, 2011, 3:48:06 AM1/6/11
to Hermes 2.0 Discussion List
Hi Keith,
I'm rather interested in your solution (Discussion about the errors
you encountered with signature), for I'm also trying to
establish a AS2 Connection between my H2O infrastructure and a Axway
Message Interchange.
It seems sending a signed/encrypted message is ok, but when they send
me a message, they are requesting a signed MDN and they say mine is
not signed.
I've read this thread and you talked about a CA certificate (with 2
attachments, I didn't quite follow :-)
My certificate is a kind of CA certificate. I first generated a
OpenSSL certificate and sent it for "validation" to an external CA.
They returned me a .cer and I converted this into a .p12, using the
OpenSSL commands I found in this Discussion Group.
Could you explain how you did configure your partnerships with this
Axway Counterparty?
Which certificates, uploaded in which partnership, etc?
If you need more info about my config, don't hesitate.
Thanks a lot for your time.
JF
I'm rather interested in your solution (Discussion about the errors
you encountered with signature), for I'm also trying to
establish a AS2 Connection between my H2O infrastructure and a Axway
Message Interchange.
It seems sending a signed/encrypted message is ok, but when they send
me a message, they are requesting a signed MDN and they say mine is
not signed.
I've read this thread and you talked about a CA certificate (with 2
attachments, I didn't quite follow :-)
My certificate is a kind of CA certificate. I first generated a
OpenSSL certificate and sent it for "validation" to an external CA.
They returned me a .cer and I converted this into a .p12, using the
OpenSSL commands I found in this Discussion Group.
Could you explain how you did configure your partnerships with this
Axway Counterparty?
Which certificates, uploaded in which partnership, etc?
If you need more info about my config, don't hesitate.
Thanks a lot for your time.
JF
Jean-François
Jan 6, 2011, 3:48:52 AM1/6/11
to Hermes 2.0 Discussion List
Hi JF,
wow .. that thread was quite old ^^
I haven't log on Discussion web board for long time.
I'm gladly to help but you should post questions into discussion group
so you may help others too.
Before starting our discussion, I would like to tell you that
I have no experience on AS2 protocol-based environment.
Since my customers use only ebMS v2 Protocol.
So I may not able to answer AS2-related stuff as good as you expected.
However, I think the main concept between ebMS and AS2 are not much
different.
Check this out first before setup you Hermes
http://community.cecid.hku.hk/index.php/product/article/reference_of_as2_partnership_configuration/#receipt-signed
OK ! Let's go back to your problems,
I read Wiki about MDN ,it is Message Disposition Notifications,
I think it is very same to Acknowledgment (ACK) message in ebMS
protocol.
So in your situation, Axway guy expected you to reply an "ACK" message
with signature,
after their message reached Hermes. But since you haven't set this up
in AS2 partnership,
so your hermes just send a "plain" ACK message without signature.
From referred URL above, I guess you may need edit partnership in
Request Receipt and Signed Receipt sections to "True"
This will tell Hermes to sign ACK message automatically before send
them out back
to Axway.
And for Private key that will be use to sign, Hermes will use Private
key that you
specified in configurations file (Sorry, I don't remember the file
name)
But I think you know where it is since you can sign message already.
Another suggestion for troubleshooting,
please look for file named "AS2.log" in Hermes installation directory.
At the most bottom line should tell you almost everything about errors
that occurred.
If it too hard to understand what error means, you can zip and attach
mail to me.
I will reply asap.
Good luck !
Keith
--- On Wed, 1/5/11, Jean-François <jf.va...@gmail.com> wrote:
wow .. that thread was quite old ^^
I haven't log on Discussion web board for long time.
I'm gladly to help but you should post questions into discussion group
so you may help others too.
Before starting our discussion, I would like to tell you that
I have no experience on AS2 protocol-based environment.
Since my customers use only ebMS v2 Protocol.
So I may not able to answer AS2-related stuff as good as you expected.
However, I think the main concept between ebMS and AS2 are not much
different.
Check this out first before setup you Hermes
http://community.cecid.hku.hk/index.php/product/article/reference_of_as2_partnership_configuration/#receipt-signed
OK ! Let's go back to your problems,
I read Wiki about MDN ,it is Message Disposition Notifications,
I think it is very same to Acknowledgment (ACK) message in ebMS
protocol.
So in your situation, Axway guy expected you to reply an "ACK" message
with signature,
after their message reached Hermes. But since you haven't set this up
in AS2 partnership,
so your hermes just send a "plain" ACK message without signature.
From referred URL above, I guess you may need edit partnership in
Request Receipt and Signed Receipt sections to "True"
This will tell Hermes to sign ACK message automatically before send
them out back
to Axway.
And for Private key that will be use to sign, Hermes will use Private
key that you
specified in configurations file (Sorry, I don't remember the file
name)
But I think you know where it is since you can sign message already.
Another suggestion for troubleshooting,
please look for file named "AS2.log" in Hermes installation directory.
At the most bottom line should tell you almost everything about errors
that occurred.
If it too hard to understand what error means, you can zip and attach
mail to me.
I will reply asap.
Good luck !
Keith
--- On Wed, 1/5/11, Jean-François <jf.va...@gmail.com> wrote:
Jean-François
Jan 6, 2011, 3:59:32 AM1/6/11
to Hermes 2.0 Discussion List
Hi Keith,
Here is the as2.log. As you can see, there are no errors:
2011-01-06 09:11:06 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] received>
2011-01-06 09:11:06 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being captured>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being processed>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is encrypted>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is signed>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is compressed>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being replied>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] requested synchronous
receipt>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] requested a signed receipt>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has shown preference on MIC
algorithm: signed-receipt-micalg=optional, sha1>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <MIC algorithm accepted:
sha1>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has an MIC:
wqq70vtyuoVbN6fzgEFoR8O99iw=>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 MDN
[20110106-0...@127.0.1.1, From: H2OCompanyMySelf, To:
AxwayCompany] is being captured>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <Dispatching AS2 Message
[5da3b20a-e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-
e968f93af14a, From: AxwayCompany, To: H2OCompanyMySelf] Content-type:
application/edi-consent Content-Transfer-Encoding: null>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has been processed
successfully>
My partnership is defined this way:
ID: AxwayCompany-to-H2OCompanyMySelf
**** Outbound ****
AS2From: H2OCompanyMySelf
AS2To: AxwayCompany
Recipient Address: Axway_URL
Hostname Verified in SSL? No
Request Receipt? Yes
Signed Receipt? Yes
Asynchronous Receipt? No
Receipt Return URL: My H2O_URL
Message Compression Required? yes
Message Signing Required? yes
Signing Algorithm sha1
Message Encryption Required? yes
Encryption Algorithm 3des
Certificate For Encryption Axway_Public_Certificate.cer
MIC Algorithm sha1
Maximum Retries 3
Retry Interval (ms) 60000
**** Inbound ****
Message Signature Enforced? yes
Message Encryption Enforced? no
Certificate For Verification Axway_Public_Certificate.cer
Thanks a lot for your time and explanations.
JF
--- On Wed, 1/5/11, Jean-François <jf.va...@gmail.com> wrote:
On 6 jan, 09:48, Jean-François <jf.vansn...@gmail.com> wrote:
> Hi JF,
>
> wow .. that thread was quite old ^^
> I haven't log on Discussion web board for long time.
> I'm gladly to help but you should post questions into discussion group
> so you may help others too.
>
> Before starting our discussion, I would like to tell you that
> I have no experience on AS2 protocol-based environment.
> Since my customers use only ebMS v2 Protocol.
> So I may not able to answer AS2-related stuff as good as you expected.
>
> However, I think the main concept between ebMS and AS2 are not much
> different.
> Check this out first before setup you Hermeshttp://community.cecid.hku.hk/index.php/product/article/reference_of_...
Here is the as2.log. As you can see, there are no errors:
2011-01-06 09:11:06 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] received>
2011-01-06 09:11:06 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being captured>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being processed>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is encrypted>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is signed>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is compressed>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] is being replied>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] requested synchronous
receipt>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] requested a signed receipt>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has shown preference on MIC
algorithm: signed-receipt-micalg=optional, sha1>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <MIC algorithm accepted:
sha1>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has an MIC:
wqq70vtyuoVbN6fzgEFoR8O99iw=>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <AS2 MDN
[20110106-0...@127.0.1.1, From: H2OCompanyMySelf, To:
AxwayCompany] is being captured>
2011-01-06 09:11:07 [-Processor18] <DEBUG> <Dispatching AS2 Message
[5da3b20a-e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-
e968f93af14a, From: AxwayCompany, To: H2OCompanyMySelf] Content-type:
application/edi-consent Content-Transfer-Encoding: null>
2011-01-06 09:11:07 [-Processor18] <INFO > <AS2 Message [5da3b20a-
e5f7-4fda-ab00-f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a,
From: AxwayCompany, To: H2OCompanyMySelf] has been processed
successfully>
My partnership is defined this way:
ID: AxwayCompany-to-H2OCompanyMySelf
**** Outbound ****
AS2From: H2OCompanyMySelf
AS2To: AxwayCompany
Recipient Address: Axway_URL
Hostname Verified in SSL? No
Request Receipt? Yes
Signed Receipt? Yes
Asynchronous Receipt? No
Receipt Return URL: My H2O_URL
Message Compression Required? yes
Message Signing Required? yes
Signing Algorithm sha1
Message Encryption Required? yes
Encryption Algorithm 3des
Certificate For Encryption Axway_Public_Certificate.cer
MIC Algorithm sha1
Maximum Retries 3
Retry Interval (ms) 60000
**** Inbound ****
Message Signature Enforced? yes
Message Encryption Enforced? no
Certificate For Verification Axway_Public_Certificate.cer
Thanks a lot for your time and explanations.
JF
--- On Wed, 1/5/11, Jean-François <jf.va...@gmail.com> wrote:
On 6 jan, 09:48, Jean-François <jf.vansn...@gmail.com> wrote:
> Hi JF,
>
> wow .. that thread was quite old ^^
> I haven't log on Discussion web board for long time.
> I'm gladly to help but you should post questions into discussion group
> so you may help others too.
>
> Before starting our discussion, I would like to tell you that
> I have no experience on AS2 protocol-based environment.
> Since my customers use only ebMS v2 Protocol.
> So I may not able to answer AS2-related stuff as good as you expected.
>
> However, I think the main concept between ebMS and AS2 are not much
> different.
Jean-François
Jan 6, 2011, 4:08:16 AM1/6/11
to Hermes 2.0 Discussion List
Additional info:
this is what I get in my Message History:
Message ID 5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a -
Message Box IN
AS2 From Axway_Company
AS2 To MySelfH2O
Is Receipt false
Is Receipt Requested true
Is Acknowledged Positive Acknowledgement
Timestamp 2011-01-06 09:11:06.0
Status Processed
If I look into the "positive acknowledgement":
Message ID 20110106-0...@127.0.1.1 -
Message Box OUT
AS2 From MySelfH2O
AS2 To Axway_Company
Is Receipt true
MIC Value wqq70vtyuoVbN6fzgEFoR8O99iw=, sha1
Original Message ID 5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a
Timestamp 2011-01-06 09:11:07.0
Status Processed
And if I open this message with a text editor:
Date: 6 Jan 2011 08:11:07 GMT
From: a...@127.0.1.1
Message-Id: <20110106-0...@127.0.1.1>
Subject: Message Disposition Notification
AS2-Version: 1.1
AS2-From: MySelfH2O
AS2-To: Axway_Company
Recipient-Address: unknown@unknown
Content-Type: multipart/signed; protocol="application/pkcs7-
signature"; micalg=md5;
boundary="----=_Part_126_10967702.1294301467218"
------=_Part_126_10967702.1294301467218
Content-Type: multipart/report; report-type=disposition-notification;
boundary="----=_Part_124_1030353.1294301467187"
------=_Part_124_1030353.1294301467187
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is not a guarantee that the message has been completely processed
or understood by the receiving translator
------=_Part_124_1030353.1294301467187
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Reporting-UA: Corvus AS2
Original-Recipient: rfc822; "Axway_Company"
Final-Recipient: rfc822; "Axway_Company"
Original-Message-ID: <5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-Content-MIC: wqq70vtyuoVbN6fzgEFoR8O99iw=, sha1
------=_Part_124_1030353.1294301467187--
------=_Part_126_10967702.1294301467218
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-
type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
All I can see is "signed data", "cryptographic signature"... so
according to me, my "Positive Acknowledgement" - my MDN, is signed...
Thanks again and again :-)
JF
> [20110106-091107-18...@127.0.1.1, From: H2OCompanyMySelf, To:
> ...
>
> plus de détails »
this is what I get in my Message History:
Message ID 5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a -
Message Box IN
AS2 From Axway_Company
AS2 To MySelfH2O
Is Receipt false
Is Receipt Requested true
Is Acknowledged Positive Acknowledgement
Timestamp 2011-01-06 09:11:06.0
Status Processed
If I look into the "positive acknowledgement":
Message ID 20110106-0...@127.0.1.1 -
Message Box OUT
AS2 From MySelfH2O
AS2 To Axway_Company
Is Receipt true
MIC Value wqq70vtyuoVbN6fzgEFoR8O99iw=, sha1
Original Message ID 5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a
Timestamp 2011-01-06 09:11:07.0
Status Processed
And if I open this message with a text editor:
Date: 6 Jan 2011 08:11:07 GMT
From: a...@127.0.1.1
Message-Id: <20110106-0...@127.0.1.1>
Subject: Message Disposition Notification
AS2-Version: 1.1
AS2-From: MySelfH2O
AS2-To: Axway_Company
Recipient-Address: unknown@unknown
Content-Type: multipart/signed; protocol="application/pkcs7-
signature"; micalg=md5;
boundary="----=_Part_126_10967702.1294301467218"
------=_Part_126_10967702.1294301467218
Content-Type: multipart/report; report-type=disposition-notification;
boundary="----=_Part_124_1030353.1294301467187"
------=_Part_124_1030353.1294301467187
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
This is not a guarantee that the message has been completely processed
or understood by the receiving translator
------=_Part_124_1030353.1294301467187
Content-Type: message/disposition-notification
Content-Transfer-Encoding: 7bit
Reporting-UA: Corvus AS2
Original-Recipient: rfc822; "Axway_Company"
Final-Recipient: rfc822; "Axway_Company"
Original-Message-ID: <5da3b20a-e5f7-4fda-ab00-
f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-Content-MIC: wqq70vtyuoVbN6fzgEFoR8O99iw=, sha1
------=_Part_124_1030353.1294301467187--
------=_Part_126_10967702.1294301467218
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-
type=signed-data
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
All I can see is "signed data", "cryptographic signature"... so
according to me, my "Positive Acknowledgement" - my MDN, is signed...
Thanks again and again :-)
JF
>
> plus de détails »
Jean-François
Jan 7, 2011, 9:54:30 AM1/7/11
to Hermes 2.0 Discussion List
Any ideas/suggestions, somebody?
Thanks in advance.
JF
On 6 jan, 10:08, Jean-François <jf.vansn...@gmail.com> wrote:
> Additional info:
>
> this is what I get in my Message History:
>
> Message ID 5da3b20a-e5f7-4fda-ab00-
> f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a -
> Message Box IN
> AS2 From Axway_Company
> AS2 To MySelfH2O
> Is Receipt false
> Is Receipt Requested true
> Is Acknowledged Positive Acknowledgement
> Timestamp 2011-01-06 09:11:06.0
> Status Processed
>
> If I look into the "positive acknowledgement":
>
> Message ID 20110106-091107-18...@127.0.1.1 -
> ...
>
> plus de détails »
Thanks in advance.
JF
On 6 jan, 10:08, Jean-François <jf.vansn...@gmail.com> wrote:
> Additional info:
>
> this is what I get in my Message History:
>
> Message ID 5da3b20a-e5f7-4fda-ab00-
> f6a672b5418f@9db8845d-2a67-49c5-8bd3-e968f93af14a -
> Message Box IN
> AS2 From Axway_Company
> AS2 To MySelfH2O
> Is Receipt false
> Is Receipt Requested true
> Is Acknowledged Positive Acknowledgement
> Timestamp 2011-01-06 09:11:06.0
> Status Processed
>
> If I look into the "positive acknowledgement":
>
>
> plus de détails »
Philip Wong
Jan 7, 2011, 9:17:21 PM1/7/11
to Hermes 2.0 Discussion List
Hi JF,
I really hope if I could help though I've not been working in CECID
for 5 months already.
So I only have very limited memory about AS2 message or any messaging.
I only know you need to turn on "Sign Receipt" in your partnership,
also upload the public cert. from your partner.
http://community.cecid.hku.hk/index.php/product/article/reference_of_as2_partnership_configuration/#receipt-signed
If you doubt any configuration problem in H2O, you have setup a
loopback test yourself with same setting. It's what we always did in
CECID.
Good luck!
Philip
> > Message-Id: <20110106-091107-18...@127.0.1.1>
> ...
>
> read more »
I really hope if I could help though I've not been working in CECID
for 5 months already.
So I only have very limited memory about AS2 message or any messaging.
I only know you need to turn on "Sign Receipt" in your partnership,
also upload the public cert. from your partner.
http://community.cecid.hku.hk/index.php/product/article/reference_of_as2_partnership_configuration/#receipt-signed
If you doubt any configuration problem in H2O, you have setup a
loopback test yourself with same setting. It's what we always did in
CECID.
Good luck!
Philip
>
> read more »
Jean-François
Jan 8, 2011, 6:55:17 AM1/8/11
to Hermes 2.0 Discussion List
Thanks Philip, but this is already done (see my post starting with
"additional info" - it's the content of the MDN I send, and it seems
signed - but my counterparty say it isn't).
I just wonder: do I need to set up a partnership "me" to "my_partner"
and a reverse partnership "my_partner" to "me"? If yes, what key do I
have to upload in the second partnership? My .cer ? My partner .cer
(the same as the ones uploaded in the first partnership)?
Another thing: do I need to restart H20 engine if I made partnership
modifications?
Thanks for your help.
Kind regards,
JF
On 8 jan, 03:17, Philip Wong <hoc...@gmail.com> wrote:
> Hi JF,
>
> I really hope if I could help though I've not been working in CECID
> for 5 months already.
> So I only have very limited memory about AS2 message or any messaging.
>
> I only know you need to turn on "Sign Receipt" in your partnership,
> also upload the public cert. from your partner.http://community.cecid.hku.hk/index.php/product/article/reference_of_...
> ...
>
> meer lezen »
"additional info" - it's the content of the MDN I send, and it seems
signed - but my counterparty say it isn't).
I just wonder: do I need to set up a partnership "me" to "my_partner"
and a reverse partnership "my_partner" to "me"? If yes, what key do I
have to upload in the second partnership? My .cer ? My partner .cer
(the same as the ones uploaded in the first partnership)?
Another thing: do I need to restart H20 engine if I made partnership
modifications?
Thanks for your help.
Kind regards,
JF
On 8 jan, 03:17, Philip Wong <hoc...@gmail.com> wrote:
> Hi JF,
>
> I really hope if I could help though I've not been working in CECID
> for 5 months already.
> So I only have very limited memory about AS2 message or any messaging.
>
> I only know you need to turn on "Sign Receipt" in your partnership,
>
> meer lezen »
Jean-François
Jan 11, 2011, 5:31:17 AM1/11/11
to Hermes 2.0 Discussion List
I just wonder: does the MIC algorithm play a role, if I'm signing
using sha1 or md5?
Everything is defined in the partnership profile with sha1, but if I
look into the content of the MDN, I do see:
AS2-From: Me
AS2-To: MyPartner
Recipient-Address: par...@mypartner.com
JF
On 8 jan, 12:55, Jean-François <jf.vansn...@gmail.com> wrote:
> Thanks Philip, but this is already done (see my post starting with
> "additional info" - it's the content of theMDNI send, and it seems
> > > > according to me, my "Positive Acknowledgement" - myMDN, is signed...
> ...
>
> plus de détails »
using sha1 or md5?
Everything is defined in the partnership profile with sha1, but if I
look into the content of the MDN, I do see:
AS2-From: Me
AS2-To: MyPartner
Recipient-Address: par...@mypartner.com
Content-Type: multipart/signed; protocol="application/pkcs7-
signature"; micalg=md5;
Where does this md5 come from? Is there a config file somewhere?
signature"; micalg=md5;
JF
On 8 jan, 12:55, Jean-François <jf.vansn...@gmail.com> wrote:
> Thanks Philip, but this is already done (see my post starting with
>
> plus de détails »
Jean-François
Jan 11, 2011, 10:09:10 AM1/11/11
to Hermes 2.0 Discussion List
I hope this post will help someone somewhere sometime, I've a feeling
of playing ping pong with myself :-))
The error is maybe due to the partner, but as I'm not sure, I'll test
a connection between 2 sites - one running H20 and the second one
running Clickware (I do control both).
My config is exactly the same for all counterparty:
I've only one partnership defined for each counterparty (only "ME to
COUNTERPARTY" - no "COUNTERPARTY to ME" partnership), sha1 is used for
encryption and signing, and I do mention my counterparty's certificate
in both "encryption" and "verification" part.
This is running perfect, both ways, signing & encrypting with our
major partner.
But I still have this "cannot verify MDN signature" problem with the
new counterparty.
If anybody find some time/idea/suggestion, it will always be helpful.
I'll post the results of my tests to close this topic, hopefully with
some success.
JF
On 11 jan, 11:31, Jean-François <jf.vansn...@gmail.com> wrote:
> I just wonder: does the MIC algorithm play a role, if I'm signing
> usingsha1or md5?
> Everything is defined in the partnership profile withsha1, but if I
> look into the content of theMDN, I do see:
>
> AS2-From: Me
> AS2-To: MyPartner
> Recipient-Address: part...@mypartner.com
> ...
>
> plus de détails »
of playing ping pong with myself :-))
The error is maybe due to the partner, but as I'm not sure, I'll test
a connection between 2 sites - one running H20 and the second one
running Clickware (I do control both).
My config is exactly the same for all counterparty:
I've only one partnership defined for each counterparty (only "ME to
COUNTERPARTY" - no "COUNTERPARTY to ME" partnership), sha1 is used for
encryption and signing, and I do mention my counterparty's certificate
in both "encryption" and "verification" part.
This is running perfect, both ways, signing & encrypting with our
major partner.
But I still have this "cannot verify MDN signature" problem with the
new counterparty.
If anybody find some time/idea/suggestion, it will always be helpful.
I'll post the results of my tests to close this topic, hopefully with
some success.
JF
On 11 jan, 11:31, Jean-François <jf.vansn...@gmail.com> wrote:
> I just wonder: does the MIC algorithm play a role, if I'm signing
> Everything is defined in the partnership profile withsha1, but if I
> look into the content of theMDN, I do see:
>
> AS2-From: Me
> AS2-To: MyPartner
> Recipient-Address: part...@mypartner.com
>
> plus de détails »
Jean-François
Jan 27, 2011, 8:27:45 AM1/27/11
to Hermes 2.0 Discussion List
Right... Everything comes to an end, even this post :-)
Just if this could help someone.
I established another connection with another partner and everything
is OK, both directions.
It seems the Axway Counterparty needs our root certificate (public key
is not enough, the need CA certificate also).
Even after sending them this certificate, it still doesn't work. It's
definitely a certificate problem, one issued by a CA Authority, and
most probably, the other one self signed or issued by another CA...
So we just decide to test with a self-signed certificate on my H2O
system... Hope this will work.
JF
> ...
>
> read more »
Just if this could help someone.
I established another connection with another partner and everything
is OK, both directions.
It seems the Axway Counterparty needs our root certificate (public key
is not enough, the need CA certificate also).
Even after sending them this certificate, it still doesn't work. It's
definitely a certificate problem, one issued by a CA Authority, and
most probably, the other one self signed or issued by another CA...
So we just decide to test with a self-signed certificate on my H2O
system... Hope this will work.
JF
>
> read more »
Reply all
Reply to author
Forward
0 new messages