X509Certificate generation

I am getting below errors in the validate xml step. Can anyone please help me?

• ategory : SIGNATURE_ERROR

• **code :**invoiceSignedDataDigestValue

• message : wrong invoice hashing

• category : SIGNATURE_ERROR

• **code :**X509IssuerName

• message : wrong X509IssuerName

• category : XSD_SCHEMA_ERROR

• **code :**SAXParseException

• message : Schema validation failed; XML does not comply with UBL 2.1 standards in line with ZATCA specifications. ERROR: org.xml.sax.SAXParseException; lineNumber: 55; columnNumber: 98; cvc-datatype-valid.1.2.1: ‘0191CCEECAEC’ is not a valid value for ‘integer’.

• category : SIGNATURE_ERROR

• **code :**NumberFormatException

• message : For input string: “1CCEECAEC”

• category : SIGNATURE_ERROR

• **code :**xadesSignedPropertiesDigestValue

• message : wrong xadesSignedPropertiesDigestValue

• category : SIGNATURE_ERROR

• **code :**signatureValue

• message : wrong signature Value

• category : SIGNATURE_ERROR

• **code :**signingCertificateDigestValue

• message : wrong signingCertificateDigestValue

Dear @muzzamilnagda
This error happens during signing process

You can follow the below steps to solve your problem:
1-After submitting the Certificate Signing Request (CSR) via the Compliance Request CSID API, you will receive a BinaryToken and a secret.
2-Decode the BinaryToken using a base64 decoder. The decoded value will be the x.509 certificate.
3-Navigate to the SDK directory: SDK/Data/Certificates/Cert.pem.
4-Replace the contents of the Cert.pem file with the x.509 certificate obtained from the decoded BinaryToken.
5-Insert the newly generated private key into the ec-secp256k1-priv-key.pem file.
6-if you use JAVA SDK, run the following command: fatoora -sign -invoice “invoice.xml”.
else the .Net SDK, run the following command: fatooranet sign -invoice “invoice.xml”
7-The invoice will now be signed and can be successfully submitted during the compliance checks phase via the Compliance Invoice API.

Do the same steps with production CSID to sign and submit e invoices to the reporting APIs.

Thanks

I am getting below error now

image1920×1080 243 KB

Thanks @halrashidy for replying.

I have one question the dedcoded certificate value is in byte do I have to encoded to put in cert.pem file or not?

Dear @muzzamilnagda ,
How fix it?

Dear @halrashidy

i also getting this error

• category : SIGNATURE_ERROR

• **code :**xadesSignedPropertiesDigestValue

• message : wrong xadesSignedPropertiesDigestValue

• category : SIGNATURE_ERROR

• **code :**X509IssuerName

• message : wrong X509IssuerName

• category : SIGNATURE_ERROR

• **code :**X509SerialNumber

• message : wrong X509SerialNumber

• category : SIGNATURE_ERROR

• **code :**signatureValue

• message : wrong signature Value

i used openssl for getting serial_num and issue_name using php please help me to solve this solution i am generate certificate using https://cert4sign.com/ and after that i will pass data for generate invoice then got this error

image1440×900 62.9 KB

Dear @AliRaza

We recommend you use our official E-invoicing SDK that can be found on ZATCA website.

You can follow the below steps to solve your problem:

1-After submitting the Certificate Signing Request (CSR) via the Compliance Request CSID API, you will receive a BinaryToken and a secret.
2-Decode the BinaryToken using a base64 decoder. The decoded value will be the x.509 certificate.
3-Navigate to the SDK directory: SDK/Data/Certificates/Cert.pem.
4-Replace the contents of the Cert.pem file with the x.509 certificate obtained from the decoded BinaryToken.
5-Insert the newly generated private key into the ec-secp256k1-priv-key.pem file.
6-if you use JAVA SDK, run the following command: fatoora -sign -invoice “invoice.xml”.
else the .Net SDK, run the following command: fatooranet sign -invoice “invoice.xml”
7-The invoice will now be signed and can be successfully submitted during the compliance checks phase via the Compliance Invoice API.

Do the same steps with production CSID to sign and submit e invoices to the reporting APIs.

Thanks

Dear @halrashidy

We are getting the signature error only for simplified invoices. Please find the errors below from Web based validator

• category : SIGNATURE_ERROR
• code : X509IssuerName
• message : wrong X509IssuerName
• category : SIGNATURE_ERROR
• code : X509SerialNumber
• message : wrong X509SerialNumber

Kindly let us know how we can resolve this.

Thanks

Dear @AntonyRaj ,

please do the following steps :-
1- get your CSR config file ready with all of the required inputs, then open the command line interface in the CSR config file path and type this command to generate the CSR and private key for simulation :
Fatoora -csr -csrconfig [file name]

Note: simulation and production are independent environments, so if you want to generate a CSR for simulation please make sure to put the flag -sim

2- get your OTP from FATOORA portal that’s associated with the VAT number you have put in the CSR config file.

3- after submitting your CSR & generated OTP in the compliance CSID API, it will return you a security binarytoken, take this value and decode it using base64, and the output is the X.509 certifecate.

4- after getting your X.509 certiecate & private key, please go to the Certificates folder in SDK by following this path “SDK folder\data\Certificates”

5- after going to Certificates in the follwed path above, you will find 2 files:
first file is cert.pem : you are requested to replace the X.509 cert value here, so copy and paste your X.509 cert. (make sure that the pasted value is already a decoded security binarytoken using base64 decoder).

second file is ec-secp256k1-priv-key.pem: you are requested to replace the value of your generated private key here. just copy your generated private key and paste it here.

6- now you will be able to sign your B2C invoices with your certificate, by using this command:

fatoora -sign -invoice [invoice file name]

and this is how sucessfully you can sign your B2C invoices for compliance checks, after getting your invoices signed you can go to the next step which is compliance checks (compliance invoice API), and submit your invoices there to obtain the production CSID\Certificate.

then you can validate the signed invoices using SDK with the mentioned command above.

please do not hesitate to reach out if you have any further questions.

thank you,

i using https://cert4sign.com tools it works fine and i sumbit all xml types without any errors.

i thing you need review xml format