CA Private Certificate

[AvatarBhola]

Good day,

I am having the following issue with one of our vendors. They are using IBM AS2 communication with us.
We can send EDI files just fine to them, however when they try send something to us we get this error.

We used a CA authority (GoDaddy) to obtain the public and private keys. What we didn't do is send them all the files, we
just sent them the public key.

Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 513, in verify_message
verify_cert, sig, signed_data, digest_alg
File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1079, in rsa_pkcs1v15_verify
return _verify(certificate_or_public_key, signature, data, hash_algorithm)
File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1437, in _verify
raise SignatureError('Signature is invalid')
oscrypto.errors.SignatureError: Signature is invalid

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/pyas2lib/as2.py", line 637, in parse
self.digest_alg = verify_message(mic_content, signature, verify_cert)
File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 522, in verify_message
) from e
pyas2lib.exceptions.IntegrityError: Failed to verify message signature: Signature is invalid

Also, when we had a meeting with them they said this maybe the issue.

Cause
IBM Sterling B2B Integrator is compliant with AS2 RFC as outlined in: https://www.ietf.org/rfc/rfc4130.txt

Non-compliant headers were received in the inbound MDN message.

Diagnosing The Problem
Check the MDN received by viewing the Primary Document at the EDIINTPipelineParse service in error, verify that it contains an header like below:

X-Content-Type-Options: nosniff

Anything would help!

[marianomd]

Hello @AvatarBhola could you solve it?