Incorrectly Signed MDN
When a returned MDN can be decrypted successfully but has been signed by an invalid Signing certificate then the AS2 logs will show a MDN indicates a processing failure message.
This effectively means "We received a valid MDN, saying that the file was delivered successfully, but it's signed by someone that we can't verify so we can't trust the MDN's validity."
We provide an option for you to specify the MDN validation level to be performed in order to consider the AS2 transmission to be a success. This option allows you to accept MDNs based on varying levels of validation. Try setting this option to a lower level of validation for the trading partner.
Check with your trading partner to verify that they are signing the MDN using the correct AS2 certificate. The MDN should be signed using the private certificate key that corresponds to the public certificate they provided to you to set up the AS2 partnership.
The returned MDN may include a signature that is encoded in either base64 or binary formats.
If you need to provide the incorrect signature details to your trading partner, it can be found within the MDN contents, usually as the last segment.
PEM Base64 Encoded Signature
A PEM base64 encoded signature looks like this:
You can also decode the MDN signature using the openssl
command line tool.
Save the above MDN segment to a file, then run this command:
The output will show the details of the certificate that was used to sign the MDN, which you can provide to your trading partner to help them identify and correct this issue.
If the above command fails with an error that says "Error reading PEM file" then the signature might have been signed using an old pre-PEM Base64 format instead. Try this command to decode the signature:
Binary Signature
Binary format signatures cannot be viewed properly in text editors, but looks somewhat like this:
You can also decode the MDN signature using the openssl
command line tool.
Using a binary safe editor, save the above MDN segment to a file. Only save the binary data, starting after the blank line, and do not include any of the header or footer tags. Then run this command on the binary signature file:
The output will show the details of the certificate that was used to sign the MDN, which you can provide to your trading partner to help them identify and correct this issue.
Certificate Purpose
The signing of AS2 messages and MDN receipts uses X.509 Certificates. The structure of these certificates includes fields that specify the purpose that the certificate can be used for.
AS2 allows the use of various types of these certificates including, for example, self-signed certificates. Each of your trading partners will have their own certificate standards and so partner certificates will vary in their configuration.
We provide an option for you to specify the MDN validation level, which provides different levels of validation against these different types of signing certificate.
You can use the following command to display a certificate's purpose:
Get Instant Access to Files.com
The button below will take you to our Free Trial signup page. Click on the white "Start My Free Trial" button, then fill out the short form on the next page. Your account will be activated instantly. You can dive in and start yourself or let us help. The choice is yours.
Start My Free Trial