NIST Transport settings and HTTPS validation error

82 views
Skip to first unread message

joey...@gmail.com

unread,
Sep 7, 2016, 9:25:58 AM9/7/16
to Transport Testing Tool
After NIST went down last week, it looks like NIST began providing a URL of https://hit-2015.nist.gov:8098/iztool/ws/iisService in the Transport Settings of the Immunization Test Suite. I'm getting a certificate validation error when I try to hit that endpoint. In fact, when I pull up the certificate that's being served by this URL, the "Issued to:" value is hl7v2-iz-r1.5-testing.nist.gov. The previous endpoint that Transport Settings would display was http://hl7v2-iz-r1.5-testing.nist.gov/iztool/ws/iisService, so the "Issued to:" value makes sense. However, when I try and hit the old endpoint (http://hl7v2-iz-r1.5-testing.nist.gov/iztool/ws/iisService), I'm getting no response. I've started the listener before trying either endpoint.

Anyone else having these issues?

Thanks!

Andrew McCaffrey

unread,
Sep 7, 2016, 2:50:10 PM9/7/16
to transport-t...@googlegroups.com
Hi,

I think this was posted to the wrong group. This mailing list concerns
the NIST TTT. Please see the list of mailing lists here:
<http://healthcare.nist.gov/contacts.html>

Thanks,
-Andrew

joey...@gmail.com

unread,
Sep 7, 2016, 4:49:57 PM9/7/16
to Transport Testing Tool

Thanks Andrew!

anilja...@gmail.com

unread,
Oct 21, 2016, 8:41:37 AM10/21/16
to Transport Testing Tool, joey...@gmail.com
I am successfully able to pass H3 & H4 test case.
Now i am looking for discovery test cases and i tried with D1 and trying to send message from(en...@enkiworld.com) my system to "d...@domain1.dcdt30prod.sitenv.org" or "direct-a...@transport-testing.nist.gov" but i getting error "Key does not exists" into my program.

My .net code is : On last un-commented line i am getting error.

commonobj.error = "";
commonobj.warning = "";
Health.Direct.SmtpAgent.SmtpAgent m_agent = Health.Direct.SmtpAgent.SmtpAgentFactory.Create(@"C:\Program Files\Direct Project .NET Gateway\SmtpAgentConfig.xml");
setting = m_agent.Settings;
DirectAgent agent = setting.CreateAgent();
//agent.PreProcessOutgoing += OnPreProcessOutgoing;
//agent.Error += OnGeneralError;
//SubscribeToResolverEvents(agent.PublicCertResolver);
CDO.Message message = this.LoadMessage(string.Format(TestMessage, to, Guid.NewGuid()));
m_agent.ProcessMessage(message);
//agent.ProcessOutgoing(string.Format(TestMessage, to, Guid.NewGuid()));


And below error in getting in my gateway log.

2016-10-21 09:30:05.8309 [5] Debug Health.Direct.SmtpAgent.MessageArrivalEventHandler - SmtpAgentSettings(Incoming=CopyFolder=C:\inetpub\mailroot\Gateway\incoming EnableRelay=True, Outgoing=CopyFolder=C:\inetpub\mailroot\Gateway\outgoing EnableRelay=True)
2016-10-21 09:30:05.8309 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - Init_Begin
2016-10-21 09:30:05.8309 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitFolders_Begin
2016-10-21 09:30:05.8309 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitFolders_End
2016-10-21 09:30:05.8329 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitNotifications_Begin
2016-10-21 09:30:05.8329 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitNotifications_End
2016-10-21 09:30:05.8329 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitDomainsFromConfigService_Begin
2016-10-21 09:30:05.8329 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitDomainsFromConfigService_End
2016-10-21 09:30:05.8329 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitAgent_Begin
2016-10-21 09:30:05.9839 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - InitAgent_End
2016-10-21 09:30:05.9839 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - SubscribeToAgentEvents_Begin
2016-10-21 09:30:05.9839 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - SubscribeToAgentEvents_End
2016-10-21 09:30:05.9839 [5] Trace Health.Direct.SmtpAgent.SmtpAgent - Init_End
2016-10-21 09:30:08.8542 [5] Error Health.Direct.SmtpAgent.AgentDiagnostics - OUTGOING
RECIPIENTS=direct-clin...@transport-testing.nist.gov
OTHER RECIPIENTS=direct-clin...@transport-testing.nist.gov
System.Security.Cryptography.CryptographicException: Key does not exist.

at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
at Health.Direct.Common.Cryptography.SMIMECryptographer.CreateSignature(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.CreateSignatureEntity(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(MimeEntity entity, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(Message message, X509Certificate2Collection signingCertificates)
at Health.Direct.Agent.DirectAgent.SignAndEncryptMessage(OutgoingMessage message)
at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)
at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)

2016-10-21 09:30:08.8642 [5] Debug Health.Direct.SmtpAgent.SmtpAgent - Rejected Message
2016-10-21 09:30:08.8642 [5] Error Health.Direct.SmtpAgent.SmtpAgent - While processing message System.Security.Cryptography.CryptographicException: Key does not exist.

at System.Security.Cryptography.Pkcs.SignedCms.ComputeSignature(CmsSigner signer, Boolean silent)
at Health.Direct.Common.Cryptography.SMIMECryptographer.CreateSignature(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.CreateSignatureEntity(Byte[] content, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(MimeEntity entity, X509Certificate2Collection signingCertificates)
at Health.Direct.Common.Cryptography.SMIMECryptographer.Sign(Message message, X509Certificate2Collection signingCertificates)
at Health.Direct.Agent.DirectAgent.SignAndEncryptMessage(OutgoingMessage message)
at Health.Direct.Agent.DirectAgent.ProcessMessage(OutgoingMessage message)
at Health.Direct.Agent.DirectAgent.ProcessOutgoing(OutgoingMessage message)
at Health.Direct.SmtpAgent.SmtpAgent.ProcessOutgoing(ISmtpMessage message, MessageEnvelope envelope)
at Health.Direct.SmtpAgent.SmtpAgent.ProcessEnvelope(ISmtpMessage message, MessageEnvelope envelope)
at Health.Direct.SmtpAgent.SmtpAgent.ProcessMessage(ISmtpMessage message)

Thanks
Anil

ehl8...@gmail.com

unread,
Nov 10, 2017, 11:10:19 AM11/10/17
to Transport Testing Tool
Can you please assist in the steps required for 170.315(h)(1) Direct Project - Certificate Discovery Tool. We have been receiving the following error. Please provide your contact info we truly appreciate your help.

Thank you
John

Discovery testcase D2_DNS_DB_Valid (D2 - Valid domain-bound certificate discovery in DNS) failed.

BShur

unread,
Nov 10, 2017, 1:37:34 PM11/10/17
to Transport Testing Tool
You are posting to the wrong group - there is one for ETT (Edge Test Tool) listed on EET site you should be using for h.1: https://groups.google.com/d/forum/edge-test-tool

BShur

unread,
Nov 10, 2017, 1:46:13 PM11/10/17
to Transport Testing Tool
and, btw, the D2 test works just fine - if you properly do the discovery in DNS.

BShur

unread,
Nov 10, 2017, 1:58:17 PM11/10/17
to Transport Testing Tool

A tip for you - this domain returns 2 certificates, first one is expired, second is valid. The proper action is to evaluate all certs you have found and chose the valid one.

ehl8...@gmail.com

unread,
Nov 10, 2017, 2:06:07 PM11/10/17
to Transport Testing Tool
I will really appreciate if you can provide instruction on Direct Certificate Discovery. any information will be very much apprecaited
Reply all
Reply to author
Forward
0 new messages