We have installed AS2 for HTTPs port and its working fine for Outbound. Now when our client/partner send us a file, they got SSL handshake error stated below.
Client is using self signed certificate and we have tried the following thing as well in start_openas2.bat for support but still getting error.
set EXTRA_PARMS=%EXTRA_PARMS% -Djavax.net.ssl.trustStore=client.truststore
set EXTRA_PARMS=%EXTRA_PARMS% -Djavax.net.ssl.trustStorePassword=testas2
set EXTRA_PARMS=%EXTRA_PARMS% -Dorg.openas2.cert.TrustSelfSignedCN=ClientCertCN
Any recommendations?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If your partner is using a self signed certificate for SSL it is pretty pointless - it provides no extra security for a half decent hacker.
However, the certificat eyour partner uses for SSL is only relevant when you make the connection to your partner (ie wqhen you send a file or send and ASYNCHRONOUS MDN.
If your partner does have a self signed SSL certificate then you will only connect if you set the parm as you indicated:
set EXTRA_PARMS=%EXTRA_PARMS% -Dorg.openas2.cert.TrustSelfSignedCN=ClientCertCN
Since you are using a genuine trsuted certificate authority for your certificate and your partner is getting the error trying to send you a file, it is your certificate that is at issue. Llook at section "SSL Certificate Exceptions" in the OpenAS2HowTo.pdf for guidance with your error - most likely your trusted certificate chain is not in your default Java keystore.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Our certificate is SSL and its working fine for Outbound. But when our partner send us a file it got SSL handshake error. Partner is using self signed certificate and what do they need to add at ?
EXTRA_PARMS=%EXTRA_PARMS% -Dorg.openas2.cert.TrustSelfSignedCN=OurCN
OR
EXTRA_PARMS=%EXTRA_PARMS% -Dorg.openas2.cert.TrustSelfSignedCN=ClientCertCN
is this will be our CN or partner's own self signed certificate CN?
And apart of that, what else is require to be done at:
1- Our side
2- Partner side
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I say again, for outbound (ie sending files), your certificate is irrelevant.
You should read up on how HTTPS sets up the connection and you will be less confused.
In a normal website access to a webpage using HTTPS, you DO NOT HAVE the websites SSL certificate - it is using the websites certiciate.
The way the AS2 protocol works (not just OpenAS2), the sender makes an HTTP request to the remote partner that sends a mime wrapped file and the other end sends a response saying whether they received and successfully extracted the file or not. So in this scenarion, the AS2 SENDER is the browser and the remote partner is the website.
So - your SSL certificate for HTTPS is irrelevant when sending files just the same as you do not need the websites SSL certifcate when you make the request to the website.
Since your partner is sending you files and they are getting the error, the problem is as stated in section "SSL Certificate Exceptions" in the OpenAS2HowTo.pdf for guidance and it details exactly the error your PARTNER is having. Your partner is probably running an old version of Java that does not have the trusted certificates for your SSL in their Java certiciate keystore and therefore they have to add your trsutesd certifcate chain into their OpenAS2 implementation directly by following the directions in the "SSL Certificate Exceptions" section.
The alternative is that you buy an SSL certificate from a provider whose trust certicates are already in the version of Java that your partner has. Tell them to follow the guidance in the OpenAS2HowTo.pdf
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We have installed AS2 for HTTPs port and its working fine for Outbound. Now when our client/partner send us a file, they got SSL handshake error stated below.
Client is using self signed certificate and we have tried the following thing as well in start_openas2.bat for support but still getting error.
Any recommendations?
If your partner is using a self signed certificate for SSL it is pretty pointless - it provides no extra security for a half decent hacker.
However, the certificat eyour partner uses for SSL is only relevant when you make the connection to your partner (ie wqhen you send a file or send and ASYNCHRONOUS MDN.
If your partner does have a self signed SSL certificate then you will only connect if you set the parm as you indicated:
Since you are using a genuine trsuted certificate authority for your certificate and your partner is getting the error trying to send you a file, it is your certificate that is at issue. Llook at section "SSL Certificate Exceptions" in the OpenAS2HowTo.pdf for guidance with your error - most likely your trusted certificate chain is not in your default Java keystore.
To be clear, the fix is on your partners side, not on your side.
What partner have to change in order to resolve the SSL handshake error.
Partner have self signed cert, and we have SSL cert.
Our certificate is SSL and its working fine for Outbound. But when our partner send us a file it got SSL handshake error. Partner is using self signed certificate and what do they need to add at ?
is this will be our CN or partner's own self signed certificate CN?
And apart of that, what else is require to be done at:
1- Our side
2- Partner side
I say again, for outbound (ie sending files), your certificate is irrelevant.
You should read up on how HTTPS sets up the connection and you will be less confused.
In a normal website access to a webpage using HTTPS, you DO NOT HAVE the websites SSL certificate - it is using the websites certiciate.
The way the AS2 protocol works (not just OpenAS2), the sender makes an HTTP request to the remote partner that sends a mime wrapped file and the other end sends a response saying whether they received and successfully extracted the file or not. So in this scenarion, the AS2 SENDER is the browser and the remote partner is the website.
So - your SSL certificate for HTTPS is irrelevant when sending files just the same as you do not need the websites SSL certifcate when you make the request to the website.
Since your partner is sending you files and they are getting the error, the problem is as stated in section "SSL Certificate Exceptions" in the OpenAS2HowTo.pdf for guidance and it details exactly the error your PARTNER is having. Your partner is probably running an old version of Java that does not have the trusted certificates for your SSL in their Java certiciate keystore and therefore they have to add your trsutesd certifcate chain into their OpenAS2 implementation directly by following the directions in the "SSL Certificate Exceptions" section.
The alternative is that you buy an SSL certificate from a provider whose trust certicates are already in the version of Java that your partner has. Tell them to follow the guidance in the OpenAS2HowTo.pdf