none
Having problems with AS2 in BizTalk 2010: The message signature doesn't match the signature configured for this party RRS feed

  • Question

  • I've just setup a new BizTalk 2010 standard server and am working on setting up AS2 with a 3rd party. The 3rd party and I both use self signed certs and were able to communicate using our test system. I have the certs in the correct locations based on http://blogs.msdn.com/b/biztalkb2b/archive/2007/05/30/as-2-certificate-management.aspx so I think it may be a problem with how I have the parties and/or agreements setup. I have the send port listed on the agreement and the AS2-From and To fields selected on the agreement identifiers tab. The local signing cert is set in the BizTalk group properties and the encryption cert for the 3rd party is set on their party properties. However when I send I get an error like " The Encryption Certificate has not been configured for AS2 party". If I add the cert to the send port directly I get an error like "The message signature doesn't match the signature configured for this party". I think there is a problem resolving which cert belongs to which party but need more info on where to look. Any help appreciated?

    Thursday, July 18, 2013 9:04 PM

Answers

  • Hi,

    According to error message mentioned above, perhaps you don’t provide proper certificate for AS2 party, or you don’t configure your certificate properly. Firstly I would like to suggest you to check whether you configure your certificate properly, there is a document about configuring Certificates for AS2 below, it will be good reference for you to do that,

    # Configuring Certificates for AS2

    http://msdn.microsoft.com/en-us/library/bb728096.aspx

    If you still have the same issue, please let me know,

    Regards


    Angie xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Pengzhen Song Monday, July 29, 2013 2:12 AM
    Friday, July 19, 2013 11:38 AM
  • I have been able to get traffic going by setting the certificate on the send port for the external party and by setting the internal certificate on the Local party. The way I read the docs this shouldn't be needed. I got a case open to hopefully explain what I'm missing.
    Tuesday, July 23, 2013 2:52 AM
  • Hi Jesse

    "Do I need to add the AS2 ID in that field again or is step 5 optional"

    This is optional, this property is available for backward compatibility.

    It most likely a certificate issue  just accodring to error message above, but as you mentioned above, you use a proper certificate, so we  could troubleshoot this issue as a AS2 configuring issue,  and I'd like to suggest you to check relevant AS2 configuring,

    hope it helps,

     Regards


    Angie xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Pengzhen Song Monday, July 29, 2013 2:11 AM
    Tuesday, July 23, 2013 9:12 AM
  • I was reading the chart wrong. the cert needs to be set on the outbound AS2 port.

    Tuesday, July 30, 2013 12:37 PM

All replies

  • Hi,

    According to error message mentioned above, perhaps you don’t provide proper certificate for AS2 party, or you don’t configure your certificate properly. Firstly I would like to suggest you to check whether you configure your certificate properly, there is a document about configuring Certificates for AS2 below, it will be good reference for you to do that,

    # Configuring Certificates for AS2

    http://msdn.microsoft.com/en-us/library/bb728096.aspx

    If you still have the same issue, please let me know,

    Regards


    Angie xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Pengzhen Song Monday, July 29, 2013 2:12 AM
    Friday, July 19, 2013 11:38 AM
  • Hi Angie, thanks for your response. I've been through the document you reference several times. When I import the certificates I'm logged in as the same account as BizTalk and IIS run under. I worked some more with the 3rd party and if I force the encryption by applting the certificate to the AS2 send port he sees the document so I think the certs are correct. We also used the same certs and I think the same setup on our development systems and were able to sucessfully trade documents. 

    When I set up the Parties and Profiles I put the certs on the Party and the AS2 IDs on the profile. Is there somewhere else the AS2 ID needs to be defined?

    Friday, July 19, 2013 12:20 PM
  • Hi Jess

    [quote]Is there somewhere else the AS2 ID needs to be defined?[/quote]

    To configure the identifier properties

    1.Create an AS2 agreement as described in Configuring General Settings (AS2). To update an existing AS2 agreement, right-click the agreement in the Parties and Business Profiles page, and click Properties.

    2.On a one-way agreement tab, click Identifiers.

    3.In the AS2-From page, specify the name of the trading partner sending the AS2 message.

    4.In the AS2-To page, specify the name of the trading partner receiving the AS2 message.

    5.Under the Additional Agreement Resolvers section, for the AS2To property, enter an additional alias for the partner that receives the message.

    6.Click Apply to accept the changes before continuing with the configuration, or click OK to validate the changes and then close the dialog box,

    You can also learn how to configuring send port association (AS2) below,

    # Configuring Send Port Association (AS2)

    http://msdn.microsoft.com/en-us/library/ff629793(v=bts.80).aspx

    Regards


    Angie xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, July 23, 2013 2:25 AM
  • Thanks Angie, I have that set up except I haven't put anything in the AS2To property as mentioned in step 5. Do I need to add the AS2 ID in that field again or is step 5 optional?
    Tuesday, July 23, 2013 2:46 AM
  • I have been able to get traffic going by setting the certificate on the send port for the external party and by setting the internal certificate on the Local party. The way I read the docs this shouldn't be needed. I got a case open to hopefully explain what I'm missing.
    Tuesday, July 23, 2013 2:52 AM
  • Hi Jesse

    "Do I need to add the AS2 ID in that field again or is step 5 optional"

    This is optional, this property is available for backward compatibility.

    It most likely a certificate issue  just accodring to error message above, but as you mentioned above, you use a proper certificate, so we  could troubleshoot this issue as a AS2 configuring issue,  and I'd like to suggest you to check relevant AS2 configuring,

    hope it helps,

     Regards


    Angie xu
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Pengzhen Song Monday, July 29, 2013 2:11 AM
    Tuesday, July 23, 2013 9:12 AM
  • I was reading the chart wrong. the cert needs to be set on the outbound AS2 port.

    Tuesday, July 30, 2013 12:37 PM
  • This type of problem is mostly related to not providing proper certificate for AS2 party, or certificate not configuring properly.
    Friday, August 2, 2013 1:00 PM