Skip to Content

=> THIS BLOG WAS CREATED FOR OLDER VERSIONS OF SAP BUSINESS ONE, AND B1i BUSINESS ONE INTEGRATION FRAMEWORK (this comment is done on 26.03.2018).!!!!

 

INTRODUCTION:

 

The functionality of Electronic Documents CFDI for Mexican Localization provided by SAP Business One can be affected by changes on the PACs companies that provide the service ‘sello’.

 

When the functionality was released, in SAP Note 1580236 there was an attachment containing a cacerts file with all the web certificates for Edicom, Levicom and Tralix.

 

This cacerts, might contain a certification that even if it was valid when the SAP Note 1580236 was released, can experience changes or expire for one of the PACS

 

Here I show a sample related to a recent case with Edicom, on how to add the new certification:

 

On December 2012 users of PAC Edicom have received an e-mail/letter telling the following:

 

The web certificate used by Edicom to secure the communication channel to web.sedeb2b.com will expire on Dec. 23th. This site contains our Digital Tax Stamps Generation Service for CFDI, that you have hired/accredited with us.
A new certificate has been created  (download certificate) and it will be activated on Dec. 13th 09:00 (UTC-6)

This communication came together a link from where to download the new web certificate

 

How can I add this new web certificate to the existing certificates contained in the cacerts file of the SAP Note 1580236 ?

UPDATE: Later after this post was created, it was decided to include the updated cacerts in SAP Note 1580236, just for the use of customers that are in a transitory maintenance and use scenario versions that did not include the cacerts in the scenario package itself.

Never the less I kept this blog in case that it was required.

 

STEP 1: DOWNLOAD THE FILE PROVIDED BY PAC WITH NEW CERTIFICATE

 

Edicom has provided a link to download the new certificate by e-mail, contact with them if not:

 

the file that they provide is called  ‘web.sedeb2b.com.p7b’ contained in zip file, or it can have a different name in a new change

 

You can download the zip file containing the file called in this example ‘web.sedeb2b.com.p7b’ in any place that you consider right.

 

 

/wp-content/uploads/2012/12/cacert1_165727.jpg

STEP 2: INSTALL THE CERTIFICATE

 

Double click in the file ‘web.sedeb2b.com.p7b’ and follow all steps as marked by the import wizard.

 

 

You can trigger this installation as well by right click on the file and select option ‘Install Certificate’

 

STEP 3: CONVERT THIS FILE IN .CER

 

The certificate file ‘web.sedeb2b.com.p7b’ as it is needs to be converted in .cer file in order to be added to the current ‘cacerts’ file that SAP Business One Support provided in the SAP Note 1580236

 

3.1 Open the direct command as an administrator and type the command ‘certmgr.msc’ and press ‘ENTER’

/wp-content/uploads/2012/12/cacert3_165756.jpg

This will open the certificates browser window

 

/wp-content/uploads/2012/12/cacert4_165757.jpg

3.2 Browse to the folder ‘Other People/Certificates’ where you can find the certificate file ‘web.sedeb2b.com.p7b’

 

/wp-content/uploads/2012/12/cacert5_165761.jpg

Right click with the mouse on the file ‘web.sedebe2b.com’ and in ‘All Tasks’ select ‘Export’ to open the export wizard

 

/wp-content/uploads/2012/12/cacert6_165762.jpg

3.3 After press ‘Next’, in following window select the option ‘Base-64 encoded X.509 (.CER)’

 

/wp-content/uploads/2012/12/cacert7_165763.jpg

3.4 After pressing ‘Next’, a browser will open to give a name to the .cer file that will be created and as well  the path to where you want to store the file.

 

In this example I will store it in the same place where I initially saved the ‘web.sedeb2b.com.p7b’ and I will call it ‘EdicomNew’ and press ‘Save’

 

/wp-content/uploads/2012/12/cacert8_165767.jpg

3.4 press ‘Next’ until the message telling ‘Export was successful’ is displayed, ad press ‘Finish’.

 

As a results of this you have a new file called EdicomNew.cer in the selected folder

 

/wp-content/uploads/2012/12/cacert9_165768.jpg

STEP 4: ADD CERTIFICATE TO THE EXISTING CACERTS

 

4.1 before going any further, do copy the current cacerts that you downloaded from the note in somewhere safe, in my example I will store it in the same place where I am storing everything

 

/wp-content/uploads/2012/12/cacert10_165769.jpg

4.2 Copy the .cer file created in step 3.4, in my example ‘EdicomNew.cer’ into the folder ‘bin’ of your java application folder.

 

In my example, I will use the java that is provided with SAP Business One Integration, but you may use a different java that you have installed in your machine:

 

C:\Program Files (x86)\SAP\SAP Business One Integration\sapjre_6_64\jre\bin

 

/wp-content/uploads/2012/12/cacert11_165770.jpg

4.3 Ensure that in that java bin folder a file called ‘keytool.exe’ exists

/wp-content/uploads/2012/12/cacert12_165771.jpg

4.4 Open the direct command as an administrator and and change the directory to where the keytool.exe is located:

 

syntax:  cd [the path]

 

my example:

 

cd

 

C:\Program Files (x86)\SAP\SAP Business One Integration\sapjre_6_64\jre\bin

 

 

/wp-content/uploads/2012/12/cacert13_165772.jpg

4.5 Type ‘keytool.exe’ and press enter, the line of usable commands for keytool should open, from which we see the syntax for the instruction that we will need to execute:

‘-importcert’

/wp-content/uploads/2012/12/cacert14_165773.jpg

4.6 In the same root type the following command and press ‘ENTER’

Syntax:

keytool -importcert -file <Thefilecreatedin step 3.4> -keystore “<full path to the file where the cacert was stored in step 4.1>”

 

In my example:

 

keytool -importcert -file EdicomNew.cer -keystore “C:\InstalationPackage\SAPBusinessOnePatches\CacertEdicomnew\cacerts”

 

4.7 Here the command prompt will ask you for a password, do enter ‘changeit’ and press ‘ENTER’

 

/wp-content/uploads/2012/12/cacert15_165774.jpg

4.8 the line of command will ask you if you trust, you must type ‘yes’ and press ‘ENTER’

 

/wp-content/uploads/2012/12/cacert16_165775.jpg

A message must say that certificate was added to keystore

 

/wp-content/uploads/2012/12/cacert17_165776.jpg

If you check now the cacerts file of step 4.1 you will see that is not anymore date 19/05/2012 but the day of today 13/12.2012

 

/wp-content/uploads/2012/12/cacert19_165777.jpg

STEP 5:  CHANGE THE CACERTS

 

swap the current cacerts that is located in the security folder of java, that was used until now, for the new cacerts.

 

We do recommend renaming the existing one before swap

 

/wp-content/uploads/2012/12/cacert20_165778.jpg

You can see here that I backed up the cacerts that was in use ‘cacertsNote’, and as well the original cacerts that came with the java installation ‘cacertsOriginal’

 

STEP 6: RE START SAP BUSINESS ONE INTEGRATION SERVICE

 

To ensure changes in java have been taken by Integration solution for SAP Business One

 

STEP 7: TEST CONNECTION

 

In Integration Framework, in SLD select the SLD of Edicom MX-WS-EDICOM and test connection to ensure that new web certificate is ok

 

/wp-content/uploads/2012/12/cacert21_165782.jpg

Last Reminder

 

PACs can change thieir data connection: destProtocol, destHost, desPort, desPath to provide this service, and you should contact with the PAC to ensure that your data for connection are correct, and for the right service and that you have the right user name and password

To report this post you need to login first.

18 Comments

You must be Logged on to comment or reply to a post.

  1. Jose Antonio Castillo Post author

    Hi all:

    I have removed first picture displayed in 

    STEP 2: INSTALL THE CERTIFICATE

    Reason:

    It displayed the wizard on ‘export’, rather than install . That could cause some confusion because the picture didn’t match the description.

    I didn’t put another picture, I think is not required.

    (0) 
  2. Former Member

    Hello Jose

    Thanks all for this information.

    I just have a little question, i have generated my cacerts file in one server, can i replace it in other server or do i need to do all the process again?

    Thanks again and regards

    (0) 
  3. Jose Antonio Castillo Post author

    Edicom, cambio el certificado para el Webservice el 4 de Mayo:

    A) Para aquellos que esteis en 9.1 parche 06 o superior, SAP ha actualizado el scenario con el certificado actualizado

      Teneis que ir a la nota de SAP

    2271455, bajaros el archivo adjunto com.sap.eInvMX.2.0.11 (si estais en 9.1) o el com.sap.eInvMX.3.0.11  (si estais en 9.2) e importarlo en Integration Framework

    (como referencia, en la nota veis que se ha adjuntado un archivo jks , que es la parte del scenario que han modificado. No lo necesitais a no ser que vosotros mismos quisierais modificar el scenario manualmente, que no lo aconsejo)

    B) Para los que esteis en 9.1 parche 5 o inferior (8.82),  no se proporciona desde soporte en Nota de SAP ningún cacerts actualizado, ya que los scenarios que quedan dentro de soporte son los arriba mencionados, solo para 9.1 parche 6 o superior, con lo cual , no queda mas remedio que usar el procemiento manual arriba explicado

    tanto en un caso A o B, no os olvideis de reiniciar el servicio de Integration Service para estar seguro de que los cambios se grabaron

    (0) 
    1. David Marti

      El caso B también es resoluble, utilizando la herramienta keytool de java para importar el certificado de EDICOM dentro del almacén de confianza de B1iF.

      Este procedimiento es un poco mas “artesanal”, pero permite no tener que hacer una actualización de todo solo por el cambio de certificado.

      (0) 
      1. Former Member

        Hola David buenas tardes.   Nosotros estamos en el escenario B.  Hicimos todo el procedimiento, tal y como se explica al inicio y no nos funcionó.  Me puedes explicar a groso modo como poder llevar a cabo lo que tú recomiendas?  Garcias

        (0) 
        1. David Marti

          Buenos dias Fernando,

          Disculpa, el procedimiento al que me refería es el expuesto en esta entrada por Jose Antonio, es decir, importar el nuevo certificado de EDICOM dentro del cacerts que utilice tu B1iF.

          Debes estar seguro que el cacerts que has utilizado corresponde a la versión del JDK que esté utilizando el B1iF (32 o 64 bits, por defecto el de 64 bits).

          Si todo lo has hecho correctamente y no te funciona, seguramente el cacerts no era el lugar correcto donde importar el certificado.

          Busca si en tu B1iF dispones de la opción Tools->Control Center->Configuration->Certificate Administration.

          Si tienes esta opción, importa el certificado dentro de la bizstore (fíjate la URI que marca la configuración del sistema EDICOM en el SLD).

          Si no tienes esta opción, en qué versión de SAPB1 estas? Qué versión del escenario eInvMX tienes instado?

          Con esta información, si quieres, te voy ayudando sin problemas.

          Saludos.

          (0) 
  4. David Marti

    En referencia al cambio de certificado de EDICOM:

    Estando en 9.1 PL06 o superior, también es fácil y rápido importar el certificado de EDICOM directamente a B1iF utilizando en administrador de certificados.

    Es lo que hice y funcionó perfectamente.

    (0) 
    1. Jose Antonio Castillo Post author

      Eso tambien es correcto, pero:

      a)  es presuponer un cierto conocimiento de B1i que no siempre tienen los clientes,

      b) Implica cierta manipulación del scenario (el jks, es parte del contenido de los scenarios 2.0.x y 3.0.x )

      (0) 
      1. David Marti

        No se requiere ninguna modificación del escenario. És justamente aprovechar una característica que incorporan las nuevas versiones de B1iF (administración de certificados).

        En cualquier caso, en mi opinión y por mi experiencia, ni la actualización del escenario ni la importación de certificados es algo que se deba dejar a merced del cliente.

        (0) 
      1. David Marti

        No, el procedimiento descrito en esa nota es ciertamente “complejo”.

        EDICOM envió un correo advirtiendo del cambio de certificado y adjuntando unos enlaces para descargar los certificados necesarios (el propio del servidor, el intermedio y el raiz).

        El intermedio y el raiz ya estaban correctos dentro del B1iF, pues son certifcados que utiliza EDICOM para firmar los del servidor, que justamente es el que caducaba ayer.

        Me bajé el certificado y lo importé al B1iF:

        B1iF_CertAdmin_Init.png

        (1) 
  5. Former Member

    Buen dia Jose Antonio tengo el SAP 8.82 y tengo problemas en la facturacion realice los pasos que usted menciona pero al momento de llegar al paso 4.8 me llega este mensaje de error error de keytool: java.io.filenotfoundexception: C:\Program Files (x86)\SAP\SAP Business One Server\B1_SHR\XML\web.sedeb2b.com” (acceso denegado)

    no se si lo estoy haciendo mal podria asesorarme porfavor

    (0) 
    1. Former Member

      Necesitas iniciar sesión en el Sistema Operativo como Administrador, ó ejecutar la terminal con privilegios de administrador.

      Saludos.

      (0) 

Leave a Reply