Closed Florianisme closed 3 years ago
Hi Florian,
you need to provide the "Truststore" of Peppol to the phase4 client.
Assuming you are using the configuration via the file crypto.properties
that the following lines are present:
org.apache.wss4j.crypto.merlin.truststore.type=JKS
org.apache.wss4j.crypto.merlin.truststore.file=truststore/complete-truststore.jks
org.apache.wss4j.crypto.merlin.truststore.password=peppol
The file truststore/complete-truststore.jks
is inside the JARs and contains all the Peppol certificates.
hth
Hi Philip, thanks for your help! I already do that, these are all my certificates from my truststore:
Hold on, I think I just foud the mistake
So so so???
Ill need to check, will update you later :)
The mistake was that I completely forgot to add the truststore. I thought adding all of Peppol's certificates to the keystore was enough.. :) Thanks for your quick help!
Ah super. Glad you solved it :)
I am getting the following exception when trying to send a Peppol Message to another Access Point:
2020-11-05 15:04:43.311 WARN 4672 --- [nio-8081-exec-1] c.h.p.utils.PeppolCertificateChecker : Certificate is revoked sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:na] at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:na] at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na] at com.helger.peppol.utils.PeppolCertificateChecker.isCertificateRevoked(PeppolCertificateChecker.java:308) ~[peppol-commons-8.1.1.jar:8.1.1] at com.helger.peppol.utils.PeppolCertificateChecker._checkCertificate(PeppolCertificateChecker.java:428) ~[peppol-commons-8.1.1.jar:8.1.1] at com.helger.peppol.utils.PeppolCertificateChecker.checkPeppolAPCertificate(PeppolCertificateChecker.java:459) ~[peppol-commons-8.1.1.jar:8.1.1] at com.helger.phase4.peppol.Phase4PeppolSender._checkReceiverAPCert(Phase4PeppolSender.java:176) ~[phase4-peppol-client-0.10.0.jar:0.10.0] at com.helger.phase4.peppol.Phase4PeppolSender.access$100(Phase4PeppolSender.java:76) ~[phase4-peppol-client-0.10.0.jar:0.10.0] at com.helger.phase4.peppol.Phase4PeppolSender$AbstractPeppolUserMessageBuilder.finishFields(Phase4PeppolSender.java:479) ~[phase4-peppol-client-0.10.0.jar:0.10.0] at com.helger.phase4.peppol.Phase4PeppolSender$Builder.finishFields(Phase4PeppolSender.java:733) ~[phase4-peppol-client-0.10.0.jar:0.10.0] at com.helger.phase4.sender.AbstractAS4UserMessageBuilderMIMEPayload.sendMessage(AbstractAS4UserMessageBuilderMIMEPayload.java:131) ~[phase4-lib-0.10.0.jar:0.10.0] at de.itelligence.peppol.ap.outbound.OutboundMessageService.sendPeppolMessage(OutboundMessageService.java:57) ~[classes/:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:na] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na] at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
The SMP under which the other AP is registered has the correct Certificate setup in the Endpoint. But the peppol-client still says the other Certificate has been revoked. It is a completely new Production Certificate.
Surely there is some misconfiguration on my side. Are there any traps I could have ran into or something I did not notice?