SML certificate update - validate or inform, that public key should be wrapped with -----BEGIN/END CERTIFICATE-----

[dladlk]

PrepareChangeCertificate certificate requires public key to be wrapped with

-----BEGIN CERTIFICATE-----
MIIC...
-----END CERTIFICATE-----

There are already multiple validations of posted information on SML certificate update page - but it does not warn about it or fix it, so it is unclear, why SML rejects requests.

At least an info line at "New public key*" could be expanded with such hint:

Paste the public part of your new certificate here (using PEM encoding). Do NOT paste your new private key here. Public part should start with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----"

As in other places, where certificates are uploaded or shown, it is omitted, it was confusing...

[phax]

@dladlk thanks for the issue. Do I understand you correctly: SML requires the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters around the certificate to work?

[dladlk]

Sorry for the late answer, Philip! I am your fan - all what you do for Peppol is really amazing :)

Yes, I spent several hours to realize this. At first started on your tool for SMP certificate change at https://peppol.helger.com/public/menuitem-tools-smp-sml - and pasted PEM without begin/end with http response error badRequestFault. Then upgraded my SMP 5.0.8 to your latest version - with same result. Then installed SoapUI project and tried to invoke web service directly - and at that point noticed, that in SML documentation at https://peppol.eu/wp-content/uploads/2018/06/PEPPOL_Certificates_Change_V1.2.pdf they have an example of certificate wrapped with begin/end:

Below you can see a snippet from your SMP audit file with example of failed and successful execution - nothing was changed in between except BEGIN/END (thank you for logging it so clear 👍 ):

  <item ldt="2020-12-30T12:02:43.497705" user="admin" type="modify" success="true">{"user":["update-last-login","admin"]}</item>
  <item ldt="2020-12-30T12:04:19.605370" user="admin" type="execute" success="false">{"smp-sml-update-cert":["https://acc.edelivery.tech.ec.europa.eu/edelivery-sml","MIIF0zCCA7ugAwIBAgIQMpBeMAxDfBBpH1rLOSVm1TANBgkqhkiG9w0BAQsFADB5\r\nMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQT3BlblBFUFBPTCBBSVNCTDEWMBQGA1UE\r\nCxMNRk9SIFRFU1QgT05MWTE3MDUGA1UEAxMuUEVQUE9MIFNFUlZJQ0UgTUVUQURB\r\nVEEgUFVCTElTSEVSIFRFU1QgQ0EgLSBHMjAeFw0yMDEyMjQwMDAwMDBaFw0yMjEy\r\nMTQyMzU5NTlaMFIxEjAQBgNVBAMMCVBESzAwMDI1MzEYMBYGA1UECwwPUEVQUE9M\r\nIFRFU1QgU01QMRUwEwYDVQQKDAxUcnVlTGluayBBL1MxCzAJBgNVBAYTAkRLMIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+6oh+zBOeNFznWwvUz6t+Ltg\r\n9qAdxOrEIljB23nuAHOIMU2My4O1Sc9mFPsKYcbDw6X2jAi1SHzpDu+QB7VxhXTa\r\n9JlbjtSZyqXUbvsoELZ+vEzkhL/am8FbEeS+WxR5Faor1d4Z+LOy9gObBnBbekDj\r\n+5v6xC25JbeZ3tua2FKfahJT/u9IbqDLm/ez61bRQ3wbOVHh5B71avMemhfjqNL0\r\nrBlezScedwynfhBBbS/CdW/mh4FhT+GLMkJZd2hfJ1uA6rFqNg+IJUQmGlTDfOrj\r\nIi7Ov+ObQU6AYsLhlN08tUhJVQX/SF1c/c3ufE6hvUDim9DTWJY1ExnQBzrgZQID\r\nAQABo4IBfDCCAXgwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwFgYDVR0l\r\nAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFM3p2l4Q9bkArpQZNymy8me68SzL\r\nMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9wa2ktY3JsLnN5bWF1dGguY29tL2Nh\r\nX2I2ZDBkYzFkYzMxNDc3MjNmZTM2Yjc1NzU5OTdhZmM0L0xhdGVzdENSTC5jcmww\r\nNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vcGtpLW9jc3Auc3lt\r\nYXV0aC5jb20wHwYDVR0jBBgwFoAUfB2ySPG62QoGyhZjqfB6T70jnXswLQYKYIZI\r\nAYb4RQEQAwQfMB0GE2CGSAGG+EUBEAECAwEBgajVgQoWBjk1NzYwODA5BgpghkgB\r\nhvhFARAFBCswKQIBABYkYUhSMGNITTZMeTl3YTJrdGNtRXVjM2x0WVhWMGFDNWpi\r\nMjA9MA0GCSqGSIb3DQEBCwUAA4ICAQBtN41db7VpotxVCRmiXLXIYx00zYzSDCWo\r\nmuXyrTvCAeAi6e3XP1YNNOSFm+6j7x8TwO3Owcgd/7P9TyRC62S5j1DpjIeC2UDZ\r\npILWzvKgyL7ZVlo/noLTyP6AxNKRqz3iC7U8tug+bnsVDrasxqOWxsUAm4MbBCKP\r\nv/KWodC0vLtuQpNSwv9jmogGFWRWNzbQYCAdKoNjTB//5N6Rmze8u6NQI8WYK+Pb\r\nTBlC0QvGIY8Ei02Rdcrh31UJdplvUb8HX91OaDc+UesAiR13bJX3vxS5fD1H6YCd\r\nI/WQRbZ50htJNxt/4RDJ/50H4i11cEuJBfjZ2QQQ7rGmM0/oUXScF5c1b2B9e5ig\r\nDC+nxySBO5eYkrbmYGh1DqNpqC50rVq7ib5aJtea7VLx1Ab864AkmOXiUQdu+I1Y\r\nKWxYYlKhi1dLFjgGhAv5bsgupZlWyTKXszSK+YPlxMbK66AdCdZ5kCNxyPGUFlTD\r\nJcCb/gOUv+TIRimG2WDfRxBZ+GgKumckNZbI6jvfztJxcJRLYNIWGa97Q8AOl3z0\r\nHR9K/MgFs0PxCpYe3/mwJ+EGWcVk1aR4NOKmfCjaOTAbhI6+JGucD6tDlyl1Nmqn\r\n8fGC6Nd7mvJ1Bu6KYyH85rrzg5tKvvFylGqrUt2pkTtmqG0N2FttDYhVGh/GD3kS\r\ncFkkGlCv4g==","2020-12-31","class com.sun.xml.ws.client.ClientTransportException","The server sent HTTP status code 400: Bad Request"]}</item>
  ...
  <item ldt="2020-12-30T12:56:14.590807" user="admin" type="modify" success="true">{"user":["update-last-login","admin"]}</item>
  <item ldt="2020-12-30T12:56:33.894104" user="admin" type="execute" success="true">{"smp-sml-update-cert":["https://acc.edelivery.tech.ec.europa.eu/edelivery-sml","-----BEGIN CERTIFICATE-----\r\nMIIF0zCCA7ugAwIBAgIQMpBeMAxDfBBpH1rLOSVm1TANBgkqhkiG9w0BAQsFADB5\r\nMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQT3BlblBFUFBPTCBBSVNCTDEWMBQGA1UE\r\nCxMNRk9SIFRFU1QgT05MWTE3MDUGA1UEAxMuUEVQUE9MIFNFUlZJQ0UgTUVUQURB\r\nVEEgUFVCTElTSEVSIFRFU1QgQ0EgLSBHMjAeFw0yMDEyMjQwMDAwMDBaFw0yMjEy\r\nMTQyMzU5NTlaMFIxEjAQBgNVBAMMCVBESzAwMDI1MzEYMBYGA1UECwwPUEVQUE9M\r\nIFRFU1QgU01QMRUwEwYDVQQKDAxUcnVlTGluayBBL1MxCzAJBgNVBAYTAkRLMIIB\r\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+6oh+zBOeNFznWwvUz6t+Ltg\r\n9qAdxOrEIljB23nuAHOIMU2My4O1Sc9mFPsKYcbDw6X2jAi1SHzpDu+QB7VxhXTa\r\n9JlbjtSZyqXUbvsoELZ+vEzkhL/am8FbEeS+WxR5Faor1d4Z+LOy9gObBnBbekDj\r\n+5v6xC25JbeZ3tua2FKfahJT/u9IbqDLm/ez61bRQ3wbOVHh5B71avMemhfjqNL0\r\nrBlezScedwynfhBBbS/CdW/mh4FhT+GLMkJZd2hfJ1uA6rFqNg+IJUQmGlTDfOrj\r\nIi7Ov+ObQU6AYsLhlN08tUhJVQX/SF1c/c3ufE6hvUDim9DTWJY1ExnQBzrgZQID\r\nAQABo4IBfDCCAXgwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwFgYDVR0l\r\nAQH/BAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFM3p2l4Q9bkArpQZNymy8me68SzL\r\nMF0GA1UdHwRWMFQwUqBQoE6GTGh0dHA6Ly9wa2ktY3JsLnN5bWF1dGguY29tL2Nh\r\nX2I2ZDBkYzFkYzMxNDc3MjNmZTM2Yjc1NzU5OTdhZmM0L0xhdGVzdENSTC5jcmww\r\nNwYIKwYBBQUHAQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vcGtpLW9jc3Auc3lt\r\nYXV0aC5jb20wHwYDVR0jBBgwFoAUfB2ySPG62QoGyhZjqfB6T70jnXswLQYKYIZI\r\nAYb4RQEQAwQfMB0GE2CGSAGG+EUBEAECAwEBgajVgQoWBjk1NzYwODA5BgpghkgB\r\nhvhFARAFBCswKQIBABYkYUhSMGNITTZMeTl3YTJrdGNtRXVjM2x0WVhWMGFDNWpi\r\nMjA9MA0GCSqGSIb3DQEBCwUAA4ICAQBtN41db7VpotxVCRmiXLXIYx00zYzSDCWo\r\nmuXyrTvCAeAi6e3XP1YNNOSFm+6j7x8TwO3Owcgd/7P9TyRC62S5j1DpjIeC2UDZ\r\npILWzvKgyL7ZVlo/noLTyP6AxNKRqz3iC7U8tug+bnsVDrasxqOWxsUAm4MbBCKP\r\nv/KWodC0vLtuQpNSwv9jmogGFWRWNzbQYCAdKoNjTB//5N6Rmze8u6NQI8WYK+Pb\r\nTBlC0QvGIY8Ei02Rdcrh31UJdplvUb8HX91OaDc+UesAiR13bJX3vxS5fD1H6YCd\r\nI/WQRbZ50htJNxt/4RDJ/50H4i11cEuJBfjZ2QQQ7rGmM0/oUXScF5c1b2B9e5ig\r\nDC+nxySBO5eYkrbmYGh1DqNpqC50rVq7ib5aJtea7VLx1Ab864AkmOXiUQdu+I1Y\r\nKWxYYlKhi1dLFjgGhAv5bsgupZlWyTKXszSK+YPlxMbK66AdCdZ5kCNxyPGUFlTD\r\nJcCb/gOUv+TIRimG2WDfRxBZ+GgKumckNZbI6jvfztJxcJRLYNIWGa97Q8AOl3z0\r\nHR9K/MgFs0PxCpYe3/mwJ+EGWcVk1aR4NOKmfCjaOTAbhI6+JGucD6tDlyl1Nmqn\r\n8fGC6Nd7mvJ1Bu6KYyH85rrzg5tKvvFylGqrUt2pkTtmqG0N2FttDYhVGh/GD3kS\r\ncFkkGlCv4g==\r\n-----END CERTIFICATE-----","2020-12-31"]}</item>

It was so sad to see that I could plan migration in 5mins this just being more attentive when look at the documentation of SML - but that is as usual :)

Anyway, if you could give a hint on SMP GUI or fix it on the fly (if not wrapped - wrap) before invoking webservice - other people (and me in 2 years from now) would not notice how close they were to troubles for multiple hours :)

[klaus-lue]

@dladlk Thank you very much for giving this advice. It helped me already with our certificate change.

[phax]

This was done in https://github.com/phax/phoss-smp/commit/a3193657bc1a296c961d37843bec93544fe101ec and will be part of the 5.4.0 release. Thanks!