Skip to end of metadata
Go to start of metadata

In order to test the Digital Signature component of SAP NFE, it is not necessary to have a complete communication set up in place.
Instead, it is possible to manually test the digital signature process through the Web Services Navigator functionality within SAP J2EE Application Server.

In order to access it, go through the following link:


where <server> is the hostname where your AS Java is installed and <port> is the Java Http port (by default, it is in the '5xx00' format, where 'xx' is the instance's system number). It should look like this:

Go to the Web Services Navigtor link, in the upper right section.
It will open a list of the available Web Services in this instace.
Click on the 'DigitalSignature' Web Service in order to access the NFE Digital Signature service.

Or just access the Digital Signature Web Service through the direct link:


Click on the Test link in the upper menu.
In the Digital Signature Test page, select the 'sign' operation, as shown below.

In the next screen, it is necessary to fill the operation parameters with the test values.
Use the following values for a proper testing:

keyStoreView: <name of the View where the certificate is stored in the J2EE Key Storage>
keyStoreEntry: <the certificate's entry name in the J2EE Key Storage>
referenceId: 12345
xml: <a><b Id='12345'><data>test data</data></b></a>
checkCert: true

It should look something like this:

Click on the 'Send' button.
It'll prompt for a user/password.
Enter the credentials of a user with either the SAP_J2EE_ADMIN or the SAP_J2EE_GUEST roles.

Click on the 'Submit' button.
If everything is ok, you should see the following screen.

You can verify that the Digital Signature was successful from the return code (status field in the response message) and the description. Status '0' means that the digital signature was successful. For such cases, the description is "Successful XML Signature".

If there were any errors during the component set up or in the test parameters, a message error will be shown in the "description" field and the status will be different of 0. Some examples:

  • Wrong certificate View:
    status: 5
    description: Error signing input XML: Exception accessing KeyStore: Invalid KeyStore view
  • Wrong certificate Entry:
    status: 5
    description: Error signing input XML: Error accessing Keystore
  • Lack of protection domain configuration for the EJB (AS Java 7.0 only)
    status: 5
    description: Error signing input XML: Error accessing Keystore
  • expired certificate (if checkCert = true)
    status: 5
    description: Error signing input XML: Certificate not valid: Valid date expired
  • Invalid referenceId (not found on the input XML)
    status: 5
    description: Unexpected exception signing input XML
  • Invalid XML input:
    status: 1
    description: No XML data provided

A complete set of possible error statuses is as below:

Response Message




Successful XML Signature


Successful XML Signature.

<signed XML message>

Invalid XML Data Exception


<exception trace>


Encoding Exception


<exception trace>


Parser Exception


<exception trace>


XML Output Exception


<exception trace>


XML Signature Exception


<exception trace>


However, error statuses 1 to 4 are most unlikely to happen (only if there are critical installation issues with the AS Java instance). Notice also that the XML will always be assembled by PI, so it's not likely to be not well formed (so error status '1' is unlikely to happen as well).

On a normal daily process, you should expect either success ('0') or XML Signature Error ('5') statuses, where the '5' error status can be solved through normal maintenance tasks (changing security permissions, setting up new certificate, inputing the correct certificate parameters in NFE customizing etc.).