Closed karelkryda closed 1 month ago
@karelkryda : Here is screenshot which mention Oxalis successfully passed all tests under eDELIVERY TEST SUITE including "TC2A.4: Invalid certificate handling" using Oxalis/Oxalis-AS4 version 6.5.0 with Audit ID: 1467:262
https://github.com/OxalisCommunity/oxalis/wiki/OpenPeppol-Testbed-and-Accreditation
Oxalis check "revoked" and "expired" certificate while sending and fail delivery with proper error message e.g. "Certificate is revoked" Please check whether you are bypassing certificate validation
Also please attach complete logs which you promised but Not shared.
Hi @aaron-kumar, I edited the original post and added the complete log. We didn't modify any configuration from our side, we just added a mandatory section for keystore.
oxalis.keystore {
# Relative to OXALIS_HOME
path = peppol-cert.p12
password = PASSWORD
key.alias = cert
key.password = PASSWORD
}
# The relative name of the directory holding plugin
#oxalis.path.plugin = oxalis-plugin
# Signals to Oxalis that we should look for plugin
oxalis.persister.receipt = plugin
# Where to store inbound files
oxalis.path.inbound = /var/peppol/IN
@aaron-kumar, any news?
Hi @karelkryda Did you finally pass the Testbed ? If so, what did you change in your configuration ?
Hi, I would like to report issue with Oxalis standalone component.
When sending a message to the Peppol network, the sender - in this case the Oxalis standalone component - should check the validity of the certificate and reject the message if the certificate is not valid. This behavior is tested in Peppol Testbed using the
TC2A.4: Invalid certificate handling
test. This test generates three test XML files, the second of which is signed with a revoked certificate. Oxalis should therefore refuse to send this file. Unfortunately, this expected behavior does not happen and Oxalis still performs delivery of this message. The Peppol test in this case ends in an error because sending this message is undesirable and against Peppol security practices.I am attaching here a log dump from the Oxalis standalone component. These are the logs from sending the message signed with a revoked certificate:
Thank you in advance for checking the situation.
Additional information:
Oxalis version:
6.5.0
AS4 plugin version:6.5.0