on 01-07-2016 5:15 PM
Boa Tarde,
Estamos realizando a configuração da Nota Fiscal Eletronica e estamos enfrentando um problema de acesso aos servidores da SEFAZ. Para a instalação dos certificados e rota de endereços da SEFAZ estamos utilizando uma solução da IBM chamada SSP - Sterling Secure Proxy.
Utilizando esta solução estamos tendo o retorno no SAP PI:
Error XIAdapter/HTTP/ADAPTER.HTTP_EXPECTION - HTTP 403 Forbidden.
Já entramos em contato com a SEFAZ, já realizamos de acordo com as SAP Notes a geração correta do arquivo PFX e suas cadeias e também incluimos as cadeias no sistema do SSP.
Porém quando realizado o acesso, alguma consulta ou ação que necessita a comunicação com os ambientes da SEFAZ o mesmo erro é retornado.
De acordo com o LOG do SSP esta ocorrendo um Handshaking quando realizado a tentativa e logo em seguida retorna o erro 403.
Temos outros tipos de comunicações que utiliza certificados instalados neste ambiente e funcionam de forma correta.
Alguém já trabalho com o este tipo de sistema SSP para a implementação da Nota Fiscal Eletronica?
Utilizando um sistema terceiro para a realizando das chamadas do Servidor?
Muito Obrigado!
Luiz.
Estamos analisando que o Sistem SSP não esta reconhecendo corretamente os certificados instalados, desta forma realizamos a maneira já recomendada da instalação no SAP PI para o PFX e dentro do Trusted CA's os certificados de cadeias para o respectivo PFX, desta forma o processo esta funcionando.
Estou fechando este post, obrigado pela ajuda.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Segue o Log (Pode ser dificil de ler, pois não estou conseguindo colar e copiar corretamente aqui):
07 Jan 2016 16:26:42,782 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP104I Session Proceeding after Node match: IX1 07 Jan 2016 16:26:42,782 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Using StubAuthenticator for Authentication. 07 Jan 2016 16:26:42,782 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE1831I Authentication mechanism: no authentication. 07 Jan 2016 16:26:42,782 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-8] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Out bound port range: 0 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[POST /ws/NfeConsulta/NfeConsulta2.asmx HTTP/1.0] 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[Host: ssptst.bpweb.bp.com:5082] 07 Jan 2016 16:26:42,783 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Client:[User-Agent: SAP-Messaging-com.sap.aii.af.sdk.xi/1.0505] 07 Jan 2016 16:26:42,785 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0103I Connecting to server. 07 Jan 2016 16:26:42,785 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Initiating connection to the Out-Node: SAFEZ_NFe_SVRS for Session: 1452184002780_60223 07 Jan 2016 16:26:42,785 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-9] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0237I Attempting outbound connection with nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 ... 07 Jan 2016 16:26:43,289 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0238I Primary outbound plain socket connection with nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 established. 07 Jan 2016 16:26:43,290 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0109I Securing Server connection. 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.jetty.CspHttpFields - reached write() 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Sending to Server:[> POST /ws/NfeConsulta/NfeConsulta2.asmx HTTP/1.0> Accept: */*> Host: nfe-homologacao.svrs.rs.gov.br:443> User-Agent: SAP-Messaging-com.sap.aii.af.sdk.xi/1.0505> CallingType: SA> content-id:> Content-Type: text/soap+xml; charset=utf-8> Content-Length: 687> SOAPACTION: "http://www.portalfiscal.inf.br/nfe/wsdl/NfeConsulta2/nfeConsultaNF2"> Connection: close> ] 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.session.fsm.HttpState - 1452184002780_60223 - HttpState - request sent to server - state:3 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpRequestConverter ByteBuffer in request marshalling[> 687> ] 07 Jan 2016 16:26:43,290 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - turnOnSSL 07 Jan 2016 16:26:43,291 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0102I Securing server connection. 07 Jan 2016 16:26:44,063 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0240I Handshake with peer at /200.233.14.140 completed. Security protocol=TLS1, Cipher=TLS_RSA_WITH_AES_128_CBC_SHA, Subject=[CN=*.svrs.rs.gov.br, OU=RFB e-Servidor A1, OU=ARSERPRO, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR], Public key length=2,048. 07 Jan 2016 16:26:44,064 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Sending ByteBuffer length - 410, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@3fa63fa6 07 Jan 2016 16:26:44,066 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-14] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Sending ByteBuffer length - 687, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@2e572e57 07 Jan 2016 16:26:45,023 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0240I Handshake with peer at /200.233.14.140 completed. Security protocol=TLS1, Cipher=TLS_RSA_WITH_AES_128_CBC_SHA, Subject=[CN=*.svrs.rs.gov.br, OU=RFB e-Servidor A1, OU=ARSERPRO, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR], Public key length=2,048. 07 Jan 2016 16:26:45,026 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - Received ByteBuffer length - 1412, com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@29862986 07 Jan 2016 16:26:45,026 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Entered state: _PROCESSING_HEADERS(1) 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 starting position (buf position):0, rem:1412, remBuf count:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 buf array offset:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 remBuf position:0, remBuf arrayOffset:0 07 Jan 2016 16:26:45,027 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Received from Server:[HTTP/1.1 403 Forbidden] 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Entered state: _PROCESSING_BODY_INIT(2) 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.io.HttpResponseConverter - Unmarshalling response from server msg: com.sterlingcommerce.csp.jetty.CspHttpResponse 07 Jan 2016 16:26:45,028 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE2401E 1452184002780_60223 HTTP HTTP server error 403 occurred. 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 systemUrlMapOption: false, Response content type HTML: true 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.jetty.CspHttpFields - reached write() 07 Jan 2016 16:26:45,028 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Sending to Client:[> HTTP/1.1 403 Forbidden> Content-Type: text/html> Server: HTTP Server> X-Powered-By: ASP.NET> Date: Thu, 07 Jan 2016 16:26:44 GMT> Connection: close> Content-Length: 1233> > > ] 07 Jan 2016 16:26:45,031 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP102I Control:ServerAgent Connection closed (CloseCode.EOF): Elapsed Time: 1.742 (s) > : Bytes Received: 1412 [at: 0.006484500574052813 MBPS] > Bytes Sent: 1097 [at: 0.00503788748564868 MBPS] >07 Jan 2016 16:26:45,031 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 com.sterlingcommerce.csp.http.session.fsm.HttpState - 1452184002780_60223 - receivedServerClose() 07 Jan 2016 16:26:45,031 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-15] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0244I Outbound connection from nfe-homologacao.svrs.rs.gov.br/InetSocketAddress-host:nfe-homologacao.svrs.rs.gov.br/200.233.4.140-port:443 closed. End of File. 07 Jan 2016 16:26:45,031 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-2] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ClientAgent - sending conduit.close() code: CloseCode.NORMAL_CLOSE 07 Jan 2016 16:26:45,035 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_FarScheduler-Thread-17] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent - already closed, got CloseCode.FULL_CLOSE 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP102I Control:ClientAgent Connection closed (CloseCode.FULL_CLOSE): Elapsed Time: 2.253 (s) > : Bytes Received: 1068 [at: 0.003792276964047936 MBPS] > Bytes Sent: 1406 [at: 0.004992454505104305 MBPS] >07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 entered - sessionImpl receivedClientClose 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 clientClose - about to wait for the lock, wait time(ms): 500 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 clientClose - wait over got lock: true, nowait, currentState is not null: true 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP0242I Inbound connection from /149.191.22.106 closed. Connection fully closed. 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ClientAgent- releasing last buffer - com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@42234223 07 Jan 2016 16:26:45,036 DEBUG [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 Control:ServerAgent- releasing last buffer - com.sterlingcommerce.perimeter.util.nio.ByteBufferWrapper@29862986 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSP119I Session Manager: Cleaning out session with id: 1452184002780_60223 07 Jan 2016 16:26:45,036 INFO [BP_ADP_HTTP_5082_SAFEZ_NFeSVRS_OUT_S2_NearScheduler-Thread-3] sys.NODE.BP_NET_HTTP_SAFEZ_OUT.IX1 - http sessid=1452184002780_60223 SSE0112I Session ended.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Luiz,
Como está a configuração do canal de comunicação no PI? Eles estão configurados para usar a KeyStore View / Entry com o certificado da sua empresa?
O erro não ocorre no Handshake. Esse erro me parece ser causado pela falta do Certificado Cliente na requisição POST... Acho que o certificado do cliente usado na autenticação deveria aparecer nos logs do SSP (como aparecem os do servidor).
[]'s
JN
Luiz,
certifique-se que a solução SSP entende que os certificados da SEFAZ são confiáveis.
Normalmente temos que instalar os certificados CA (raiz) usados no servidor que queremos conectar em nosso sistema cliente.
Isso é o que normalmente causa problemas de Handshake.
Quando estamos falando do SAP PI/PO ou qualquer NetWeaver Java, é o mesmo que instalar os certificados raiz na KeyStore View TrustedCAs.
No caso do SSP, não sei como deve ser feito.
Exemplo abaixo é de um certificado da SEFAZ AN e em destaque, o certificado CA, que deve ser instalado na TrustedCAs ou "Trusted Root Certification Authorities".
[]'s
JN
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
14 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.