I have generated CSR and private key and compliance through the compliance ID API, but the device is not listed in the listed device section of the simulation portal. I have used the “https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance” API for compliance CSID and received ,binarySecurityToken,secret,requestId, dispositionMessage": “ISSUED”.
Dear @Niloy
Thanks for reaching out,
To provide comprehensive support as usual, Can I kindly ask you to elaborate more mentioning all the steps that you followed from the beginning?
Thanks,
Ibrahem Daoud.
1 Like
I have followed the listed step for the generating CSID.
- Generate private key
- Generate CSR
- Generate otp from simulation portal
- used that otp to compliance api “https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance” and received the follwing response:
“requestID”: 1744214403614, “dispositionMessage”: “ISSUED”, “binarySecurityToken”: “TUlJQ1REQ0NBZktnQXdJQkFnSUdBWlliUjZvZU1Bb0dDQ3FHU000OUJBTUNNQlV4RXpBUkJnTlZCQU1NQ21WSmJuWnZhV05wYm1jd0hoY05NalV3TkRBNU1UVTFPVFU0V2hjTk16QXdOREE0TWpFd01EQXdXakI5TVFzd0NRWURWUVFHRXdKVFFURVdNQlFHQTFVRUN3d05VbWw1WVdSb0lFSnlZVzVqYURFdE1Dc0dBMVVFQ2d3a1UwMUJReUJEYjI1MGNtRmpkR2x1WnlCQmNtRmlhV0VnUTI5dGNHRnVlU0JNZEdRdU1TY3dKUVlEVlFRRERCNVVVMVF0TVRBeE1EZzNNVFkxT0Mwek1URTNOakEzTXpZeE1EQXdNRE13VmpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBQ2dOQ0FBUmR3OHZYL25oZlI1eGhWQlZoZXp2aml5SkwxdW5xWjJkemkvY3k4U1BOWDRGSFRFUUFsUEZ4bUxvaHZZYTBRaXovTy9yRWlxYlkvTWcwaFR3T25rbm1vNEhJTUlIRk1Bd0dBMVVkRXdFQi93UUNNQUF3Z2JRR0ExVWRFUVNCckRDQnFhU0JwakNCb3pGQ01FQUdBMVVFQkF3NU1TMU5kV2hoYzJsaWZESXRkakV1TUM0d2ZETXRZV1U0TWpnM01qQXRabVU1TXkwMFkyWm1MV0pqWkRVdFlXUXpNRFF3T0RGaU16ZzNNUjh3SFFZS0NaSW1pWlB5TEdRQkFRd1BNekV4TnpZd056TTJNVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0dBMVVFRHd3UlUzVndjR3g1SUdGamRHbDJhWFJwWlhNd0NnWUlLb1pJemowRUF3SURTQUF3UlFJZ1BPbjRwRDhWSEJ3RDFSVXVPQmNLOUlkMlozS3ErL21YVUJTNUtYYnFMaWNDSVFDdUlDZlRjblppWEd6Q3Jzd3lNQ0ZoN25ya1J0b3Z4N2NEOHhPUE1JYjlKZz09”, “secret”: “uihI8d0YlLA/nztCJbTn2ARDbfzeltGOBsDVdVZzVrI=” but the device is not listed in simulation portal.
Dear @Niloy
Thanks for your collaboration, Please find the below clarification:
What you are receiving is the CCSID you are missing other steps, After successfully receiving the CCSID you need to follow these steps:
1- Doing the compliance checks, Based on your config file if the invoice type, we have the following scenario:
a. If invoice type was 1000: you need to send 3 samples (standard, standard credit, standard debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
b. If invoice type was 0100: you need to send 3 samples (simplified, simplified credit, simplified debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
c. If invoice type was 1100: you need to send 6 samples (standard, standard credit, standard debit, simplified, simplified credit, simplified debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
2- After that you need to move to (https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/production/csids) to generate the PCSID for simulation environment in the body you will send requestID that you received with CCSID, in the Authorization you need to choose the basic auth and send the user name as “binarySecurityToken” and the pass as “secret” The API response should be your PCSID
Please refer to the Zatca to understand all the required parameters for each API.
Ensure that you are using the correct APIs you can find the simulation APIs in the below attached APIs_sim.png
If you need any further clarification, DO NOT hesitate to reach out out support team via below mail
SP mail: sp_support@zatca.gov.sa
Thanks,
Ibrahem Daoud.
1 Like
Thank you, @idaoud, for your suggestion. I have followed those steps till the compliance invoice, and all are executed successfully, but it is stuck at the production CSID API (https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/production/csids). I am getting this error:
{
"errorCode": "400",
"errorCategory": "Invalid-CSR",
"errorMessage": "The provided Certificate Signing Request (CSR) is invalid."
}.
In compliance, CSID has received the following data in response:
requestID": 1744279144454, “dispositionMessage”: “ISSUED”, “binarySecurityToken”: “TUlJQ1REQ0NBZktnQXdJQkFnSUdBWllmSTRnR01Bb0dDQ3FHU000OUJBTUNNQlV4RXpBUkJnTlZCQU1NQ21WSmJuWnZhV05wYm1jd0hoY05NalV3TkRFd01EazFPRFU1V2hjTk16QXdOREE1TWpFd01EQXdXakI5TVFzd0NRWURWUVFHRXdKVFFURVdNQlFHQTFVRUN3d05VbWw1WVdSb0lFSnlZVzVqYURFdE1Dc0dBMVVFQ2d3a1UwMUJReUJEYjI1MGNtRmpkR2x1WnlCQmNtRmlhV0VnUTI5dGNHRnVlU0JNZEdRdU1TY3dKUVlEVlFRRERCNVVVMVF0TVRBeE1EZzNNVFkxT0Mwek1URTNOakEzTXpZeE1EQXdNRE13VmpBUUJnY3Foa2pPUFFJQkJnVXJnUVFBQ2dOQ0FBUXp4emwvN1VpNUlrQTZENlhpbTdZMmxTVXZpUjZ6aFF0YU1JSzE0VVcxN2J5YTV0SHZaYlBxQVV5M3d3V2l1VklkZ0ViY0g3VUlDR1NqSXkrVis5eW9vNEhJTUlIRk1Bd0dBMVVkRXdFQi93UUNNQUF3Z2JRR0ExVWRFUVNCckRDQnFhU0JwakNCb3pGQ01FQUdBMVVFQkF3NU1TMU5kV2hoYzJsaWZESXRkakV1TUM0d2ZETXRZV1U0TWpnM01qQXRabVU1TXkwMFkyWm1MV0pqWkRVdFlXUXpNRFF3T0RGaU16ZzNNUjh3SFFZS0NaSW1pWlB5TEdRQkFRd1BNekV4TnpZd056TTJNVEF3TURBek1RMHdDd1lEVlFRTURBUXhNVEF3TVJFd0R3WURWUVFhREFoU1VsSkVNamt5T1RFYU1CZ0dBMVVFRHd3UlUzVndjR3g1SUdGamRHbDJhWFJwWlhNd0NnWUlLb1pJemowRUF3SURTQUF3UlFJZ0hQd2t6RUQ5bjkwRnVkZDcvTWE5bm9RemVqMmsvTGNtYldLMGhGaFhwS3NDSVFDeHM3cnE1VjZrOEo4Z1BKcEZ4WmRKNlpQZjEwU2NhVGtZaWFVYVBVWW1CQT09”, “secret”: “yarw8lMpHjnxCbDKCEC/YLU8TJxmbO8c6oGHcTdIQGQ=”
Dear @Niloy
Can you please elaborate more mentioning the exact steps that you followed to generate the CSR?
Thanks,
Ibrahem Daoud.
HI @idaoud I have followed the given steps:
- generate privatekey file by used
openssl_pkey_new([
‘private_key_type’ => OPENSSL_KEYTYPE_EC,
‘curve_name’ => ‘secp256k1’,
]); - used that private key to generate csr file.
my config content is
$cnfContent = "
oid_section = OIDs
[OIDs]
certificateTemplateName=1.3.6.1.4.1.1311.20.2
[req]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
[dn]
CN={$config[‘csr.common.name’]}
OU={$config[‘csr.organization.unit.name’]}
O={$config[‘csr.organization.name’]}
C={$config[‘csr.country.name’]}
[req_ext]
certificateTemplateName = ASN1:PRINTABLESTRING:PREZATCA-Code-Signing
subjectAltName = dirName:alt_names
[alt_names]
SN={$config[‘csr.serial.number’]}
UID={$config[‘csr.organization.identifier’]}
title={$config[‘csr.invoice.type’]}
registeredAddress={$config[‘csr.location.address’]}
businessCategory={$config[‘csr.industry.business.category’]}
";
generate a conf file after that have used $csrConfig = [
“config” => $configFile,
“digest_alg” => “sha256”,
];
$csr = openssl_csr_new($dn, $privateKey, $csrConfig); to generate csr
Dear @Niloy
Ensure that you are using (Win64OpenSSL_Light-3_3_0.exe).
After that please follow the below command
1- To generate the private key use:
openssl ecparam -name secp256k1 -genkey -noout -out ec-secp256k1-priv-key.pem
2- To generate the public key use:
openssl ec -in ec-secp256k1-priv-key.pem -pubout > ec-secp256k1-pub-key.pem
3- To generate the CSR use:
openssl req -new -sha256 -key ec-secp256k1-priv-key.pem -extensions v3_req -config config.cnf -out my.csr
Ensure that you are using the same name for your .cnf file with the extension.
If the above steps did not fix the issue, Kindly share your full concern along with your .cnf file to the SP mail shared previously on this post.
Thanks,
Ibrahem Daoud.
hi @idaoud actually I am using Open ssl 1.1.1 in a linux enviroment and the csr is generating in serverside i am not using the Win64OpenSSL_Light-3_3_0.exe here. So what should be the procedure in my case?
Hi @idaoud, Thanks for your suggestion. I have a little bit of doubt that:
"
Doing the compliance checks, Based on your config file if the invoice type, we have the following scenario:
a. If invoice type was 1000: need to send 3 samples (standard, standard credit, standard debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
b. If invoice type was 0100: need to send 3 samples (simplified, simplified credit, simplified debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
c. If invoice type was 1100: need to send 6 samples (standard, standard credit, standard debit, simplified, simplified credit, simplified debit) to complete the compliance checks using this API
(https://gw-fatoora.zatca.gov.sa/e-invoicing/simulation/compliance/invoices)
"
Is it mandatory to check compliance of every invoice type case (1100, 1000, 0100) whenever there is a need to generate a production CSID?
Morning @Niloy
It is mandatory to complete all the compliance check before moving to the PCSID API, or you will received Missing compliance steps error.
I hope it’s clear enough now, If you have any other concerns please do not hesitate to reach out.
Thanks,
Ibrahem Daoud.
Morning @idaoud
Thank you for your support; it is really helpful to me. Yes, all the flow is clear to me. I have some query:
1.how to get the certificate expiry date after PSID generation? I want to make an auto PSID renew system .
2. I have a 2 project with same VAT and CR no so can I generate einvoice with different sequance of invoice number for both project like : ABC001 and XYZ001