[GNC] AqBanking help for Citi CC

Fross, Michael michael at fross.org
Thu Oct 25 10:15:51 EDT 2018 

Interesting!

I installed the GNUCash v2.6.19 on Ubuntu (the one in the repo) and it
worked fine!  I'm going to try v3.3 on Ubuntu and see if I can narrow this
down to a windows problem (which is my assumption) or a 3.3 issue for me.

Thanks.  I'll report back when I have additional information.

Michael

On Wed, Oct 24, 2018 at 9:17 AM Fross, Michael <michael at fross.org> wrote:

> Hello Jim,
>
> This is great news.  I had the Citibank Credit Card download working for
> years, but it broke early this year.  I've attempted to setup GNUCash based
> on the above, but continue to struggle.  I receive the following error
> during the initial bank connection:
>
> *Error on gnutls_bye: -24 (Decryption has failed.)*
>
> After looking at your OFX settings above, I used the following during the
> GNUCash setup:
>
>    - Create User - Select OFX
>    - Bank Name:  Citi Credit Card
>    - Broker Id:
>    - FID: 24909
>    - ORG: Citigroup
>    - Server URL: https://www.accountonline.com/cards/svc/CitiOfxManager.do
>    - User Name: myusername
>    - User Id: myusername<space>    <--- I added a space per your comments
>    - Client UID:
>    - Emulated App: Quicken 2013
>    - Application ID: QWIN
>    - Application Version: 2400
>    - Header Version: 103
>
> After accepting the certificate , the log window has that error.  If I
> retrieve accounts after this, I get the following:
>
> 09:12:27 Sending request...
> 09:12:27 Using GnuTLS default ciphers.
> 09:12:28 TLS: SSL-Ciphers negotiated: TLS1.2:ECDHE-RSA-AES-256-GCM:AEAD
> 09:12:28 Signer not found
> 09:12:28 Certificate is not trusted
> 09:13:31 Waiting for response...
> 09:13:31 No message received
> 09:13:31 Network error while waiting for response
> 09:13:31 Operation finished, you can now close this window.
>
> I have a long password, but no special characters in it.  I'm on windows
> and need to read up a bit more on how to get the OFX.log.  Setting the ENV
> variable and starting GNUCash from the command session didn't seem to
> produce one.
>
> I appreciate the guidance and the time.  I'm sure a lot of people use Citi
> Cards and your debugging can benefit a lot of people.  Can you provide any
> differences in your GNUCash config settings that what I have above?  I've
> tried a few variations but to no avail.
>
> Thank you!
>
> Michael
>
>
> On Tue, Oct 23, 2018 at 11:12 PM Jim Maki via gnucash-user <
> gnucash-user at gnucash.org> wrote:
>
>> I just successfully set up GnuCash to download Citi credit card data
>> using AqBanking - for now all you have to do is add a space to the end
>> of your userid (assuming everything else is correct).The issue seems to
>> be with Citi ...
>>
>> When it consistently failed with code 403, I turned on OFX logging
>> (export AQOFX_LOG_COMM=1), snagged the OFX request (from /tmp/ofx.log),
>> formatted it to make it more readable, and created a bash script using
>> curl to make the OFX request. Paradoxically it worked while the
>> equivalent un-beautified GnuCash request failed.
>>
>> After little debugging, the key lines in the GnuCash ofx.log were:
>>
>> ================== OFX ==================
>> ...
>> ... <USERID>myuserid
>> <USERPASS>mypassword
>> ...
>> ================== OFX ==================
>>
>> The above will work if you add a space either at the end of the
>> "...<USERID>myuserid" line, or before "<USERPASS>" in the next line. At
>> the GnuCash user interface level that involves adding a trailing space
>> to the AqBanking userid for Citi.
>>
>> For reference, below is the OFX template file I use to feed my
>> curl-based script. Eventually GnuCash makes an equivalent request.
>> (Again, eliminate the leading spaces before "<USERPASS>" and it, too
>> fails.)
>>
>> ================== OFX ==================
>> OFXHEADER:100
>> DATA:OFXSGML
>> VERSION:103
>> SECURITY:NONE
>> ENCODING:USASCII
>> CHARSET:1252
>> COMPRESSION:NONE
>> OLDFILEUID:NONE
>> NEWFILEUID:$OFX_DATETIME
>>
>> <OFX>
>> <SIGNONMSGSRQV1>
>> <SONRQ>
>> <DTCLIENT>$OFX_DATETIME
>> <USERID>$OFX_USER
>> <USERPASS>$OFX_PW
>> <LANGUAGE>ENG
>> <FI>
>> <ORG>$OFX_ORG
>> <FID>$OFX_FID
>> </FI>
>> <APPID>QWIN
>> <APPVER>2400
>> </SONRQ>
>> </SIGNONMSGSRQV1>
>> <CREDITCARDMSGSRQV1>
>> <CCSTMTTRNRQ>
>> <TRNUID>$OFX_DATETIME
>> <CLTCOOKIE>1
>> <CCSTMTRQ>
>> <CCACCTFROM>
>> <ACCTID>$OFX_ACCOUNT
>> </CCACCTFROM>
>> <INCTRAN>
>> <DTSTART>$OFX_STARTDATE
>> <DTEND>$OFX_ENDDATE
>> <INCLUDE>Y
>> </INCTRAN>
>> </CCSTMTRQ>
>> </CCSTMTTRNRQ>
>> </CREDITCARDMSGSRQV1>
>> </OFX>
>> ================== OFX ==================
>>
>> If GnuCash did prettified SGML it would avoid this problem with Citi's
>> parsing.
>>
>>    Jim
>>
>> _______________________________________________
>> gnucash-user mailing list
>> gnucash-user at gnucash.org
>> To update your subscription preferences or to unsubscribe:
>> https://lists.gnucash.org/mailman/listinfo/gnucash-user
>> If you are using Nabble or Gmane, please see
>> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
>> -----
>> Please remember to CC this list on all your replies.
>> You can do this by using Reply-To-List or Reply-All.
>
>

More information about the gnucash-user mailing list