Skip to Content
avatar image
Former Member

Unable to validate message; key used for decrypting message is invalid;

When trying to decrypt an RNIF message in our SAP XI system we are running into an issue with below error message:

"Unable to validate message; key used for decrypting message is invalid; expected keystore entry: SSL-<SID>; keystore entry used: null"

The keystore administrator role is mapped to XIAFUSER. We validated the decryption using the J2EE Private Key thru a third-party (non-SAP) tool and it works fine. The keystore SSL-<SID> contains the Private Key and Cert from our CA. The message was encrypted using the Public Key of J2ee engine.

We were unable to generate more details even after increasing the log level. The security.log is the only place showing the above error message.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    May 29, 2007 at 09:46 PM

    The folder C:\j2sdk1.4.2_13\jre\lib\security contains the Java Cryptography Extension (JCE) files - 'local_policy.jar' and 'US_export_policy.jar' .The default files will have a size of 3 kb.These need to be replaced by JCE Unlimited Strength Jurisdiction Policy Files - 'local_policy.jar' and 'US_export_policy.jar' which are of size 5kb. In brief, C:\j2sdk1.4.2_13\jre\lib\security should contain the files - 'local_policy.jar' and 'US_export_policy.jar' and their size should be 5kb (and not 3kb). After we did this change the decrypt worked fine.

    Add comment
    10|10000 characters needed characters exceeded