Does the C1OnRamp 1.0 use public key encryption? I realize it can use userid/pwd or certificates for authentication, but I’m not clear about the encryption portion. Can anyone help?

Thanks,
Ben

Not to be having a conversation with myself, but it doesn’t seem that I ever tell sendEnvelope what certs to use (since I don’t use setKeyandChain or clearKeyandChain, etc. in the code), thus I would assume the C1 OnRamp would use the default outbound certs of the server, which are set on the outbound Certificates settings (true or false?). What if those have no value, is it not encrypting then (and only encoding)?

If setKeyAndChain are not called then the default certificate/key settings are used–those specified in the outbound certificates.

For the second question…clients are not required to have certificates for the HTTPS connection to be encrypted. Only the server is required. Whether a connection is encrypted or not depends on what cipher is selected by the client.

Thanks Ed, I sort of had a brain cramp there (you don’t need a cert when buying something from Amazon, their server handles the encryption and gives the client some sort of temporary hash encryption key to use). To follow up, when my B2B server is acting like an SSL server (using receiveEnvelope), would I present my certificates from the listeners.cnf to create the encryption key that the client would use (this really may depend on the relationship and the setups on each end, but I’m just looking for some generalization)? One other question, is there a prop setting for the cipher on the client or is this randomly generated. Thanks again.

Ben,
When you receive document using HTTPS to receiveEnvelope, it uses the certificates used during the port creation, I guess it stores in listners.cnf.

Hi guys -

> For the second question…clients are not required to have
> certificates for the HTTPS connection to be encrypted.

[Disclaimer: I’m no encryption expert, could be wrong ]
Say you’re the client (delivering PO Acks to a C1 marketsite). You do need to install the remote C1 Marketsite’s CA root certificate (certificate authority root) and any intermediate certificates in your trusted certs directory on the IS server. I think pub.client:http throws an exception if this isn’t done.

About the browser/Amazon.com example: true, you don’t need a certificate to connect to Amazon. But Amazon’s CA is Verisign, and the Verisign root CA is installed in your browser. (Try https://amazon.com for an example).

> false?). What if those have no value, is it not encrypting
> then (and only encoding)?

Hmm… I’m not sure what you meant by encoding, but you don’t need your own certificate to setup an encrypted HTTPS connection as a client - you just need to trust the remote server’s CA.

Hey, btw, if you do have your own server certs installed, there are issues with some C1 Marketsites where they reject your posting if you try to post using certificates. This is a bug within C1’s software (Marketsite 4.0.1 inclusive, IIRC). WM support have released a workaround which tricks setKeyAndChain with dummy certs, so that you do not use your certs while sending documents outbound to marketsites which can’t handle them. (If you’re using TN, you have to setup two delivery services - one with certs, one without). I don’ t think you need to worry about this though Ben.

Regarding Sonam’s comment…you only need client certificates if the server requires them. In general (typical browser-based navigating) you don’t need a certificate to access a secure site.

Back to Ben’s questions…
In general–for RSA based public key algorithms–the client determine the master secret key for symmetric encryption. Once the client generates the private key, it is encrypted using the server’s public key from the server’s certificate–which theorectically only the private key can decrypt.

The cipher suite chose depends on the client software. The actual cipher suite chosen depends on a combination of (first) what the server supports, and (secondly) what the client supports. The first cipher suite in common is (typically) selected as the cipher suite for the SSL session/connection.

As a client the Integration Server/B2B server will select higher strength encryption cipher suites.

hth

Thanks all, that is really good info.

I have the Certificate file and the certificate authority file from C1 installed in my webMethods TN console. I am trying to test the connection from the C1 On Ramp adapter in the webMethods administrator. I am getting an authorization failed error from C1.

1. Could this be becoz that I already have an ssl port configured with our own private key and this is being used when I try to connect with C1 instead of the key they provided?
   Any ideas?
   Thanks in advance

Regarding Ed’s comments: He’s absolutely right – sorry if I wasn’t clear. The client needs a certificate only if the remote server requires it. For example with a WM server, this occurs when the port setting is “require client certificates” instead of “request client certificates”.

Regarding Vince’s question.
> I am getting an authorization failed error from C1.
…
> 1. Could this be becoz that I already have an ssl port
> configured with our own private key

Yes, your server’s default key will be used. Just make sure you aren’t confusing the C1 marketsite’s public key with your server’s key. The C1 Marketsite’s cert is the one installed by you so that inbound connections from the the C1 marketsite can authenticate to you server.

I guess you’re using the WmMarketConnectTN package’s delivery service. Here’s are two main reasons you get an access denied.

1. See my note earlier on the bug with some C1 marketsites. You can determine if this is the case by disabling certs from your server and trying delivery. If that works, you may want to contact WM support for their workaround (i.e. HTTPS post to C1 marketsites while having a cert installed on your server).

2. If, for some reason, the TPIDs in the C1 envelope are wrong (X-Sender-ID and X-Receiver-ID are wrong), you’ll get authorization denied from the remote marketsite.

Hi,
I am trying to install the WmMarketConnectHTTPS package and I am getting this error.
Any ideas?
Thanks

java.lang.RuntimeException: Error in WmMarketConnectHTTPS startup. java.lang.NoClassDefFoundError:wm/server/net/IaikHTTPSListenerFactory
at wm.marketconnect.httpsListener.startup(httpsListener.java:59)
at java.lang.reflect.Method.invoke(Native Method)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java(Compiled Code))
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))
at com.wm.app.b2b.server.HTTPInvokeHandler.process(HTTPInvokeHandler.java:168)
at com.wm.app.b2b.server.HTTPDispatch.run(HTTPDispatch.java(Compiled Code))
at com.wm.util.pool.PooledThread.run(PooledThread.java:103)
at java.lang.Thread.run(Thread.java:498)

What version of the Integration Server/B2B are you running and what fixes, if any, do you have applied?

The error you are getting points to a package dependency issue that would surface with a 4.6 fix. Updating the package dependency list for WmMarketConnectHTTPS to include WmRoot should address this.

I am running IS 4.6 and have the latest service pack installed.

Product webMethods Integration Server
Version 4.6 Release Notes
Updates IS_4-6_SP2, TNS_4-6_SP1

How do I update the package dependency list?
Thanks in advance!

I searched the webMethods forum and saw that sonam chauhan had the same problem during Aug 2002. The solution is not given there.
Sonam, this is an SOS call. If you have a solution, please respond.
Thanks

Thanks Ed. That worked.
Sometimes, I wish I could cry out loud here!

THANK YOU GUYS!!!

You can update the package dependencies by launching the Developer. Select the package and update the panel on the right.

> Sonam, this is an SOS call. If you have a solution, please respond.

Hi Mark - I guess your problem got solved! But can you point me to the open discussion from Aug 2002? I remember a NoClassDefFound issue with the C1 Onramp, which I brute-forced by adding all C1OR classes to the classpath.

BTW, we use these 4.6 patches: TN SP1, IS SP2 and IS FIX 19.

The NoClassDefFound issue is introduced only when you apply a specific fixs/service pack against the 4.x Integration Server. If you do not have any fixes or SPs applied, you will not run across the class loading issues identified in this thread.

Take a look at the readme for SP2 and search for ‘classload’. It explains at a high level the changes to class loading for packages.

cheers!

Mark - what was the Aug 2002 thread you were referring to? Maybe the stuff below can help…

Hm, thanks Ed. The only issue we had with our current set of patches (TN SP1, IS SP2 and IS FIX 19) is that IS SP 2 broke the WmMarketConnectTN package due to a circular dependency. Earlier, I’ve mentioned the workaround for it (somewhere on wmusers.com ) … but WM officially released a fix for this on the 20th. I’ve included excerpts from the readme file below:

webMethods OnRamp for Commerce One MarketSite, 3.0 Fix 18

       February 2003 

…
4.0 Fix Contents

This fix is provided to assure compatibility
with IS46SP2. The WmMarketConnectTN package depends
on the WmTN package. With IS46SP2, the integration
server only checks packages which a package depends
on in order to find java classes. As such, the WmTN
package needs to depend on the WmMarketConnectTN package.
This will cause a circular dependency preventing the
integration server from starting. Instead,
this fix creates a /code/libs directory in the
WmMarketConnectTN package such that its classes are
available as native VM classes. Further, a readme.txt
file has been put in the directory such that package
replication picks up such directory during package
publication.
…

Hi,
Now when I am trying to submit a document to TN from my developer by

1. createEnvelopefromString
2. receiveEnvelope
   I am receiving this error.
   Any ideas?
   And Sonam, here is the thread that I was referring to.
   [url]http://advantage.webmethods.com/cgi-bin/advantage/main.jsp?w=0&targChanId=-536881002&action=viewMessage&gid=536880006&mid=1610615109[/url]
   Thanks

com.wm.app.b2b.server.ServiceException:

wm.tn.doc:recognize

  com.wm.app.tn.doc.BizDocTypeException 
Cannot determine if doctype class is XML (com.wm.pkg.marketconnect.tn.MarketConnectBizDocType) 

(0) java.lang.ClassNotFoundException: com.wm.pkg.marketconnect.tn.MarketConnectBizDocType
(1) java.lang.ClassNotFoundException: com.wm.pkg.marketconnect.tn.MarketConnectBizDocType

  java.lang.ClassNotFoundException: com.wm.pkg.marketconnect.tn.MarketConnectBizDocType 

java.lang.ClassNotFoundException: com.wm.pkg.marketconnect.tn.MarketConnectBizDocType

java.lang.ClassNotFoundException: com.wm.pkg.marketconnect.tn.MarketConnectBizDocType

at java.net.URLClassLoader.findClass(URLClassLoader.java(Compiled Code))

at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))

at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java(Compiled Code))

at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))

at java.lang.Class.forName1(Native Method)

at java.lang.Class.forName(Class.java(Compiled Code))

at com.wm.app.tn.doc.BizDocTypeReg.recognize(BizDocTypeReg.java:318)

at com.wm.app.tn.doc.BizDocTypeReg.recognizeAndCreate(BizDocTypeReg.java:442)

at wm.tn.doc.recognize(doc.java:645)

at java.lang.reflect.Method.invoke(Native Method)

at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java(Compiled Code))

at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))

at com.wm.app.b2b.server.BaseService.invoke(BaseService.java(Compiled Code))

at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java(Compiled Code))

at com.wm.lang.flow.FlowState.invokeNode(FlowState.java(Compiled Code))

at com.wm.lang.flow.FlowState.invoke(FlowState.java(Compiled Code))

at com.wm.lang.flow.FlowState.invoke(FlowState.java(Compiled Code))

at com.wm.app.b2b.server.FlowSvcImpl.baseInvoke(FlowSvcImpl.java(Compiled Code))

at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))

at com.wm.app.b2b.server.BaseService.invoke(BaseService.java(Compiled Code))

at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java(Compiled Code))

at com.wm.lang.flow.FlowState.invokeNode(FlowState.java(Compiled Code))

at com.wm.lang.flow.FlowState.invoke(FlowState.java(Compiled Code))

at com.wm.lang.flow.FlowState.invoke(FlowState.java(Compiled Code))

at com.wm.app.b2b.server.FlowSvcImpl.baseInvoke(FlowSvcImpl.java(Compiled Code))

at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))

at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))

at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java(Compiled Code))

at com.wm.app.b2b.server.Service.doInvoke(Service.java(Compiled Code))

at com.wm.app.b2b.server.Service.doInvoke(Service.java:458)

at pub.marketconnect.transport.

Go to packages\WmMarketConnectTN\code folder and create a “libs” folder. Also there is a known issues with the above fix in advantage site.

Could you please tell me where to find the known issues for C1 in the webMethods site? I looked under the known issues and bugs section, but couldnt find anything there.
Thanks

Under Known Issues/FAQ->C1 OnRamp for Commerce One MarketSite 3.0 goto “Cannot submit C1 OnRamp Document after applying IS_4-6_SP2 and TNS_4-6_SP1”

The error you desribed looks like that, so throught may be helpful.

I fixed the earlier error by adding the dependency to the WmMarketConnectTN package.
Now I am getting this error.
I think there is a patch for C1 adaptor for this errors. Any ideas?
Thanks

java.lang.IllegalArgumentException: Alias default not found.
at com.wm.pkg.marketconnect.config.ConfigurationManager.getAlias(ConfigurationManager.java:191)
at wm.marketconnect.xdk.transport.getSendEnvelopeServiceFromAlias(transport.java:227)
at wm.marketconnect.xdk.transport.sendEnvelope(transport.java:182)
at java.lang.reflect.Method.invoke(Native Method)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:288)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.BaseService.invoke(BaseService.java:140)
at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java:292)
at com.wm.lang.flow.FlowState.invokeNode(FlowState.java:559)
at com.wm.lang.flow.FlowState.step(FlowState.java:430)
at com.wm.lang.flow.FlowState.invoke(FlowState.java:400)
at com.wm.app.b2b.server.FlowSvcImpl.baseInvoke(FlowSvcImpl.java:1786)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:450)
at com.wm.app.b2b.server.Service.doInvoke(Service.java:495)
at com.wm.app.b2b.server.Service.doInvoke(Service.java:392)
at wm.marketconnect.tn.delivery.sendEnvelope(delivery.java:122)
at java.lang.reflect.Method.invoke(Native Method)
at com.wm.app.b2b.server.JavaService.baseInvoke(JavaService.java:281)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.BaseService.invoke(BaseService.java:140)
at com.wm.lang.flow.FlowInvoke.invoke(FlowInvoke.java:292)
at com.wm.lang.flow.FlowState.invokeNode(FlowState.java:559)
at com.wm.lang.flow.FlowState.step(FlowState.java:430)
at com.wm.lang.flow.FlowState.invoke(FlowState.java:400)
at com.wm.app.b2b.server.FlowSvcImpl.baseInvoke(FlowSvcImpl.java:1786)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:688)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:450)
at com.wm.app.b2b.server.Service.doInvoke(Service.java:495)
at com.wm.app.b2b.server.Service.doInvoke(Service.java:392)
at com.wm.app.tn.delivery.DeliveryUtils.invokeLocal(DeliveryUtils.java:930)
at com.wm.app.tn.delivery.DeliveryUtils.invokeService(DeliveryUtils.java:569)
at com.wm.app.tn.delivery.GuaranteedJob.invoke(GuaranteedJob.java:203)
at com.wm.app.tn.delivery.JobMgr$JobExecutor.run(JobMgr.java:975)
at com.wm.util.pool.PooledThread.run(PooledThread.java:103)
at java.lang.Thread.run(Thread.java:498)

Mark - Do you get this while trying to send out documents using the WmMarketConnectTN delivery service? It seems the delivery service isn’t able to select the correct alias for this customer. So its dropping down to the alias called ‘default’, but that’s not created either. So it chokes out.

In the TN profiles, choose the customer’s TN profile, then ‘Extended fields’; select the ‘C1 OnRamp’ group, and make sure the ‘MarketSite Alias’ is set to the correct alias defined in the C1 Onramp web administrator tool, and that the ‘C1DeliveryMode’ field is set to ‘Receiver Market’. If you see something different, do post it here.

PU: I found the bug with the C1 Onramp. You can just use “webMethods OnRamp for Commerce One MarketSite, 3.0 Fix 18” instead of manually creating the libs directory. The problem is this directory isn’t transferred across during package creation unless its non-empty.

Also, Mark - the problem I posted on Advantage went away with a server restart IIRC (its been sometime… . Also, we don’t use WmMarketConnectHTTPS anymore since we only deal with 4.1+ C1 Marketsites (which have fixed their HTTPS bug).

Hi Sonam,
Thanks for the reply.
I searched webMethods archive and found a bug regarding the default Alias.

This fix applies to the C1 Envelope HTTP(S) delivery service. Before this fix, all envelopes were routed to the default Alias. This fix now correctly routes the envelopes to the destination as specified by the C1DeliveryAlias attribute.

Commerce One OnRamp 3.0, Fix 7
I guess I will have to get the fix from wM.
Thanks

VR - Sorry man… I had hit this bug myself, and it should have sprung to mind. I keep forgetting the C1OR has its own seperate list of fixes! Below is the list of C1OR fixes that has our platform running stable with multiple marketsites.

The two numbers below are from the C1OR ‘About’ screen:
C1OR Version: 3.0.6
C1OR Build Number: 64

These are the C1OR Fixes we applied (no screen exists for this):
A) Certificate workaround - Used to deliver documents without certs to remote C1 marketsites which have a cert delivery bug. I don’t know the specific name for this fix, but it replaces C1OR Fix 1 (C1HTTPSClient.zip) which does not work on the 4.6 platform.
B) Fix 6 - makes Sender-Id corresponds to the participant ID
C) Fix 7 - fixes envelope routing to default Alias
D) Fix 8 - cosmetic fix for the web UI.
E) Fix 18 - ‘libs’ issue

I got “kills” A, B, D and E. :-). If someone is using the C1OR with other fixes, can you please add to this thread?

One thing - you may need to use the custom HTTPS listener provided in WmMarketConnectHTTPS. This is only needed if you transact with C1 marketsites whose C1 software version is below 4.1. With C1 4.1 and above, the normal HTTPS listener does fine.

It seems like C1 integration is a messy one. I am now trying to test sending documents to C1 site.
Thanks everyone and I will keep you posted how it goes.

Sonam,
We are using C1 OnRamp 3.0 with C1SP1. It is still in dev.
Fix 1 and 8 are already part of the SP1. That makes your version 3.0.12 build 70. We did the “libs” solution manually.
In production we have C1 OnRamp 3.0 with fix 1,2,3,4 for OnRamp that takes the version to 3.0 and build 62. I need to check on fix 6, 7, 18

Thanks for the information PU. I didn’t know that C1SP1 was out.
Fixes 6 and 7 are needed to communicate with multiple marketsites. Fix 18 is the same as the /libs fix you did manually.

Cheers!
Sonam

Hi,
I have been trying to get the C1 issues fixed. Now when I try to invoke the SendEnvelope service, the document doesnt get posted to Trading Networks. I search the TN for any documents but there is none. I also tried the receiveDocument but to no avail!
Any help is greatly appreciated.
Thanks

Error message indicates–TN ConversationScript is not able to recognize RNO (PIP starting doctype) that you are posting and not able to kickoff the conversation.

Pls make sure the RNO complies with mandatory headers(Preamble,Delivery,ServiceHeader,ServiceContent), and with proper cofiguration of loading PAR files with starting doctype.

HTH.

–
<javaclass>java.lang.NoClassDefFoundError</javaclass>
<message>com/wm/app/tn/cm/ConversationScriptList</message>
<stacktrace>java.lang.NoClassDefFoundError: com/wm/app/tn/cm/ConversationScriptList

“NoClassDefFoundError” most likely means a classpath problem.

I don’t think this is a C1 Onramp isuse, and I am not sure how to fix it. However, but when we were using (buggy!) FCS versions of the C1 OnRamp, I had to hardcode the classpath to certain packages in server.sh. Thankfully, we don’t need to do that now, but we don’t use Conversation Manager.