Hi…

We need to send EDI 856 to a partner. The have asked for signed (SHA 1) and encrypted (3DES) data to be sent and they have shared us their cert.
This is not a root cert and doesnt have CA cert in it
(Not sure if the terminology is correct. I mean to say they have not provided CA cert and when asked for the same they sd for all the partners they have provided only one cert onlytill now)

When we try to import the client provided cert in TN, we are getting an error
“Bad Certificate Chain for usage sing: Certificate chain contains only one non-self signed Certificate”

Obviosly, when we send the data to the partner, plain text is reaching them and is getting rejected at their end with error “data signature is not as expected”.

Alos, strangely, we are getting two MDN’s , one with unknown sender/receiver.
The MDN which is coming in with correct sender/receiver is failing with the error…

“Unable to trtieve partners certifacte”

Could any one throw some light on this pls

when you load cert in TN for signing and encryption, you do need the whole chain: CA, internmediate and public. open your client’s cert, see if you can export (save file) the root (in the tree structure of the cert view screen). If you can, then load all of them to the TN profile. if you can’t, you need to ask your client to send you the root separately.

HTH,
Tong

HI Tongwong,

thanks for the reply…

The certificate that client has provided do not have root in the tree structure of the cert view screen.

When we asked the client to provide CA cert, he sd we have many partners and we gave only this cert to them.

So, was bit confused if we missed some thing at our end.

If you have a URL to your client’s system, try to put it in the browser (with https://), the browser will try to retrieve the server cert, you can get the cert (full chain) by clicking the button on the right side of the URL box.