SML notes

SML Notes

If the SML communication does not work, please check the following:

Does the certificate match the SML? So is "pilot certificate" used for SMK and "production certificate" for SML?
If creation fails, please ensure that nobody else already registered that participant from a different SMP (use e.g. https://peppol.helger.com/public/locale-en_US/menuitem-tools-participant to check)

HTTP status codes and their meaning

This section tries to summarize the error codes and what they mean. This list is extracted from the official documentation:

SMP management APIs

Initially register SMP to SML (create)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 500: Any other error occurred that prevented the SML to process the request
Check registration of SMP to SML (read)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 404: The identifier of the SMP could not be found
- HTTP 500: Any other error occurred that prevented the SML to process the request
Updated registration of SMP to SML (update)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 404: The identifier of the SMP could not be found
- HTTP 500: Any other error occurred that prevented the SML to process the request
Unregister SMP from SML (delete)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 404: The identifier of the SMP could not be found
- HTTP 500: Any other error occurred that prevented the SML to process the request

Service Group management

Create new Service Group in SML (create)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 404: The SMP could not be found
- HTTP 500: Any other error occurred that prevented the SML to process the request
Delete Service Group in SML (delete)
- HTTP 400: Request is not valid
- HTTP 401: The user is not authorized
- HTTP 404: The SMP or participant could not be found
- HTTP 500: Any other error occurred that prevented the SML to process the request

Generic error codes

The following errors may occur independent from the API - this list was collected from user messages and is not complete.

HTTP 400: for create actions: the identifier is already in use
HTTP 400: for create actions: the identifier is malformed (e.g. the scheme iso6523-actorid-upis is missing, or the value does not follow the scheme 0000:abc123)
HTTP 503: the used client certificate is expired
HTTP 503: the used client certificate is not the one stored in the SML

Known glitches

401

Sometimes the SML returns an HTTP 401 (Unauthorized) when deleting a ServiceGroup. If you are sure that you own the Service Group, just try again. Especially when a Service Group was just created, it may take some time until everything works.

Also if migration started on a participant, it cannot be deleted. You need to contact SML support.

Special "soapAction" with blanks

Due to historical reasons, the WSDL for the "manage businesses" interface contains a "soapAction" that contains 9 spaces. This is caused by unfortunate copying from PDF :(

Network connection to CEF SML

CEF updated their TLS connection parameters in March/May 2020 for SMK and SML:

A change of the TLS Security Profile will be made on the SML in acceptance (SMK). Once the change has been applied, the following protocols will be accepted: Accepted TLS protocols:

TLSv1.2

TLSv1.1 will be disabled!

Accepted Cipher-suites:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (coming soon)

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

We request all the users to test their SMP connection with SML in Acceptance environment after the maintenance operation.

This page lists the minimum requirements from a Java perspective.

TLS 1.2

Support in Java 1.7+

Cipher suites

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - Supported in Java 1.7+
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - Supported in Java 12+ (Note: works only with TLS 1.2. Would be TLS_CHACHA20_POLY1305_SHA256 for TLS 1.3)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - Supported in Java 1.7+
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - Supported in Java 1.7+
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - Supported in Java 1.7+

Sources

It is appreciated if you star the GitHub project if you like it.

Donation link: https://paypal.me/PhilipHelger

Home
News and noteworthy
Migrations
Download
Features
- REST API
- Status API
Configuration
Running
- Peppol initialization
- Security
- Apache httpd
- nginx
- IIS
- Apache Tomcat
- WildFly
- SML notes
- Docker
Source related
Other information
- AusDigital DCP
- Difference between Peppol and OASIS BDXR
Future plans
License
Release Tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly