Skip to Content
Aug 13, 2008 at 08:54 PM

RNIF adapter, Hiearchical Trust Model?


Hello All,

Has any one used the Hiearchical Trust Model with the RNIF adapter?

I am trying to implement a scenario with the RNIF adapter where XI posts a message to a Business Partner and gets back the Asynch Business Signal.

Options Selected in the RNIF adapter,

1. Sign Action Message

2. Sign Business Signal.

1. I have tested my environment set up using the Rosettanet Self Test Kit. I use a Self Signed Cert for the RSTK and in this case the scenario works perfectly fine with the Direct Trust Model.

2. When I test this with my partner who uses a Equifax Signed Certificate, the Signature validation of the Business Signal Fails. I tried to use both the Direct Trust Model and the Hiearchical Trust Model and none of the options selected help. I have loaded the Cert from my Partner in the TraustedCAs, restarted the Keystore and still XI errors with the Invalid Certificate error.

The Business Partner has confirmed that they are using the right certificate to sign the message and I also copied the Signature from the RNIF Business Signal hitting XI , saved it as a p7s file and the certificate looks just as the cert loaded in the keystore.

My question here is,

1. When I use direct trust model I provide the Keystore View and Certificate Entry and it errors.

2. When I use Hiearchical Trust model, I still get the same error.

Specifically, has any one used the Hiearachical Trust Model? Is there some special entry we need to provide in our Receiver agreement. For now, my entries for the following fields looks like,

Issuer : used f4 help and the details came out had the Organization Unit, Organization and c

Subject : CommonName , Organization , Locality, State, Country

CertificateAuthorithy Keystore View : TustedCa's which contains the CA's certificate ( Equifax in my case ).

Would any one have any idea on what I might have missed. The set up works with Self Signed Certificates and hence am not sure what special we need to do to use the CA signed Certificate.

Any ideas/ thoughts, Please do let me know.



PS : My apologies if you feel asleep midway of this rather long thread