Common Error - Trading Partner AS2 Send works in Test Mode but not in Deployment

Document created by mike_aronson Employee on Apr 15, 2016Last modified by mike_aronson Employee on Apr 25, 2016
Version 2Show Document
  • View in full screen mode

When configuring a Trading Partner shape in a process to send via AS2, sometimes the transmission with work in Test Mode, but it will not work in deployment.  Specifically for this scenario you get this error in Deployment only:

 

"Error sending message to AS2 Server; Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; Caused by: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; Caused by: unable to find valid certification path to requested target"

 

Issue

When configuring the SSL certificates within the Trading Partner component, you may not always need an SSL Cert in the AS2 Send Settings.  Many Trading Partners will require that you only configure AS2 Encryption and Signing Certs in the Identify Information section below and that may be sufficient for securely transmitting the AS2 data.

 

 

However, some trading partners may also require an SSL Cert be specified to communicate over HTTPS via the URL configured in the AS2 Send Settings.

If you receive and import your trading partner's public SSL Certificate into a Certificate Component in the Build tab in AtomSphere, when running in Test Mode, the platform may be able to find and load this certificate when you run from the Build tab.  However, if you do not select and specify the certificate in the SSL Cert field in the AS2 Send Settings section, then you may get a PKIX error, or similar Certificate could not be found error, when you deploy and run the process in Manage.

 

Solution

 

It is recommend to always understand your trading partner's complete requirements up front.  if they require an additional SSL Certificate at the HTTPs layer in order to communcate with their AS2 URL, in addition to the SSL certificates for AS2 identification, then you should import, select and populate your trading partner's public SSL Certificate in the SSL Cert field in the AS2 Send Settings section and deploy.  Keep in mind this is not required in many cases, so check with your Trading Partner to see if its is required, especially if you get an error similar to the one above and you have already confirmed the AS2 Certs match.

2 people found this helpful

Attachments

    Outcomes