search

abhishek-ram / pyas2

This repo is no longer maintained and has been moved to https://github.com/abhishek-ram/django-pyas2
GNU General Public License v2.0
47 stars 23 forks source link

Certificate Problems - Question #7

Closed mreinigjr closed 9 years ago

mreinigjr commented 9 years ago

I am fairly new to the AS2 game, and your software has been the first I have been able to get up and running. However, I am having the below issues that I would very much appreciate your help with.

When testing with Mendelson's test server (Here is info regarding the test server: http://as2.mendelson-e-c.com/), I keep receiving the following openssl error:

Failed to send message, error is 140647279224640:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: CERTIFICATE

I have extracted the sender key and certificate provided by mendelson (key1.pfx) using:

certificate: openssl pkcs12 -in key1.pfx -nokeys -out cert.pem

key (used -des3 to maintain password on key): openssl pkcs12 -in key1.pfx -nocerts -out key.pem -nodes -des3

If I don't sign the AS2 test message, then the message is sent. However, no data is sent with message and the server outputs:

20150627 11:06:14 DEBUG    : Sender Mic content 
None
20150627 11:06:49 INFO     : Send message started with parameters: "['/usr/bin/python', '/home/django/django_pyas2/manage.py', 'sendas2message', u'mycompanyAS2', u'mendelsontestAS2', u'/tmp/test.txtqMpVir']"
System check identified some issues:

WARNINGS:
?: (1_6.W001) Some project unittests may not execute as expected.
HINT: Django 1.6 introduced a new default test runner. It looks like this project was generated using Django 1.5 or earlier. You should ensure your tests are all running & behaving as expected. See https://docs.djangoproject.com/en/dev/releases/1.6/#new-test-runner for more information.

This may be because the mendelson test server requires messages to be signed, but from the my server's output, it seems that the uploaded test file is not being retrieved when pyas2 is sending the message. Checking the tmp folder, I am able to see all of the files I have uploaded.

So right now I am able to send an unsigned encrypted message to Mendelson's test server, but with no data. Again, I am not able to send a signed message because of the certificate issues above.

I am using:

Thank you for any input you may be able to provide and thank you for the software. :)

abhishek-ram commented 9 years ago

Hi,

Let me explain a bit about signing messages, when we send signed messages we use our private key to sign it and the receiver will use our public key to verify the signature.

So in this when you are sending a message to Mendelson AS2 you will be deailing with your private and public keys.

I suggest that you use http://portecle.sourceforge.net/ to generate your key pair.

Once the key pair has been generated in portecle, just right-click and export first the "Head Certificate" which is your public key and then the "Private Key" as a PEM encoded key and enter the password.

Now create a private certificate in pyas2 and assign it to the organization, next add the public key to the certificate manager in Mendelson and then select this certificate in the assosiated partner profile.

Now you are ready to sign messages sent to Mendelson AS2.

mreinigjr commented 9 years ago

Hi,

Using Portecle solved the problem! I didn't realize that the private key needed to have both the key and cert in the .pem file. Thank you very much! I am now having a new issue with MDN and with the hash algorithm declaration to the partner. I will post 2 new issues.