Hi Srini,

You will need to download the Intermediate and Root CA certificates that was used to sign the certificate presented by the site you are trying to access, and import them into your B2Bi system.

I believe they will have Common Name of "GeoTrust RSA CA 2018" (Intermediate CA) and "DigiCert Global Root CA" (Root CA).

If you have access to the Internet, and you have the openssl tool available, you can run the command:

openssl s_client -servername download.cms.gov -connect download.cms.gov:443

This will show you some text from the certificate, and also provide a base64 encoded certificate in the PEM format (between and including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. You can copy & save this file with a .cer extension and use it to open on a windows system and you can use the Windows certificate manager can obtain and save the intermediate and root CA certificates from the certification path section. 

Otherwise you could possibly also obtain the certificates by visiting the site with your browser and viewing/saving the certificate where you have the padlock or other icon to indicate the site is using a certificate.


After you have imported it to B2Bi, you can view the Intermediate CA certificate in your system and you should see a "System Certificate ID" section. The ID value should be a string comprised of your B2Bi hostname, node id and some further identifiers.

You can then include this ID in the "CACertificateId" assignment in your BPML, like so:

<assign to="CACertificateId">myhostmachine:node1:1451e4d35f0:21048726</assign>

Note the values in my sample above are example only, and you will need the actual values from your system.

You would only use the <assign to="SystemCertificateId"> if the server requires a client certificate to be presented for authentication.

Perhaps refer to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/HTTP_Client_Begin_Session_svc.html


Then you should be able to make the connection to the server (and download the required files - providing you are following the HTTP Client Begin Session Service with a HTTP Client GET service or HTTP Client Method service).

Another way to make the connection is to create a trading partner profile and select the appropriate CA certificate when creating the profile and supply the ProfileId to the HTTP Client Begin Session service instead of explicitly providing the CA certificate ID.

Hope this helps.

Regards,
Andrew

Hi Srini,

You will need to download the Intermediate and Root CA certificates that was used to sign the certificate presented by the site you are trying to access, and import them into your B2Bi system.

I believe they will have Common Name of "GeoTrust RSA CA 2018" (Intermediate CA) and "DigiCert Global Root CA" (Root CA).

If you have access to the Internet, and you have the openssl tool available, you can run the command:

openssl s_client -servername download.cms.gov -connect download.cms.gov:443

This will show you some text from the certificate, and also provide a base64 encoded certificate in the PEM format (between and including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. You can copy & save this file with a .cer extension and use it to open on a windows system and you can use the Windows certificate manager can obtain and save the intermediate and root CA certificates from the certification path section. 

Otherwise you could possibly also obtain the certificates by visiting the site with your browser and viewing/saving the certificate where you have the padlock or other icon to indicate the site is using a certificate.


After you have imported it to B2Bi, you can view the Intermediate CA certificate in your system and you should see a "System Certificate ID" section. The ID value should be a string comprised of your B2Bi hostname, node id and some further identifiers.

You can then include this ID in the "CACertificateId" assignment in your BPML, like so:

<assign to="CACertificateId">myhostmachine:node1:1451e4d35f0:21048726</assign>

Note the values in my sample above are example only, and you will need the actual values from your system.

You would only use the <assign to="SystemCertificateId"> if the server requires a client certificate to be presented for authentication.

Perhaps refer to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/HTTP_Client_Begin_Session_svc.html


Then you should be able to make the connection to the server (and download the required files - providing you are following the HTTP Client Begin Session Service with a HTTP Client GET service or HTTP Client Method service).

Another way to make the connection is to create a trading partner profile and select the appropriate CA certificate when creating the profile and supply the ProfileId to the HTTP Client Begin Session service instead of explicitly providing the CA certificate ID.

Hope this helps.

Regards,
Andrew

<onFault>      <sequence name="OnFault">        <operation name="HTTP Client End Session Service">          <participant name="HTTPClientEndSession"/>          <output message="HTTPClientEndSessionServiceTypeInputMessage">            <assign to="." from="*"></assign>            <assign to="SessionToken" from="/ProcessData/SessionToken/text()"></assign>          </output>          <input message="inmsg">            <assign to="." from="*"></assign>          </input>        </operation>        <choice name="Choice Start">	   <select>	      <case ref="FileNotFound" negative="true" activity="generateException_serverError"/>	      <case ref="FileNotFound" activity="FileNotFound_Okay"/>           </select>         <sequence name="generateException_serverError">                <assign to="ErrorMessage">Resp code is neither 200 nor 404 </assign>		<operation name="generateException">		  <participant name="BPExceptionService"/>		  <output message="Xout">		    <assign to="exceptionCode">Error, Document download Failed via HHTPS.</assign>		    <assign to="." from="*"></assign>		  </output>		  <input message="Xin">		    <assign to="." from="*"></assign>		  </input>		</operation>	 </sequence>	 <sequence name="FileNotFound_Okay">	        <assign to="ErrorMessage">Resp code is 404.This isOkay  </assign>	 		 </sequence>	</choice>      </sequence>    </onFault>

Hi Srini,

You will need to download the Intermediate and Root CA certificates that was used to sign the certificate presented by the site you are trying to access, and import them into your B2Bi system.

I believe they will have Common Name of "GeoTrust RSA CA 2018" (Intermediate CA) and "DigiCert Global Root CA" (Root CA).

If you have access to the Internet, and you have the openssl tool available, you can run the command:

openssl s_client -servername download.cms.gov -connect download.cms.gov:443

This will show you some text from the certificate, and also provide a base64 encoded certificate in the PEM format (between and including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. You can copy & save this file with a .cer extension and use it to open on a windows system and you can use the Windows certificate manager can obtain and save the intermediate and root CA certificates from the certification path section. 

Otherwise you could possibly also obtain the certificates by visiting the site with your browser and viewing/saving the certificate where you have the padlock or other icon to indicate the site is using a certificate.


After you have imported it to B2Bi, you can view the Intermediate CA certificate in your system and you should see a "System Certificate ID" section. The ID value should be a string comprised of your B2Bi hostname, node id and some further identifiers.

You can then include this ID in the "CACertificateId" assignment in your BPML, like so:

<assign to="CACertificateId">myhostmachine:node1:1451e4d35f0:21048726</assign>

Note the values in my sample above are example only, and you will need the actual values from your system.

You would only use the <assign to="SystemCertificateId"> if the server requires a client certificate to be presented for authentication.

Perhaps refer to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/HTTP_Client_Begin_Session_svc.html


Then you should be able to make the connection to the server (and download the required files - providing you are following the HTTP Client Begin Session Service with a HTTP Client GET service or HTTP Client Method service).

Another way to make the connection is to create a trading partner profile and select the appropriate CA certificate when creating the profile and supply the ProfileId to the HTTP Client Begin Session service instead of explicitly providing the CA certificate ID.

Hope this helps.

Regards,
Andrew

<onFault>      <sequence name="OnFault">        <operation name="HTTP Client End Session Service">          <participant name="HTTPClientEndSession"/>          <output message="HTTPClientEndSessionServiceTypeInputMessage">            <assign to="." from="*"></assign>            <assign to="SessionToken" from="/ProcessData/SessionToken/text()"></assign>          </output>          <input message="inmsg">            <assign to="." from="*"></assign>          </input>        </operation>        <choice name="Choice Start">	   <select>	      <case ref="FileNotFound" negative="true" activity="generateException_serverError"/>	      <case ref="FileNotFound" activity="FileNotFound_Okay"/>           </select>         <sequence name="generateException_serverError">                <assign to="ErrorMessage">Resp code is neither 200 nor 404 </assign>		<operation name="generateException">		  <participant name="BPExceptionService"/>		  <output message="Xout">		    <assign to="exceptionCode">Error, Document download Failed via HHTPS.</assign>		    <assign to="." from="*"></assign>		  </output>		  <input message="Xin">		    <assign to="." from="*"></assign>		  </input>		</operation>	 </sequence>	 <sequence name="FileNotFound_Okay">	        <assign to="ErrorMessage">Resp code is 404.This isOkay  </assign>	 		 </sequence>	</choice>      </sequence>    </onFault>

Hi Srini,

You will need to download the Intermediate and Root CA certificates that was used to sign the certificate presented by the site you are trying to access, and import them into your B2Bi system.

I believe they will have Common Name of "GeoTrust RSA CA 2018" (Intermediate CA) and "DigiCert Global Root CA" (Root CA).

If you have access to the Internet, and you have the openssl tool available, you can run the command:

openssl s_client -servername download.cms.gov -connect download.cms.gov:443

This will show you some text from the certificate, and also provide a base64 encoded certificate in the PEM format (between and including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines. You can copy & save this file with a .cer extension and use it to open on a windows system and you can use the Windows certificate manager can obtain and save the intermediate and root CA certificates from the certification path section. 

Otherwise you could possibly also obtain the certificates by visiting the site with your browser and viewing/saving the certificate where you have the padlock or other icon to indicate the site is using a certificate.


After you have imported it to B2Bi, you can view the Intermediate CA certificate in your system and you should see a "System Certificate ID" section. The ID value should be a string comprised of your B2Bi hostname, node id and some further identifiers.

You can then include this ID in the "CACertificateId" assignment in your BPML, like so:

<assign to="CACertificateId">myhostmachine:node1:1451e4d35f0:21048726</assign>

Note the values in my sample above are example only, and you will need the actual values from your system.

You would only use the <assign to="SystemCertificateId"> if the server requires a client certificate to be presented for authentication.

Perhaps refer to: https://www.ibm.com/support/knowledgecenter/SS3JSW_6.0.0/integrating/integrating/integrator/HTTP_Client_Begin_Session_svc.html


Then you should be able to make the connection to the server (and download the required files - providing you are following the HTTP Client Begin Session Service with a HTTP Client GET service or HTTP Client Method service).

Another way to make the connection is to create a trading partner profile and select the appropriate CA certificate when creating the profile and supply the ProfileId to the HTTP Client Begin Session service instead of explicitly providing the CA certificate ID.

Hope this helps.

Regards,
Andrew