I am getting the certificate error - Please assist
Morning @James
Thanks for reaching out, I hope you are doing well
If the issue still exists, can I kindly ask you to mention the exact steps that you followed during the onboarding process with each API?
Thanks,
Ibrahem Daoud.
Thankyou @idaoud for your response. Please note that I have completed B2B and the app is Live. I am now implementing B2C. I was experiencing the above errors when I tried pushing the invoice to : https://gw-fatoora.zatca.gov.sa/e-invoicing/developer-portal/invoices/reporting/single . I figured out that I was sending the invoice without signed UBL extensions and after I tried sending the invoice including the UBL extensions I am getting different errors: “errorMessages”: [
{
“type”: “ERROR”,
“code”: “publicKey_QRCODE_INVALID”,
“category”: “QRCODE_VALIDATION”,
“message”: “ECDSA Public Key does not match with qr code ECDSA public key”,
“status”: “ERROR”
},
{
“type”: “ERROR”,
“code”: “CERTIFICATE_SIGNATURE_QRCODE_INVALID”,
“category”: “QRCODE_VALIDATION”,
“message”: "certificate signature does not match with qr certificate signature value ",
“status”: “ERROR”
},
{
“type”: “ERROR”,
“code”: “signed-properties-hashing”,
“category”: “CERTIFICATE_ERRORS”,
“message”: “Invalid signed properties hashing, SignedProperties with id=‘xadesSignedProperties’”,
“status”: “ERROR”
}
],
“status”: “ERROR”
Below is my procedure -
- I am canonicalizing my invoice without the UBL extensions and hashing it using SHA-256 to get my invoice hash
- I add back the UBL extensions and add all the required fields as per the “Updated signed documentation”
-
- I am base 64 encoding the invoice (including UBL extensions) and send them to the reporting API - Note that I am using the invoice hash generated from step 1
clarification required: During ECDSA signing, I am using the private key (that was generated from the zatca sdk alongside CSR) to sign the invoice hash generated in step 1. In the same C# code, I am generating the public key from the private key.
the ECDSA signature generated is used as tag 7 of the QR code(Same signature added in the UBL extensions) and the public key used as tag 8.
I am decoding my Binary token (PCSID) in using base64 and decoding it using certlogik where in the detailed section I am extracting below and use it as Tag 9 of QR CODE : Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:8e:04:10:15:ca:b3:14:56:fe:63:e4:76:8c:
6f:48:89:10:64:5f:79:c7:82:1a:d0:2f:42:ce:fd:c2:a8:7b:
07:02:21:00:86:a2:4a:91:ae:21:15:01:df:6f:14:49:4c:b3:
7c:a7:d1:b9:ee:2e:f1:42:33:58:3b:6f:de:3a:7c:90:f0:3a
The QR code generated is valid and ZATCA app is able to scan it succesfully - I am adding this QR code back to my signed XML before sending to reporting API.
I have tried to compare the public key generated from my private key with the public key hex data decoded from pcsid binary token (detailed section ) but its not matching. - Please guide on the missing step if any.
Dear @James
Can I kindly ask you to share your full concerns along with the certificate, APIs, and sample signed XML to the below mail, to schedule one to one meeting with our technical team if needed.
SP mail: sp_support@zatca.gov.sa
Thanks,
Ibrahem Daoud.
Thank you @idaoud , We have sent the errors/ procedures/certificates/xml Invoice to the indicated email.
@idaoud , Please respond to our email, we are still stuck.
Now we resolved the QR code error and we are remaining with “Invalid certificate hashing” & “Invalid signed properties hashing, SignedProperties with id=‘xadesSignedProperties’” could you please advise as I have seen several post indicating that we should maintain 36 spaces in the first line and 4 spaces in the next lines. I have maintained this but still facing this challenge. Kindly assist