SSL Error

Former Member · ‎02-05-2009

Hi Guys,

i had used secured connectivity between two Xi sustem using SSL and i had used a self signed SSL. I am getting error while another XI system is connecting to my system.

ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL

session uses PSE file "F:\usr\sap\SXI\DVEBMGS01\sec\SAPSSLS.pse"

SecudeSSL_SessionStart: SSL_accept() failed

secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"

Begin of Secude-SSL Errorstack

Thr 2404] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer

End of Secude-SSL Errorstack

ERROR: SapSSLSessionStart(sssl_hdl=0110FDD0)==SSSLERR_SSL_ACCEPT

ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c 1770]

illegal characters in request - SSL request on wrong port? [http_plg.c 4998]

ERROR => PlugInHandleNetData: HttpParseRequestHeader failed (rc=701) [http_plg.c 2148]

Kindly help me to solve this

With Regards

Pradeep N

former_member203029 · ‎05-28-2015

Hi Pradeep,

Can you please let me know how you fixed it

Regards

Kaushik G

Former Member · ‎06-25-2013

Hi, could you please let me know how you fixed it?

Former Member · ‎02-09-2009

Hi,

SSL Configuration

You need to setup SSL layer for HTTPS endpoint.

Possible HTTP security levels are (in ascending order):

HTTP without SSL

HTTP with SSL (= HTTPS), but without client authentication

HTTP with SSL (= HTTPS) and with client authentication

HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network

In both ABAP and J2EE components, HTTPS server authentication is enabled as follows:

Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).

Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS server. If not already done, you have to import a certificate generated by a CA identifying the SAP Web AS into the keystore named service_ssl in the Keystore service. In addition, you have to assign this certificate in the SSL Provider service.

http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm

http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm

http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm

General guide

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516d...

Message level security

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...

Regarding message level you can encrypt the message using certificates.

For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.

Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.

Check the following links.. you will get the information all about the securities...

http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm

Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...

Also find soeminformation in these links

http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm

/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi

Step by step guide for SSL security

Configuring SSL Connection between

SAP XI and IBM WebSphere MQ [Link Removed: PDF deleted 29 March 2011]

Regards

Pullarao

Edited by: Jason Lax on Mar 29, 2011 2:09 PM

Former Member · ‎02-06-2009

solved

markangelo_dihiansan · ‎02-05-2009

Hi,

The error "received a fatal SSLv3 bad certificate alert message from the peer" usually means that the destination server failed to authenticate the SSL certificate that you've sent.

It could be that the SSL certificate that is needed by the destination server is:

1. incorrectly installed

2. expired

Also, if possible, avoid using self-signed certificates since it is a bad business practice.

Hope this helps,

SSL Error

Accepted Solutions (0)

Answers (5)

Answers (5)

Re: Embed mode not working for optimized story

Re: Struggling with Filters on Select - Fiori App

How to navigate with multiple values of parameters...

Table DDNTF is not active in the dictionary error ...

Re: Switching from FPM_LIST_UIBB to FPM_LIST_UIBB_...