Skip to Content
author's profile photo Former Member
Former Member

Problemas de acesso a SEFAZ utilizando IBM Sterling Secure Proxy - SAP GRC NF-e

Boa Tarde,

Estamos realizando a configuração da Nota Fiscal Eletronica e estamos enfrentando um problema de acesso aos servidores da SEFAZ. Para a instalação dos certificados e rota de endereços da SEFAZ estamos utilizando uma solução da IBM chamada SSP - Sterling Secure Proxy.

Utilizando esta solução estamos tendo o retorno no SAP PI:

Error XIAdapter/HTTP/ADAPTER.HTTP_EXPECTION - HTTP 403 Forbidden.

Já entramos em contato com a SEFAZ, já realizamos de acordo com as SAP Notes a geração correta do arquivo PFX e suas cadeias e também incluimos as cadeias no sistema do SSP.

Porém quando realizado o acesso, alguma consulta ou ação que necessita a comunicação com os ambientes da SEFAZ o mesmo erro é retornado.

De acordo com o LOG do SSP esta ocorrendo um Handshaking quando realizado a tentativa e logo em seguida retorna o erro 403.

Temos outros tipos de comunicações que utiliza certificados instalados neste ambiente e funcionam de forma correta.

Alguém já trabalho com o este tipo de sistema SSP para a implementação da Nota Fiscal Eletronica?

Utilizando um sistema terceiro para a realizando das chamadas do Servidor?

Muito Obrigado!

Luiz.

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jan 13, 2016 at 09:29 PM

    Estamos analisando que o Sistem SSP não esta reconhecendo corretamente os certificados instalados, desta forma realizamos a maneira já recomendada da instalação no SAP PI para o PFX e dentro do Trusted CA's os certificados de cadeias para o respectivo PFX, desta forma o processo esta funcionando.

    Estou fechando este post, obrigado pela ajuda.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jan 07, 2016 at 06:46 PM

    Luiz,

    certifique-se que a solução SSP entende que os certificados da SEFAZ são confiáveis.

    Normalmente temos que instalar os certificados CA (raiz) usados no servidor que queremos conectar em nosso sistema cliente.

    Isso é o que normalmente causa problemas de Handshake.

    Quando estamos falando do SAP PI/PO ou qualquer NetWeaver Java, é o mesmo que instalar os certificados raiz na KeyStore View TrustedCAs.


    No caso do SSP, não sei como deve ser feito.


    Exemplo abaixo é de um certificado da SEFAZ AN e em destaque, o certificado CA, que deve ser instalado na TrustedCAs ou "Trusted Root Certification Authorities".

    []'s

    JN


    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 07, 2016 at 07:13 PM

    Segue o Log (Pode ser dificil de ler, pois não estou conseguindo colar e copiar corretamente aqui):

    07 Jan 2016 16:26:42,782 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP104I Session Proceeding after Node match: IX1 07 Jan 2016 16:26:42,782 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Using StubAuthenticator for Authentication. 07 Jan 2016 16:26:42,782 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE1831I Authentication mechanism: no authentication. 07 Jan 2016 16:26:42,782 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Out bound port range: 0 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[POST /ws/NfeConsulta/NfeConsulta2.asmx HTTP/1.0] 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[Host: ssptst.bpweb.bp.com:5082] 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[User-Agent: SAP-Messaging-com.sap.aii.af.sdk.xi/1.0505] 07 Jan 2016 16:26:42,785 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0103I Connecting to server. 07 Jan 2016 16:26:42,785 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Initiating connection to the Out-Node: SAFEZ_NFe_SVRS for Session: 1452184002780_60223 07 Jan 2016 16:26:42,785 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0237I Attempting outbound connection with nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 ... 07 Jan 2016 16:26:43,289 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0238I Primary outbound plain socket connection with nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 established. 07 Jan 2016 16:26:43,290 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0109I Securing Server connection. 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.jetty.CspHttpFields - reached write() 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Sending to Server:[> POST /ws/NfeConsulta/NfeConsulta2.asmx HTTP/1.0> Accept: */*> Host: nfe-homologacao.svrs.rs.gov.br:443> User-Agent: SAP-Messaging-com.sap.aii.af.sdk.xi/1.0505> CallingType: SA> content-id:> Content-Type: text/soap+xml; charset=utf-8> Content-Length: 687> SOAPACTION: "http://www.portalfiscal.inf.br/nfe/wsdl/NfeConsulta2/nfeConsultaNF2"> Connection: close> ] 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.session.fsm.HttpState - 1452184002780_60223 - HttpState - request sent to server - state:3 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpRequestConverter ByteBuffer in request marshalling[> 687> ] 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - turnOnSSL 07 Jan 2016 16:26:43,291 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0102I Securing server connection. 07 Jan 2016 16:26:44,063 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0240I Handshake with peer at /200.233.14.140 completed. Security protocol=TLS1, Cipher=TLS_RSA_WITH_AES_128_CBC_SHA, Subject=[CN=*.svrs.rs.gov.br, OU=RFB e-Servidor A1, OU=ARSERPRO, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR], Public key length=2,048. 07 Jan 2016 16:26:44,064 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Sending ByteBuffer length - 410, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@3fa63fa6 07 Jan 2016 16:26:44,066 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Sending ByteBuffer length - 687, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@2e572e57 07 Jan 2016 16:26:45,023 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0240I Handshake with peer at /200.233.14.140 completed. Security protocol=TLS1, Cipher=TLS_RSA_WITH_AES_128_CBC_SHA, Subject=[CN=*.svrs.rs.gov.br, OU=RFB e-Servidor A1, OU=ARSERPRO, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR], Public key length=2,048. 07 Jan 2016 16:26:45,026 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Received ByteBuffer length - 1412, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@29862986 07 Jan 2016 16:26:45,026 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Entered state: _PROCESSING_HEADERS(1) 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 starting position (buf position):0, rem:1412, remBuf count:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 buf array offset:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 remBuf position:0, remBuf arrayOffset:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Server:[HTTP/1.1 403 Forbidden] 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Entered state: _PROCESSING_BODY_INIT(2) 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Unmarshalling response from server msg: com.sterlingcommerce.csp.jetty.CspHttpResponse 07 Jan 2016 16:26:45,028 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE2401E 1452184002780_60223 HTTP HTTP server error 403 occurred. 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 systemUrlMapOption: false, Response content type HTML: true 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.jetty.CspHttpFields - reached write() 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Sending to Client:[> HTTP/1.1 403 Forbidden> Content-Type: text/html> Server: HTTP Server> X-Powered-By: ASP.NET> Date: Thu, 07 Jan 2016 16:26:44 GMT> Connection: close> Content-Length: 1233> > > ] 07 Jan 2016 16:26:45,031 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP102I Control:ServerAgent Connection closed (CloseCode.EOF): Elapsed Time: 1.742 (s) > : Bytes Received: 1412 [at: 0.006484500574052813 MBPS] > Bytes Sent: 1097 [at: 0.00503788748564868 MBPS] >07 Jan 2016 16:26:45,031 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.session.fsm.HttpState - 1452184002780_60223 - receivedServerClose() 07 Jan 2016 16:26:45,031 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0244I Outbound connection from nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 closed. End of File. 07 Jan 2016 16:26:45,031 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-2] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ClientAgent - sending conduit.close() code: CloseCode.NORMAL_CLOSE 07 Jan 2016 16:26:45,035 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-17] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - already closed, got CloseCode.FULL_CLOSE 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP102I Control:ClientAgent Connection closed (CloseCode.FULL_CLOSE): Elapsed Time: 2.253 (s) > : Bytes Received: 1068 [at: 0.003792276964047936 MBPS] > Bytes Sent: 1406 [at: 0.004992454505104305 MBPS] >07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 entered - sessionImpl receivedClientClose 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 clientClose - about to wait for the lock, wait time(ms): 500 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 clientClose - wait over got lock: true, nowait, currentState is not null: true 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0242I Inbound connection from /149.191.22.106 closed. Connection fully closed. 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ClientAgent- releasing last buffer - com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@42234223 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent- releasing last buffer - com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@29862986 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP119I Session Manager: Cleaning out session with id: 1452184002780_60223 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0112I Session ended.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.