search

OxalisCommunity / Oxalis-AS4

PEPPOL AS4 pMode plugin for Oxalis
32 stars 25 forks source link

AS4 Outbound- Unable to verify certificate of receiving access point #55

Closed rajeshwarmishra closed 4 years ago

rajeshwarmishra commented 4 years ago

My AS4 endpoint URL is configured and working fine as below with Oxalis version 4.1.0 and oxalis-as4-4.1.0-SNAPSHOT-dist (RC9)

AS4 Endpoint: https://*****/oxalis-war-4.1.0/as4

I have enrolled the new test suite here 'https://testbed.Peppol.eu/secure/suite/view' with our new endpoint URL 'https://******/oxalis-war-4.1.0/as4'

But I am getting below error message. Please see attached screenshot.

"Transaction (with instance identifier PSG000259-52-20200115T091306) to testing AP failed to be delivered. Error; Unable to verify certificate of receiving access point.."

PeppolAS4Error

What I do wrong? Can you please help me?

FrodeBjerkholt commented 4 years ago

I have just released RC11 that I used to perform a successful PEPPOL Test Bed earlier today - Can you try that one, please? Can you attach your oxalis.xml for your AP - That will make it easier for me to assist.

rajeshwarmishra commented 4 years ago

I have upgraded to RC11 but still, the same error is coming. “Transaction (with instance identifier PSG000259-71-20200117T092813) to testing AP failed to be delivered. Error; Unable to verify certificate of receiving access point..

Command:- -java -cp /home/ec2-user/apache-tomcat-9.0.30/.oxalis/oxalis-dist/oxalis-standalone-as4/:/home/ec2-user/apache-tomcat-9.0.30/.oxalis/oxalis-dist/as4/ no.difi.oxalis.server.Main -f resources/message.xml -u http://40.115.23.114:8080/domibus/services/msh?domain=static -s ceftestparty83gw -r cefsupportgw -protocol peppol-transport-as4-v2_0 -cert cert/ceftestparty83gw.crt

My oxalis.conf file:- oxalis.keystore {

Relative to OXALIS_HOME

 path=AS4-TestCertificate.p12
 password = "12345"
 key.alias = "te-01a480a8-f5cd-421f-a453-b462bc000631"
 key.password = "12345"

}

oxalis.truststore { path = peppol_trust_g2.jks password = "12345" }

lookup.locator.hostname =acc.edelivery.tech.ec.europa.eu/edelivery-sml/

brave.reporter = noop oxalis.statistics.service = noop oxalis.persister.payload = noop oxalis.persister.receipt = noop oxalis.http.pool.max_route = 10 security.validator.class = no.difi.vefa.peppol.security.util.EmptyCertificateValidator mode.conformance=test mode.conformance.security.validator.class="no.difi.vefa.peppol.security.util.EmptyCertificateValidator" oxalis.operation.mode=TEST

oxalis.as4.type=cef-connectivity

lookup.locator.class = no.difi.vefa.peppol.lookup.locator.BusdoxLocator oxalis.module.as4.common = { class = no.difi.oxalis.as4.common.As4CommonModule } oxalis.module.as4.inbound = { class = no.difi.oxalis.as4.inbound.As4InboundModule dependency = inbound.servlet } oxalis.module.as4.outbound = { class = no.difi.oxalis.as4.outbound.As4OutboundModule dependency = outbound.lookup } defaults.transport.as4_peppol_v2 = { profile: peppol-transport-as4-v2_0 sender: oxalis-as4 weight: 9001 } transport.as4_peppol_v1_to_v2_adapter = { profile: bdxr-transport-ebms3-as4-v1p0 sender: oxalis-as4 weight: 5000 } oxalis.path.inbound=/var/peppol/Inbound

message.xml file:-

message.xml.txt

There is no error in the tomcat log file.

When I test the outbound from testbed page received the attached error screenshot.

TestBed-Error-RC11

Please do needful.

FrodeBjerkholt commented 4 years ago

It seems to me that you mixing the CEF connectivity test and the PEPPOL Test Bed. These are two different things. When sending to the PEPPOL Test bed you should use something like this:

java -DOXALIS_HOME=/c/dev/peppoltest/.oxalis -classpath "standalone/;as4/" eu.sendregning.oxalis.Main -f payload.xml

For the "5 Oubound Testbed sends to testing AP" you can try the following oxalis.conf for your AP:

oxalis.keystore {
     # Relative to OXALIS_HOME
     path=peppol-g2-test-2018-05-28.jks
     password = changeit
     key.alias = ap
     key.password = changeit
}

oxalis.path.inbound = /var/peppol/IN

Are you sure HTTPS certificate meets the requirements in the PEPPOL-Testbed-and-Onboarding_v1p2.pdf

Your AP must implement HTTPS with certificate chains to Certificate Authorities (CAs) which are trusted by the
PEPPOL community. Your certificate must be trusted by both Microsoft and Oracle CAs. Self-signed certificates
are considered non-compliant and will not be accepted when onboarding as a PEPPOL service provider. To test
your SSL configuration, go to https://www.ssllabs.com/ssltest/. It must be a grade A or above. This will
eventually also be controlled by the OpenPEPPOL Operating Office.
rajeshwarmishra commented 4 years ago

Our HTTPS certificate meets the requirements in the PEPPOL guideline.

I have tried with below configuration Oubound Testbed sends to testing AP

oxalis.conf: oxalis.keystore {

Relative to OXALIS_HOME

 path=AS4-TestCertificate.p12
 password = "12345"
 key.alias = "te-01a480a8-f5cd-421f-a453-b462bc000631"
 key.password = "12345"

} oxalis.path.inbound = /var/peppol/IN

and also added the below command to tomcat run script and started the tomcat. java -DOXALIS_HOME=/home/ec2-user/apache-tomcat-9.0.30/.oxalis -classpath "/home/ec2-user/apache-tomcat-9.0.30/.oxalis/oxalis-dist/oxalis-standalone-as4/;/home/ec2-user/apache-tomcat-9.0.30/.oxalis/oxalis-dist/as4/" no.difi.oxalis.server.Main -f /resources/payload.xml

Endpoint url is working fine without any error. But still, testbed sends to testing AP is failing with same error: Transaction (with instance identifier PSG000259-74-20200117T134128) to testing AP failed to be delivered. Error; Unable to verify certificate of receiving access point..

FrodeBjerkholt commented 4 years ago

Sounds like the Test Bed do not accept the certificate of the AP. Maybe you should ask the PEPPOL support why? Which certificate is inside the AS4-TestCertificate.p12? It has to be a PEPPOL Test certificate and not the one received for CEF connectivity testing.

Do see anything in the logs of the receiving AP? You can add more logging by adding the following line to the oxalis.conf:

oxalis.logging.config=logback.xml

You can try with the following logback.xml:

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false">

    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>%d %p [%c] %m %n</pattern>
        </encoder>
    </appender>

    <logger name="org.apache.cxf" level="debug"/>

    <root level="info">
        <appender-ref ref="STDOUT"/>
    </root>

</configuration>
FrodeBjerkholt commented 4 years ago

I have just added a Docker image for Oxalis-AS4 4.1.0-RC11 if you want to try it out: https://hub.docker.com/r/digdir/oxalis-as4

FrodeBjerkholt commented 4 years ago

I have now updated the documentation with an OpenPEPPOL Test Bed tutorial - Please check it out.

rajeshwarmishra commented 4 years ago

Thanks for the support. Followed the new documentation with release 'Oxalis-AS4 4.1.0-RC12' and issue resolved.