Certificate-permissions

Clearance and Reporting
1

While trying to clear Standard Invoice, I got this error

“type”: “ERROR”,
“code”: “certificate-permissions”,
“category”: “CERTIFICATE_ERRORS”,
“message”: “User only allowed to use the vat number that exists in the authentication certificate”

3

When we are trying to generate third party invoices?

is the Seller VAT supposed to be the same as the VAT in the CSID even in third party invoices? that would require that the invoicing VAT must generate a CSID for the seller VAT separately with the OTP generated by the seller VAT on the Fatoora portal?

5

Hi @Aturkistani,
I created a new CSR with the Seller VAT, but Iam still receiving the same error.

Also, when generating the CSR, only CSR and Private Key files generated, so what will be the certificate and private key to sign the xml document.

Is it better to use simualtion environment or developer-portal ?

Thanks.

6

hi @aahmed,

Only simplified invoices (B2C) are required to be signed. You can obtain your certificate by following these steps:

  1. Submit the CSR and (OTP obtained from the Fatoora portal) in the Compliance CCSID API.
  2. After successful submission, a security binary token and secret will be returned.
  3. Take the returned security binary token and decode the value using a base 64 decoder. The output after decoding is the (X.509 certificate/CSID) that you should sign your invoices with.

both of developer portal & simulation environment are valuable resources for testing and guidance, you can use them upon your need. In the developer portal (sandbox), there are only dummy values. If you would like to make sure that your solution is compliant with the onboarding process, then use your own values and credentials in the simulation environment.developer portal has also the API documentation guide which will guide you on API usage.

you are also advised to read the techinical guideline & other e-invocing related guidelines, please do not hesitate to reach out if you have any other questions.

thank you,

7

Thanks @Aturkistani for your support,

I tried the mentioned steps,
Generate CSR and Private Key, then tried to sign invoice using the generated private key and the decoded security binary token that returned from CSID API, but the signing failed in second step “Second Step : Generating Digital Signature”.
Kindly note that Iam using the default OTP “123345”, and working on simulation environment APIs.

8

@aahmed

are you using SDK to sign invoices? please make sure to have the latest version of SDK installed and , do the following:

1- get your CSR config file ready with all of the required inputs, then open the command line interface in the CSR config file path and type this command to generate the CSR and private key for simulation :
Fatoora -sim -csr -csrconfig [file name]

Note: simulation and production are independent environments, so if you want to generate a CSR for simulation please make sure to put the flag -sim.

2- get your OTP from FATOORA portal that’s associated with the VAT number you have put in the CSR config file, make sure to switch the environment to simulation, you will find the button top-right the page

3- get your certeficate from following the same mentioned steps earlier

4- after getting your X.509 certiecate & private key, please go to the Certificates folder in SDK by following this path “SDK folder\data\Certificates”

5- after going to Certificates in the follwed path above, you will find 2 files:
first file is cert.pem : you are requested to replace the X.509 cert value here, so copy and paste your X.509 cert. (make sure that the pasted value is already a decoded security binarytoken using base64 decoder).

second file is ec-secp256k1-priv-key.pem: you are requested to replace the value of your generated private key here. just copy your generated private key and paste it here.

6- now you will be able to sign your B2C invoices with your certificate, by using this command:

fatoora -sign -invoice [invoice file name]

and this is how sucessfully you can sign your B2C invoices, after getting your invoices signed you can go to the next step which is compliance checks (compliance invoice API), and submit your invoices there to obtain the production CSID\Certificate.

notes
1- you may keep a record of the replaced private key & certificate values.
2- to sign invoices with other certificate & private key, always make sure to replace the values in the SDK folder with correct ones.

if you have any questions, please do not hesitate to reach out :).

thanks.

9

@Aturkistani ,

When try to sing the invoice, I got this error

“Error on line 1 column 1
SXXP0003 Error reported by XML parser: Content is not allowed in prolog.: Content is not
allowed in prolog.
2023-09-07 09:34:49,023 [ERROR] InvoiceSigningService - failed to sign invoice [unable to generate hash for the provided invoice xml document - org.xml.sax.SAXParseException; lineNumber: 1; columnNumb
er: 1; Content is not allowed in prolog.]”

Although when validate the invoice before signing using web validator it has no errors.

10

Dear @aahmed,

Please note that this error means that the invoice structure is incorrect, not following the UBL standards 2.1, if you try to validate the invoice before signing you will find XSD errors in it, please take SDK invoices samples as reference to build the invoice and try signing again.

Regards,

11

Dear @kiaziz ,

I had validated the invoice before signing, and I got these errors

Errors

  • category : SIGNATURE_ERROR

  • **code :**certificate

  • message : wrong invoiceCertificate

  • category : SIGNATURE_ERROR

  • **code :**NullPointerException

  • message :

  • category : BR_KSA_ERROR

  • **code :**BR-KSA-28

  • message : If the cryptographic stamp (KSA-15) exists in the invoice, this cryptographic stamp (KSA-15) must contain the exact “urn:oasis:names:specification:ubl:signature:1” value for signature information ID.

but when tried to sign it, Signed Successfully, but when validated after signing, I got these errors

Errors

  • category : SIGNATURE_ERROR

  • **code :**X509IssuerName

  • message : wrong X509IssuerName

  • category : SIGNATURE_ERROR

  • **code :**X509SerialNumber

  • message : wrong X509SerialNumber

Note: these errors from SDK Web Validator, but when I used the SDK Command it is Passed.

Kindly advice.

12

This means there is something wrong in the XML, please take SDK invoices samples as reference to build the invoice or perhaps you can share with us the invoice through the RM to investigate it more.

Regards,