Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SML certificate update #70

Closed
phax opened this issue Apr 10, 2018 · 4 comments
Closed

Add support for SML certificate update #70

phax opened this issue Apr 10, 2018 · 4 comments

Comments

@phax
Copy link
Owner

phax commented Apr 10, 2018

UPDATING THE SML WITH A NEW SMP CERTIFICATE:
PrepareChangeCertificate operation
SMP with expired certificate

PEPPOL_Certificates_Change_V1.2.pdf

@phax
Copy link
Owner Author

phax commented Jun 1, 2018

A generic version is available at https://peppol.helger.com/public/menuitem-tools-smp-sml#tab_updatecert

@emilbokenstrand
Copy link

emilbokenstrand commented Nov 26, 2018

Greetings,

I am sorry that this question is not directly tied to the SMP software but this seemed like the most appropriate place to put it anyway.

I tried https://peppol.helger.com/public/menuitem-tools-smp-sml#tab_updatecert to update our SMP pilot certificate to the newer V3 certificate and get the following error:

Error preparing migration of SMP certificate at SML 'https://acc.edelivery.tech.ec.europa.eu/edelivery-sml'. Technical details: ClientTransportException Der Server hat HTTP-Statuscode 401 gesendet: Unauthorized

and I cannot get further. I believe this error has something to do with the keystore I provide but I cannot figure out what is wrong. The keystore has one entry containing our old (still valid) certificate (complete chain) and the corresponding private key. I tried with an empty password on the keystore and the entry itself without any luck.

Can you please advise how to proceed?

Edit:
I was able to do this with our production certificate where the only difference I can think of is that our production SMP has got no service groups registered yet

Regards, Emil

@phax
Copy link
Owner Author

phax commented Nov 26, 2018

@emilbokenstrand there are multiple things to consider:

  • For production use [SML] for test use [SMK]
  • The old keystore MUST be the one used in your SMP, including the private key and the full chain. Note: only JKS keystores are support. PKCS 12 does not work here. Your existing certificate may not be expired yet.
  • The password must be the one to open the keystore and it assumes, that the password for the key is identical to the one of the whole keystore
  • The migration date must be in the future

I assume you matched all the requirements. Maybe we can have a short Skype session where you can share screen. My Skype ID is phelger

phax added a commit that referenced this issue Nov 28, 2018
@phax phax added this to the v5.1 milestone Nov 28, 2018
@phax phax closed this as completed Nov 28, 2018
@emilbokenstrand
Copy link

My bad. I had messed up the new certificate. Sorry for causing any inconvenience, I succeeded in the update now. I made a contact request on Skype btw.

Thumbs up for this fix, nice to have it available directly in the SMP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants