I feel like I may have bumped into this in the past (I have been using OpenAS2 for over 15 years, but it has been 5 years since I posted a question of any kind). I have a partner who is using a CA-signed cert (DigiCert) that is failing signature authentication for inbound message to me. I feel like there is some special way to load the non-leaf parts of the cert chain for OpenAS2, but I can't find any notes on that in either the How To or here on the forum (perhaps I am disremembering that?). The decryption is happening just fine (so, my cert is behaving), but the signature is not working - it looks like it fails when it is trying to find the first non-level level up the cert chain. Below is a TRACE log. Any help would be appreciated. TIA!
2023-02-01 12:48:01.255 FINEST HTTPUtil: HTTP received request: POST /
Headers: ;;Accept==/;;Connection==close;;AS2-From==ZZARIBATESTUS;;Disposition-Notification-To==info@ariba.com;;AS2-Version==1.2;;Message-Id==AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com;;From==info@ariba.com;;Content-Transfer-Encoding==binary;;Content-Description==S/MIME Encrypted Message;;Date==Wed, 01 Feb 2023 18:48:00 GMT;;MIME-Version==1.0;;Subject==EDI Message;;Content-Disposition==attachment;;AS2-To==360DATACA;;Content-Type==application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data;;SAP-PASSPORT==2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A;;content-length==5410;;host==as2.360data.com:10443;;user-agent==AHC/2.1
2023-02-01 12:48:01.256 FINE AS2ReceiverHandler: received 5410 bytes in 0.147 seconds at 35.963 KBps 130.214.184.68 38241 [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.256 FINEST AS2ReceiverHandler: Received msg built from HTTP input stream: Message From:{}To:{}
Headers:{Accept=/, Connection=close, AS2-From=ZZARIBATESTUS, Disposition-Notification-To=info@ariba.com, AS2-Version=1.2, Message-Id=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, From=info@ariba.com, Content-Transfer-Encoding=binary, Content-Description=S/MIME Encrypted Message, Date=Wed, 01 Feb 2023 18:48:00 GMT, MIME-Version=1.0, Subject=EDI Message, Content-Disposition=attachment, AS2-To=360DATACA, Content-Type=application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data, SAP-PASSPORT=2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A, content-length=5410, host=as2.360data.com:10443, user-agent=AHC/2.1}
Attributes:{HTTP_REQUEST_TYPE=POST, destination_ip=/10.200.22.23, destination_port=10443, HTTP_REQUEST_URL=/, source_port=38241, source_ip=/130.214.184.68} [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.268 FINEST AS2ReceiverHandler: Received MimeBodyPart for inbound message: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
========BEGIN MIMEBODYPART=========
...
========END MIMEBODYPART=========
2023-02-01 12:48:01.272 FINER DefaultProcessor: Processor searching for module handler for action: track_msg
2023-02-01 12:48:01.272 FINER AS2ReceiverHandler: decrypting ::: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.292 FINER BCCryptoHelper: Extracted X500 info:: PRINCIPAL : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US :: NAME : CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US
2023-02-01 12:48:01.313 FINEST AS2ReceiverHandler: Received MimeBodyPart for inbound message after decryption: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
========BEGIN MIMEBODYPART=========
Date: Wed, 1 Feb 2023 18:48:00 +0000 (UTC)
Content-Type: multipart/signed;
boundary="----=_Part_3244_129752334.1675277280982";
protocol="application/pkcs7-signature"; micalg=sha256
critical(false) 2.5.29.14 value = DER Octet String[20]
critical(false) 2.5.29.17 value = Sequence
Tagged [CONTEXT 2] IMPLICIT
DER Octet String[36]
critical(true) KeyUsage: 0xa0
critical(false) 2.5.29.37 value = Sequence
ObjectIdentifier(1.3.6.1.5.5.7.3.1)
ObjectIdentifier(1.3.6.1.5.5.7.3.2)
critical(false) 2.5.29.31 value = Sequence
Sequence
Tagged [CONTEXT 0]
Tagged [CONTEXT 0]
Tagged [CONTEXT 6] IMPLICIT
DER Octet String[58]
Sequence
Tagged [CONTEXT 0]
Tagged [CONTEXT 0]
Tagged [CONTEXT 6] IMPLICIT
DER Octet String[58]
critical(false) 2.5.29.32 value = Sequence
Sequence
ObjectIdentifier(2.23.140.1.2.2)
Sequence
Sequence
ObjectIdentifier(1.3.6.1.5.5.7.2.1)
IA5String(http://www.digicert.com/CPS)
critical(false) 1.3.6.1.5.5.7.1.1 value = Sequence
Sequence
ObjectIdentifier(1.3.6.1.5.5.7.48.1)
Tagged [CONTEXT 6] IMPLICIT
DER Octet String[24]
Sequence
ObjectIdentifier(1.3.6.1.5.5.7.48.2)
Tagged [CONTEXT 6] IMPLICIT
DER Octet String[61]
critical(false) BasicConstraints: isCa(false)
critical(false) 1.3.6.1.4.1.11129.2.4.2 value = DER Octet String[363]
2023-02-01 12:48:01.359 ERROR AS2ReceiverHandler: Error decrypting received message: Signature Verification failed [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
java.security.SignatureException: Signature Verification failed
at org.openas2.lib.helper.BCCryptoHelper.verifySignature(BCCryptoHelper.java:417)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:390)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:208)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2023-02-01 12:48:01.397 FINER DefaultProcessor: Processor searching for module handler for action: sendmdn
2023-02-01 12:48:01.398 FINER MDNSenderModule: ASYNC MDN send started...
2023-02-01 12:48:01.400 FINER DefaultProcessor: Processor searching for module handler for action: track_msg
2023-02-01 12:48:01.401 FINEST MDNSenderModule: MDN HEADERS SENT: =Date;Wed, 01 Feb 2023 12:48:01 -0600=From;360DATA GoDaddy CA email=Message-Id;OPENAS2-01022023124801-0600-88e6b66c-a4ea-49f0-8935-301f53bac4a6@ZZARIBATESTUS_360DATACA=Subject;From ZZARIBATESTUS to 360DATACA=MIME-Version;1.0=Content-Type;multipart/report; report-type=disposition-notification; boundary="----=_Part_0_182960550.1675277281396"=AS2-To;ZZARIBATESTUS=AS2-From;360DATACA=AS2-Version;1.1=Connection;close, TE=User-Agent;OpenAS2 Server v3.4.0=Server;OpenAS2 Server v3.4.0 [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.401 FINER DefaultProcessor: Processor searching for module handler for action: storemdn
2023-02-01 12:48:01.407 FINER IOUtil: Moved file atomically from /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/mdn/temp/OPENAS2-20230201124801-0600-c96f23b5-bb65-4f76-8768-e2a2b937ee06.cd47a405-8717-4f48-bdf3-b1c8f8e64048 to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/mdn/ZZARIBATESTUS/OPENAS2-20230201124801-0600-c96f23b5-bb65-4f76-8768-e2a2b937ee06
2023-02-01 12:48:01.407 FINE MDNSenderModule: sent MDN [automatic-action/mdn-sent-automatically; processed/error:integrity-check-failed][AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.408 ERROR OpenAS2Exception: Error occurred:: Signature Verification failed
Sources: {message=Message From:{as2_id=ZZARIBATESTUS, name=ZZARIBATESTUS, email=Pepsi Test email, x509_alias=ZZARIBATESTUS}To:{as2_id=360DATACA, name=360DATACA, email=360DATA GoDaddy CA email, x509_alias=360DATACA}
Headers:{Content-Type=multipart/signed;
boundary="----=_Part_3244_129752334.1675277280982";
protocol="application/pkcs7-signature"; micalg=sha256, Accept=/, Connection=close, AS2-From=ZZARIBATESTUS, Disposition-Notification-To=info@ariba.com, AS2-Version=1.2, Message-Id=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, From=info@ariba.com, Content-Transfer-Encoding=binary, Content-Description=S/MIME Encrypted Message, Date=Wed, 01 Feb 2023 18:48:00 GMT, MIME-Version=1.0, Subject=EDI Message, Content-Disposition=null, AS2-To=360DATACA, SAP-PASSPORT=2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A, content-length=5410, host=as2.360data.com:10443, user-agent=AHC/2.1}
Attributes:{HTTP_REQUEST_TYPE=POST, destination_ip=/10.200.22.23, destination_port=10443, HTTP_REQUEST_URL=/, source_port=38241, source_ip=/130.214.184.68}
MDN:MDN From:{as2_id=360DATACA, name=360DATACA, email=360DATA GoDaddy CA email, x509_alias=360DATACA}To:{as2_id=ZZARIBATESTUS, name=ZZARIBATESTUS, email=Pepsi Test email, x509_alias=ZZARIBATESTUS}
Headers:{Date=Wed, 01 Feb 2023 12:48:01 -0600, From=360DATA GoDaddy CA email, Message-Id=OPENAS2-01022023124801-0600-88e6b66c-a4ea-49f0-8935-301f53bac4a6@ZZARIBATESTUS_360DATACA, Subject=From ZZARIBATESTUS to 360DATACA, MIME-Version=1.0, Content-Type=multipart/report; report-type=disposition-notification; boundary="----=_Part_0_182960550.1675277281396", AS2-To=ZZARIBATESTUS, AS2-From=360DATACA, AS2-Version=1.1, Connection=close, TE, User-Agent=OpenAS2 Server v3.4.0, Server=OpenAS2 Server v3.4.0}
Attributes:{FINAL_RECIPIENT=rfc822; 360DATACA, MIC=null, REPORTING_UA=OpenAS2 Server v3.4.0@/10.200.22.23:10443, ORIGINAL_MESSAGE_ID=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, ORIGINAL_RECIPIENT=rfc822; 360DATACA, DISPOSITION=automatic-action/MDN-sent-automatically; processed/Error:integrity-check-failed}
Text:
The message sent to Recipient 360DATACA on Wed, 01 Feb 2023 18:48:00 GMT with Subject EDI Message has been received, the EDI Interchange was successfully decrypted and it's integrity was verified. Authentication of the originator of the message failed.
}
org.openas2.DispositionException: automatic-action/MDN-sent-automatically; processed/Error:integrity-check-failed
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:413)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:208)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.SignatureException: Signature Verification failed
at org.openas2.lib.helper.BCCryptoHelper.verifySignature(BCCryptoHelper.java:417)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:390)
... 5 more
2023-02-01 12:48:01.409 ERROR OpenAS2Exception: Error occurred:: Stored invalid message to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/error/20230201124801.2fd93d9b-56b8-447a-9ad4-8ab2d027116e
Sources: {}
org.openas2.message.InvalidMessageException: Stored invalid message to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/error/20230201124801.2fd93d9b-56b8-447a-9ad4-8ab2d027116e
at org.openas2.processor.receiver.NetModule.handleError(NetModule.java:142)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:279)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
There is no certificate chain checking for signature verification so the problem is most likely going to be tht you do not have the right public certificate for that partner in your keystore.
You can verify this by asking your partner for the certificate serial number of their certificate and compare it against what you get. They should be the same.
You can use opensssl or keytool as below to get the serial number:
The serial numbers match, but the error remains the same.
They originally sent me the thumbprint, not the serial number (which didn't help - and hence my delay in responding here). I got the serial number today (copying from a DM):
Serial # (not thumbprint): 093c4b59ea8778d0222feff67bdc67ed
Here is the log of me reloading the cert (serial numbers match):
I feel like I may have bumped into this in the past (I have been using OpenAS2 for over 15 years, but it has been 5 years since I posted a question of any kind). I have a partner who is using a CA-signed cert (DigiCert) that is failing signature authentication for inbound message to me. I feel like there is some special way to load the non-leaf parts of the cert chain for OpenAS2, but I can't find any notes on that in either the How To or here on the forum (perhaps I am disremembering that?). The decryption is happening just fine (so, my cert is behaving), but the signature is not working - it looks like it fails when it is trying to find the first non-level level up the cert chain. Below is a TRACE log. Any help would be appreciated. TIA!
2023-02-01 12:48:01.255 FINEST HTTPUtil: HTTP received request: POST /
Headers: ;;Accept==/;;Connection==close;;AS2-From==ZZARIBATESTUS;;Disposition-Notification-To==info@ariba.com;;AS2-Version==1.2;;Message-Id==AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com;;From==info@ariba.com;;Content-Transfer-Encoding==binary;;Content-Description==S/MIME Encrypted Message;;Date==Wed, 01 Feb 2023 18:48:00 GMT;;MIME-Version==1.0;;Subject==EDI Message;;Content-Disposition==attachment;;AS2-To==360DATACA;;Content-Type==application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data;;SAP-PASSPORT==2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A;;content-length==5410;;host==as2.360data.com:10443;;user-agent==AHC/2.1
2023-02-01 12:48:01.256 FINE AS2ReceiverHandler: received 5410 bytes in 0.147 seconds at 35.963 KBps 130.214.184.68 38241 [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.256 FINEST AS2ReceiverHandler: Received msg built from HTTP input stream: Message From:{}To:{}
Headers:{Accept=/, Connection=close, AS2-From=ZZARIBATESTUS, Disposition-Notification-To=info@ariba.com, AS2-Version=1.2, Message-Id=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, From=info@ariba.com, Content-Transfer-Encoding=binary, Content-Description=S/MIME Encrypted Message, Date=Wed, 01 Feb 2023 18:48:00 GMT, MIME-Version=1.0, Subject=EDI Message, Content-Disposition=attachment, AS2-To=360DATACA, Content-Type=application/pkcs7-mime; name=smime.p7m; smime-type=enveloped-data, SAP-PASSPORT=2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A, content-length=5410, host=as2.360data.com:10443, user-agent=AHC/2.1}
Attributes:{HTTP_REQUEST_TYPE=POST, destination_ip=/10.200.22.23, destination_port=10443, HTTP_REQUEST_URL=/, source_port=38241, source_ip=/130.214.184.68} [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.268 FINEST AS2ReceiverHandler: Received MimeBodyPart for inbound message: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
========BEGIN MIMEBODYPART=========
...
========END MIMEBODYPART=========
2023-02-01 12:48:01.272 FINER DefaultProcessor: Processor searching for module handler for action: track_msg
2023-02-01 12:48:01.272 FINER AS2ReceiverHandler: decrypting ::: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.292 FINER BCCryptoHelper: Extracted X500 info:: PRINCIPAL : CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US :: NAME : CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US
2023-02-01 12:48:01.313 FINEST AS2ReceiverHandler: Received MimeBodyPart for inbound message after decryption: [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
========BEGIN MIMEBODYPART=========
Date: Wed, 1 Feb 2023 18:48:00 +0000 (UTC)
Content-Type: multipart/signed;
boundary="----=_Part_3244_129752334.1675277280982";
protocol="application/pkcs7-signature"; micalg=sha256
------=_Part_3244_129752334.1675277280982
Content-Type: Application/edi-x12
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="ZZARIBATESTUS_File"
Content-Id: payload-3c64bd0b-fa26-44de-a52b-e43e311ca3d1@sap.com
Content-Description: MainDocument
ISA00 00 ZZARIBAUS ZZAN01007864296-T2302011848U004010000496850T^~GSPOAN01532261692-TAN01007864296-T20230201184800000049685X004010~ST8500001~BEG00NETC_87693875520230201~CURBYUSD~REFPOTC_876938755~REFZZCompanyCode3000~REFZZAriba.invoicingAllowedYes~REFZZAriba.availableAmount24000~REFZZpartyAdditionalID0000001000~DTM0042023020118480002~N9ZZCompanyCode~MSG3000~N9ZZAriba.invoicingAllowed~MSGYes~N9ZZAriba.availableAmount~MSG24000~N9ZZpartyAdditionalID~MSG0000001000~N1STNew City923000~N3691 Brandway~N4New CityNY16001US~PERREdefaultTE1-66652245254525FX1-1219287345734525~N1BTIDAS1 US INC923000~N31230 Lincoln Avenger~N4NEW CityNY16019US~PERAPdefaultTE1-2153450983FX1-2183455693~N1SUC.E.B. BARLIN920000001000~N3Molping Str. 111134~N4BARLIN12001DESP11~PERCNdefaultEMgoogle@google.comTE49-06894/555010...FX49-06894/555011002000~PO10001024000EA*1VPNon ItemBPBuyerC300801~CURBYUSD~CTPWS1EACSD1~PIDF*Test MaterialEN~PIDSMACAS00801NotAvailable~REFFL*item~REFZZAccountCategoryK~REFZZReceivingType4~SACN*B8402400000*-0000404000-0000004120-100.00LISAEN~CURBYUSD~DTM00220140510000000~SCH1000EA00220140510*0000000001~N9ZZAccountCategory~MSGK~N9ZZReceivingType~MSG4~CTT124000~AMTTT24000~SE480001~GE1000049685~IEA1*000049685~
------=_Part_3244_129752334.1675277280982
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename=smime.p7s
Content-Description: S/MIME Cryptographic Signature
...
------=_Part_3244_129752334.1675277280982--
========END MIMEBODYPART=========
2023-02-01 12:48:01.313 FINEST BCCryptoHelper: Compression check. MIME Base Content-Type:multipart/signed
2023-02-01 12:48:01.313 FINEST BCCryptoHelper: Compression check. SMIME-TYPE:null
2023-02-01 12:48:01.313 FINEST BCCryptoHelper: Compressed MIME msg AFTER COMPRESSION Content-Disposition:null
2023-02-01 12:48:01.313 FINER BCCryptoHelper: Check for compressed data failed on BASE content type: multipart/signed
2023-02-01 12:48:01.313 FINER AS2ReceiverHandler: verifying signature [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.334 FINEST BCCryptoHelper: Headers on MimeBodyPart passed in to signature verifier:
Date == Wed, 1 Feb 2023 18:48:00 +0000 (UTC)
Content-Type == multipart/signed;
boundary="----=_Part_3244_129752334.1675277280982";
protocol="application/pkcs7-signature"; micalg=sha256
2023-02-01 12:48:01.334 FINEST BCCryptoHelper: Checking signature on SIGNED MIME part extracted from multipart contains headers:
Content-Type == Application/edi-x12
Content-Transfer-Encoding == binary
Content-Disposition == attachment; filename="ZZARIBATESTUS_File"
Content-Id == payload-3c64bd0b-fa26-44de-a52b-e43e311ca3d1@sap.com
Content-Description == MainDocument
2023-02-01 12:48:01.340 FINEST BCCryptoHelper: Signer Attributes:
1.2.840.113549.1.9.4:=#16c8720f0705bced1795f95e2e4e764163075b9a84b89efee10effafb63592a8;
1.2.840.113549.1.9.3:=1.2.840.113549.1.7.1;
1.2.840.113549.1.9.15:=[[2.16.840.1.101.3.4.1.42], [2.16.840.1.101.3.4.1.2], [1.2.840.113549.3.7], [1.2.840.113549.3.2, 128], [1.2.840.113549.3.2, 64], [1.3.14.3.2.7], [1.2.840.113549.3.2, 40]];
1.2.840.113549.1.9.5:=230201184800Z;
1.2.840.113549.1.9.16.2.47:=[[[#31eab16d6fa591ea016a791510101fa65ac235cdaabb1e40b42392a01f1a8d42, [[[CONTEXT 4][[[2.5.4.6, US]], [[2.5.4.10, DigiCert Inc]], [[2.5.4.3, DigiCert TLS RSA SHA256 2020 CA1]]]], 17817980749478206810159990989867083391]]]];
2023-02-01 12:48:01.341 FINEST BCCryptoHelper: * Signed Attribute Message-Digest := 16c8720f0705bced1795f95e2e4e764163075b9a84b89efee10effafb63592a8
2023-02-01 12:48:01.341 FINEST BCCryptoHelper: * Signed Content-Digest := 16c8720f0705bced1795f95e2e4e764163075b9a84b89efee10effafb63592a8
2023-02-01 12:48:01.359 FINER BCCryptoHelper: Failed to verify signature for signer info:
Digest Alg OID: 2.16.840.1.101.3.4.2.1
Encrypt Alg OID: 1.2.840.113549.1.1.1
Signer Version: 1
Content Digest: [22, -56, 114, 15, 7, 5, -68, -19, 23, -107, -7, 94, 46, 78, 118, 65, 99, 7, 91, -102, -124, -72, -98, -2, -31, 14, -1, -81, -74, 53, -110, -88]
Content Type: 1.2.840.113549.1.7.1
SID: C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1
Signature: [75, -114, -16, -101, -78, 120, -63, -100, 26, 94, 35, -12, 35, -62, 40, -21, -75, 1, 33, -26, -6, -20, 112, -10, 0, 114, -42, 27, 42, -39, 93, -103, -40, 32, -114, 67, 38, -58, 100, 122, -62, -60, -37, -47, 83, -15, 73, -97, -5, 75, -60, 21, -120, 3, 15, 119, 28, -74, -27, 87, 13, 86, 82, 13, -127, 40, 57, -21, 100, -62, 87, 121, 8, 88, 99, 17, -10, -42, 57, 72, 52, 54, -117, -4, 70, -66, 40, -41, -35, -36, -115, 8, -22, -45, 93, 99, 55, 55, -91, 15, 33, -6, 43, 81, -108, -58, -49, 109, 58, 81, -1, 20, 25, 77, 18, -64, 50, 60, -91, 52, 122, -7, -106, -52, -116, -8, -61, 75, -48, -49, -17, 58, 72, 95, 4, -41, -40, -88, -38, 8, 10, -95, -8, -43, -41, -56, -48, -36, 48, 71, 84, -34, 39, -88, -60, -93, -68, -74, -2, -82, 10, -52, -73, -94, 31, 97, 44, 36, -20, 8, -112, 12, -76, -124, -40, -21, 40, -14, 93, -106, -97, 63, -117, -71, 121, -125, -103, -119, 119, -36, -24, -94, -123, -6, -85, 79, -110, -71, -54, 81, 45, -89, -11, -74, -75, -59, -74, 95, 8, 74, 16, 124, 24, -37, 22, 126, -121, 82, -21, -69, -29, 111, 48, -75, 41, -31, 84, 22, -79, -71, -19, -24, 51, -92, -87, 112, 106, -99, 91, -5, 43, 78, -88, -90, -62, -34, 66, 77, 109, -25, 99, 112, 78, -27, -97, -67]
Unsigned attribs: null
Content-transfer-encoding: null
Certificate: [0] Version: 3
SerialNumber: 12276118078186337965860819263844804589
IssuerDN: C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1
Start Date: Wed Apr 13 19:00:00 CDT 2022
Final Date: Fri Apr 14 18:59:59 CDT 2023
SubjectDN: C=US,ST=Pennsylvania,L=Newtown Square,O=SAP America Inc.,CN=aribacloudintegration-test.ariba.com
Public Key: RSA Public Key [4d:46:9d:fd:3d:ee:06:b4:e5:a2:31:e8:de:31:01:94:3f:e6:7b:b2],[56:66:d1:a4]
modulus: ec53fd8772e798785917485ffe7ab40a636c224654d9ca766c617be9311e21f26ee54f1216fba0bdbcb85fecd4b5faf070c806ba45f4ecadb3de437dd3dca4a5a2b54ad77ce1f5c5d7fa0bcc25479c19e13bb96cf8bec0ba8fd2a48b378364ba2591f81f680b75e2e911a2d66c9c8b90cee170473048820e371fb0baa32d7fcb55194ee3e5beb17cf0b7fbf08c3ccf2d29ec556740ecedb3f3d432df174d8a5486773ad07a326777d11ca4831e2c47b96e7b5de06df6202ad3dc2b4f6bdf4548f020bcbb00e277d51c6b12d897498a558643e8d695ecab775762f1951235f5bdb961fde613abde944ec8f7a3c8560428e87f5e04d559db5321438e0cc55a2161
public exponent: 10001
Signature Algorithm: SHA256WITHRSA
Signature: aa1bb21f647ed6041ef9716596d2bb6cef12ecbd
7cc3789bda3a82b68e2bec13b61b54025283ff30
2ecc73c2eb09e6bf49bc089c80fe97c0a1ef6819
2dcca00ebb94ea657a25787d259ddc3a168dd2b9
3b29fbb5f837402314a5c26a236e7d7b1b29bfe1
dc3c0f7003381ed9b2c9d85c126a7a08aeac9362
4f17022468cad82f75e8cef3542950797705d31d
4d4602d4f1782e4167d4409ae44d21b20f55cf2e
0745d72c6bfddfec45bd195981a1bcc0f5a52231
306aff293e47afe5bcec5498d75a0be27b023bcc
42d4b3a813b47b4a45115faf9f3ccb390624ccba
3b25590557de67072aac8584efcdd18688896c73
1e5211caa133a480470c1132193f8f95
Extensions:
critical(false) 2.5.29.35 value = Sequence
Tagged [CONTEXT 0] IMPLICIT
DER Octet String[20]
2023-02-01 12:48:01.359 ERROR AS2ReceiverHandler: Error decrypting received message: Signature Verification failed [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
java.security.SignatureException: Signature Verification failed
at org.openas2.lib.helper.BCCryptoHelper.verifySignature(BCCryptoHelper.java:417)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:390)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:208)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2023-02-01 12:48:01.397 FINER DefaultProcessor: Processor searching for module handler for action: sendmdn
2023-02-01 12:48:01.398 FINER MDNSenderModule: ASYNC MDN send started...
2023-02-01 12:48:01.400 FINER DefaultProcessor: Processor searching for module handler for action: track_msg
2023-02-01 12:48:01.401 FINEST MDNSenderModule: MDN HEADERS SENT: =Date;Wed, 01 Feb 2023 12:48:01 -0600=From;360DATA GoDaddy CA email=Message-Id;OPENAS2-01022023124801-0600-88e6b66c-a4ea-49f0-8935-301f53bac4a6@ZZARIBATESTUS_360DATACA=Subject;From ZZARIBATESTUS to 360DATACA=MIME-Version;1.0=Content-Type;multipart/report; report-type=disposition-notification; boundary="----=_Part_0_182960550.1675277281396"=AS2-To;ZZARIBATESTUS=AS2-From;360DATACA=AS2-Version;1.1=Connection;close, TE=User-Agent;OpenAS2 Server v3.4.0=Server;OpenAS2 Server v3.4.0 [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.401 FINER DefaultProcessor: Processor searching for module handler for action: storemdn
2023-02-01 12:48:01.407 FINER IOUtil: Moved file atomically from /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/mdn/temp/OPENAS2-20230201124801-0600-c96f23b5-bb65-4f76-8768-e2a2b937ee06.cd47a405-8717-4f48-bdf3-b1c8f8e64048 to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/mdn/ZZARIBATESTUS/OPENAS2-20230201124801-0600-c96f23b5-bb65-4f76-8768-e2a2b937ee06
2023-02-01 12:48:01.407 FINE MDNSenderModule: sent MDN [automatic-action/mdn-sent-automatically; processed/error:integrity-check-failed] [AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com]
2023-02-01 12:48:01.408 ERROR OpenAS2Exception: Error occurred:: Signature Verification failed
Sources: {message=Message From:{as2_id=ZZARIBATESTUS, name=ZZARIBATESTUS, email=Pepsi Test email, x509_alias=ZZARIBATESTUS}To:{as2_id=360DATACA, name=360DATACA, email=360DATA GoDaddy CA email, x509_alias=360DATACA}
Headers:{Content-Type=multipart/signed;
boundary="----=_Part_3244_129752334.1675277280982";
protocol="application/pkcs7-signature"; micalg=sha256, Accept=/, Connection=close, AS2-From=ZZARIBATESTUS, Disposition-Notification-To=info@ariba.com, AS2-Version=1.2, Message-Id=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, From=info@ariba.com, Content-Transfer-Encoding=binary, Content-Description=S/MIME Encrypted Message, Date=Wed, 01 Feb 2023 18:48:00 GMT, MIME-Version=1.0, Subject=EDI Message, Content-Disposition=null, AS2-To=360DATACA, SAP-PASSPORT=2A54482A0300E600004350495F65313430303100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004D657373616765526563657074696F6E00000000000000000000000000000000000000000000000000004350495F6531343030310000000000000000000000000000000000000000000063356337393837376239643634653663383163323938386566643838646233630000000016C5C79877B9D64E6C81C2988EFD88DB3C1E2F5800C7A24E48869C58F25383D37000000001000000002A54482A, content-length=5410, host=as2.360data.com:10443, user-agent=AHC/2.1}
Attributes:{HTTP_REQUEST_TYPE=POST, destination_ip=/10.200.22.23, destination_port=10443, HTTP_REQUEST_URL=/, source_port=38241, source_ip=/130.214.184.68}
MDN:MDN From:{as2_id=360DATACA, name=360DATACA, email=360DATA GoDaddy CA email, x509_alias=360DATACA}To:{as2_id=ZZARIBATESTUS, name=ZZARIBATESTUS, email=Pepsi Test email, x509_alias=ZZARIBATESTUS}
Headers:{Date=Wed, 01 Feb 2023 12:48:01 -0600, From=360DATA GoDaddy CA email, Message-Id=OPENAS2-01022023124801-0600-88e6b66c-a4ea-49f0-8935-301f53bac4a6@ZZARIBATESTUS_360DATACA, Subject=From ZZARIBATESTUS to 360DATACA, MIME-Version=1.0, Content-Type=multipart/report; report-type=disposition-notification; boundary="----=_Part_0_182960550.1675277281396", AS2-To=ZZARIBATESTUS, AS2-From=360DATACA, AS2-Version=1.1, Connection=close, TE, User-Agent=OpenAS2 Server v3.4.0, Server=OpenAS2 Server v3.4.0}
Attributes:{FINAL_RECIPIENT=rfc822; 360DATACA, MIC=null, REPORTING_UA=OpenAS2 Server v3.4.0@/10.200.22.23:10443, ORIGINAL_MESSAGE_ID=AGPas-Cp9JlYWPOFoi6qpII7RFwA@ariba.com, ORIGINAL_RECIPIENT=rfc822; 360DATACA, DISPOSITION=automatic-action/MDN-sent-automatically; processed/Error:integrity-check-failed}
Text:
The message sent to Recipient 360DATACA on Wed, 01 Feb 2023 18:48:00 GMT with Subject EDI Message has been received, the EDI Interchange was successfully decrypted and it's integrity was verified. Authentication of the originator of the message failed.
}
org.openas2.DispositionException: automatic-action/MDN-sent-automatically; processed/Error:integrity-check-failed
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:413)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:208)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.SignatureException: Signature Verification failed
at org.openas2.lib.helper.BCCryptoHelper.verifySignature(BCCryptoHelper.java:417)
at org.openas2.processor.receiver.AS2ReceiverHandler.decryptAndVerify(AS2ReceiverHandler.java:390)
... 5 more
2023-02-01 12:48:01.409 ERROR OpenAS2Exception: Error occurred:: Stored invalid message to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/error/20230201124801.2fd93d9b-56b8-447a-9ad4-8ab2d027116e
Sources: {}
org.openas2.message.InvalidMessageException: Stored invalid message to /u01/home/prod/commprod/openas2/bin/../config/../data/../inbox/error/20230201124801.2fd93d9b-56b8-447a-9ad4-8ab2d027116e
at org.openas2.processor.receiver.NetModule.handleError(NetModule.java:142)
at org.openas2.processor.receiver.AS2ReceiverHandler.handle(AS2ReceiverHandler.java:279)
at org.openas2.processor.receiver.NetModule$ConnectionHandler.run(NetModule.java:176)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
There is no certificate chain checking for signature verification so the problem is most likely going to be tht you do not have the right public certificate for that partner in your keystore.
You can verify this by asking your partner for the certificate serial number of their certificate and compare it against what you get. They should be the same.
You can use opensssl or keytool as below to get the serial number:
openssl pkcs12 -in OpenAS2/config/as2_certs.p12 -clcerts -passout pass:"" | openssl x509 -serial -noout
keytool -v -list -alias partnera -storetype pkcs12 -keystore OpenAS2/config/as2_certs.p12 -storepass testas2 | grep Serial
The serial numbers match, but the error remains the same.
They originally sent me the thumbprint, not the serial number (which didn't help - and hence my delay in responding here). I got the serial number today (copying from a DM):
Serial # (not thumbprint): 093c4b59ea8778d0222feff67bdc67ed
Here is the log of me reloading the cert (serial numbers match):
cert import ZZARIBATESTUS ZZARIBATESTUS.cer
OK:
Certificate(s) imported successfully
Imported certificate: [
[
Version: V3
Subject: CN=aribacloudintegration-test.ariba.com, O=SAP America Inc., L=Newtown Square, ST=Pennsylvania, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
params: null
modulus: 29833657156245675222284929615431100275124403805921845525973427292799175904610969801139092699013594655207923846636505618161671930359911174776274297261894735049695208250541965991596696288845071474746707804070999607060496703983884065962922339585327420714823141419009183436737232060228512755847040388627010939817186733303725793267298239905726502498082872269705976946346137369841279493137205434785872021687897761592195100625364622845772950121197758491850339300456192069116413116635130808731584516094240431436216071922685338752216989761184513775995376120421359489648767998798896185084694186084602809786693025531238800826721
public exponent: 65537
Validity: [From: Wed Apr 13 19:00:00 CDT 2022,
To: Fri Apr 14 18:59:59 CDT 2023]
Issuer: CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US
SerialNumber: [ 093c4b59 ea8778d0 222feff6 7bdc67ed]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6F 04 82 01 6B 01 69 00 76 00 E8 3E D0 ...o...k.i.v..>.
0010: DA 3E F5 06 35 32 E7 57 28 BC 89 6B C9 03 D3 CB .>..52.W(..k....
0020: D1 11 6B EC EB 69 E1 77 7D 6D 06 BD 6E 00 00 01 ..k..i.w.m..n...
0030: 80 29 7B 18 3E 00 00 04 03 00 47 30 45 02 20 52 .)..>.....G0E. R
0040: 87 5D 02 13 70 FC 2C 9B 46 DE A6 8C E6 87 9C B6 .]..p.,.F.......
0050: 9B FB 29 C6 F7 B7 80 2C 56 64 9C EA 56 84 84 02 ..)....,Vd..V...
0060: 21 00 9F B8 43 C0 4C 7A 91 2A 73 52 CB C0 FF B9 !...C.Lz.sR....
0070: 26 84 07 FA B0 56 88 33 23 E9 7C 75 B2 66 88 15 &....V.3#..u.f..
0080: 5F 13 00 76 00 35 CF 19 1B BF B1 6C 57 BF 0F AD _..v.5.....lW...
0090: 4C 6D 42 CB BB B6 27 20 26 51 EA 3F E1 2A EF A8 LmB...' &Q.?...
00A0: 03 C3 3B D6 4C 00 00 01 80 29 7B 18 53 00 00 04 ..;.L....)..S...
00B0: 03 00 47 30 45 02 21 00 E7 60 4A A7 F7 EB 1A BF ..G0E.!..
J..... 00C0: 75 84 A8 7F 39 FB 65 39 DE A7 0A 52 A5 3D F4 7A u...9.e9...R.=.z 00D0: AC 8F E3 D2 DF 9E BC EA 02 20 3A C9 5C 2A 0C 14 ......... :.\*.. 00E0: 29 BD E0 E2 F1 7C 0B 03 2E F5 E2 9E A6 9D DA 10 )............... 00F0: 9E FC A0 A8 9B 00 5B F5 6F 60 00 77 00 B3 73 77 ......[.o
.w..sw0100: 07 E1 84 50 F8 63 86 D6 05 A9 DC 11 09 4A 79 2D ...P.c.......Jy-
0110: B1 67 0C 0B 87 DC F0 03 0E 79 36 A5 9A 00 00 01 .g.......y6.....
0120: 80 29 7B 18 87 00 00 04 03 00 48 30 46 02 21 00 .)........H0F.!.
0130: D3 F4 51 12 4D BB BE 3B 66 09 AD F7 C5 C6 4B E5 ..Q.M..;f.....K.
0140: CE CD BC CB DA C7 C5 68 90 B9 21 D0 C5 94 BF E7 .......h..!.....
0150: 02 21 00 B3 B5 F3 09 D6 C7 7B D3 B4 31 86 31 B4 .!..........1.1.
0160: 4B C0 66 56 FB 3B 5D EF 36 16 BE 90 47 72 9E E8 K.fV.;].6...Gr..
0170: DA 69 E8 .i.
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
,
accessMethod: caIssuers
accessLocation: URIName: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier
KeyIdentifier [
0000: B7 6B A2 EA A8 AA 84 8C 79 EA B4 DA 0F 98 B2 C5 .k......y.......
0010: 95 76 B9 F4 .v..
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:
CA:false
PathLen: undefined
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints
[DistributionPoint:
[URIName: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl
, DistributionPoint:
[URIName: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies
[CertificatePolicyId: [2.23.140.1.2.2
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1B 68 74 74 70 3A 2F 2F 77 77 77 2E 64 69 67 ..http://www.dig
0010: 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 icert.com/CPS
]] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages
serverAuth
clientAuth
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage
DigitalSignature
Key_Encipherment
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName
DNSName: aribacloudintegration-test.ariba.com
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier
KeyIdentifier [
0000: 27 3E C9 1B 6C F5 8B 7A 8D 53 8A A4 6D 0A A8 F9 '>..l..z.S..m...
0010: 35 A2 7D 77 5..w
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: AA 1B B2 1F 64 7E D6 04 1E F9 71 65 96 D2 BB 6C ....d.....qe...l
0010: EF 12 EC BD 7C C3 78 9B DA 3A 82 B6 8E 2B EC 13 ......x..:...+..
0020: B6 1B 54 02 52 83 FF 30 2E CC 73 C2 EB 09 E6 BF ..T.R..0..s.....
0030: 49 BC 08 9C 80 FE 97 C0 A1 EF 68 19 2D CC A0 0E I.........h.-...
0040: BB 94 EA 65 7A 25 78 7D 25 9D DC 3A 16 8D D2 B9 ...ez%x.%..:....
0050: 3B 29 FB B5 F8 37 40 23 14 A5 C2 6A 23 6E 7D 7B ;)...7@#...j#n..
0060: 1B 29 BF E1 DC 3C 0F 70 03 38 1E D9 B2 C9 D8 5C .)...<.p.8.....\
0070: 12 6A 7A 08 AE AC 93 62 4F 17 02 24 68 CA D8 2F .jz....bO..$h../
0080: 75 E8 CE F3 54 29 50 79 77 05 D3 1D 4D 46 02 D4 u...T)Pyw...MF..
0090: F1 78 2E 41 67 D4 40 9A E4 4D 21 B2 0F 55 CF 2E .x.Ag.@..M!..U..
00A0: 07 45 D7 2C 6B FD DF EC 45 BD 19 59 81 A1 BC C0 .E.,k...E..Y....
00B0: F5 A5 22 31 30 6A FF 29 3E 47 AF E5 BC EC 54 98 .."10j.)>G....T.
00C0: D7 5A 0B E2 7B 02 3B CC 42 D4 B3 A8 13 B4 7B 4A .Z....;.B......J
00D0: 45 11 5F AF 9F 3C CB 39 06 24 CC BA 3B 25 59 05 E._..<.9.$..;%Y.
00E0: 57 DE 67 07 2A AC 85 84 EF CD D1 86 88 89 6C 73 W.g.*.........ls
00F0: 1E 52 11 CA A1 33 A4 80 47 0C 11 32 19 3F 8F 95 .R...3..G..2.?..
]
And here is the "cert view" after I bounced the server (the serial number matches - converting hex to dec):
>cert view ZZARIBATESTUS
OK:
[0] Version: 3
SerialNumber: 12276118078186337965860819263844804589
IssuerDN: C=US,O=DigiCert Inc,CN=DigiCert TLS RSA SHA256 2020 CA1
Start Date: Wed Apr 13 19:00:00 CDT 2022
Final Date: Fri Apr 14 18:59:59 CDT 2023
SubjectDN: C=US,ST=Pennsylvania,L=Newtown Square,O=SAP America Inc.,CN=aribacloudintegration-test.ariba.com
Public Key: RSA Public Key [4d:46:9d:fd:3d:ee:06:b4:e5:a2:31:e8:de:31:01:94:3f:e6:7b:b2],[56:66:d1:a4]
modulus: ec53fd8772e798785917485ffe7ab40a636c224654d9ca766c617be9311e21f26ee54f1216fba0bdbcb85fecd4b5faf070c806ba45f4ecadb3de437dd3dca4a5a2b54ad77ce1f5c5d7fa0bcc25479c19e13bb96cf8bec0ba8fd2a48b378364ba2591f81f680b75e2e911a2d66c9c8b90cee170473048820e371fb0baa32d7fcb55194ee3e5beb17cf0b7fbf08c3ccf2d29ec556740ecedb3f3d432df174d8a5486773ad07a326777d11ca4831e2c47b96e7b5de06df6202ad3dc2b4f6bdf4548f020bcbb00e277d51c6b12d897498a558643e8d695ecab775762f1951235f5bdb961fde613abde944ec8f7a3c8560428e87f5e04d559db5321438e0cc55a2161
public exponent: 10001
Signature Algorithm: SHA256WITHRSA
Signature: aa1bb21f647ed6041ef9716596d2bb6cef12ecbd
7cc3789bda3a82b68e2bec13b61b54025283ff30
2ecc73c2eb09e6bf49bc089c80fe97c0a1ef6819
2dcca00ebb94ea657a25787d259ddc3a168dd2b9
3b29fbb5f837402314a5c26a236e7d7b1b29bfe1
dc3c0f7003381ed9b2c9d85c126a7a08aeac9362
4f17022468cad82f75e8cef3542950797705d31d
4d4602d4f1782e4167d4409ae44d21b20f55cf2e
0745d72c6bfddfec45bd195981a1bcc0f5a52231
306aff293e47afe5bcec5498d75a0be27b023bcc
42d4b3a813b47b4a45115faf9f3ccb390624ccba
3b25590557de67072aac8584efcdd18688896c73
1e5211caa133a480470c1132193f8f95
Extensions:
critical(false) 2.5.29.35 value = Sequence
Tagged [CONTEXT 0] IMPLICIT
DER Octet String[20]
You will have to turn on TRACE level logging to see if it provides more insight into where the problem lies.
The original post had a TRACE log. Let me know if there is any other info that would help. I appreciate the assistance.