Skip to Content

RNIF adapter, Hiearchical Trust Model?

Hello All,

Has any one used the Hiearchical Trust Model with the RNIF adapter?

I am trying to implement a scenario with the RNIF adapter where XI posts a message to a Business Partner and gets back the Asynch Business Signal.

Options Selected in the RNIF adapter,

1. Sign Action Message

2. Sign Business Signal.

1. I have tested my environment set up using the Rosettanet Self Test Kit. I use a Self Signed Cert for the RSTK and in this case the scenario works perfectly fine with the Direct Trust Model.

2. When I test this with my partner who uses a Equifax Signed Certificate, the Signature validation of the Business Signal Fails. I tried to use both the Direct Trust Model and the Hiearchical Trust Model and none of the options selected help. I have loaded the Cert from my Partner in the TraustedCAs, restarted the Keystore and still XI errors with the Invalid Certificate error.

The Business Partner has confirmed that they are using the right certificate to sign the message and I also copied the Signature from the RNIF Business Signal hitting XI , saved it as a p7s file and the certificate looks just as the cert loaded in the keystore.

My question here is,

1. When I use direct trust model I provide the Keystore View and Certificate Entry and it errors.

2. When I use Hiearchical Trust model, I still get the same error.

Specifically, has any one used the Hiearachical Trust Model? Is there some special entry we need to provide in our Receiver agreement. For now, my entries for the following fields looks like,

Issuer : used f4 help and the details came out had the Organization Unit, Organization and c

Subject : CommonName , Organization , Locality, State, Country

CertificateAuthorithy Keystore View : TustedCa's which contains the CA's certificate ( Equifax in my case ).

Would any one have any idea on what I might have missed. The set up works with Self Signed Certificates and hence am not sure what special we need to do to use the CA signed Certificate.

Any ideas/ thoughts, Please do let me know.



PS : My apologies if you feel asleep midway of this rather long thread

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Aug 14, 2008 at 05:45 AM

    Hi Bhavesh,

    I hope, you corectly configured receiver agreement.

    any how, could you please cross check with the follwoing links. (page 19-21).

    warm regards


    Add comment
    10|10000 characters needed characters exceeded

    • Hi Mahesh,

      Have done everything just as the way I think it has to be done.

      Also looked into the monitoring guide, but no luck.

      Will be raising a OSS with SAP today to see if they can help. Will keep the forum informed.



  • Aug 19, 2008 at 01:02 PM

    The issue seemed to be that Partner gateway was not enforcing the

    content-transfer-encoding in the MIME header of the service content and so the

    interpretation was open to the XI gateway and XI gives a

    signature validation error even though the line is missing in the MIME

    headers of the service content.

    It is always a best practice to enforce the

    content-transfer-encoding to avoid ambiguity at the other end.

    Making sure our partner set the, Content-transfer-encoding: binary in the MIME header for the service

    content seems to have resolved the signature validation error.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Bhavesh Kantilal

      HI Bhavesh,

      I ran into the same situation where the Content-Transfer-Encoding  should be "Base64" for the trading partner but we are sending "Binary".

      Can you please let me know if there was some update on ur OSS note from SAP and how was this resolved ?