on 02-05-2009 7:46 AM
Hi Guys,
i had used secured connectivity between two Xi sustem using SSL and i had used a self signed SSL. I am getting error while another XI system is connecting to my system.
ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
session uses PSE file "F:\usr\sap\SXI\DVEBMGS01\sec\SAPSSLS.pse"
SecudeSSL_SessionStart: SSL_accept() failed
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
Begin of Secude-SSL Errorstack
Thr 2404] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
End of Secude-SSL Errorstack
ERROR: SapSSLSessionStart(sssl_hdl=0110FDD0)==SSSLERR_SSL_ACCEPT
ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c 1770]
illegal characters in request - SSL request on wrong port? [http_plg.c 4998]
ERROR => PlugInHandleNetData: HttpParseRequestHeader failed (rc=701) [http_plg.c 2148]
Kindly help me to solve this
With Regards
Pradeep N
Hi Pradeep,
Can you please let me know how you fixed it
Regards
Kaushik G
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, could you please let me know how you fixed it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
SSL Configuration
You need to setup SSL layer for HTTPS endpoint.
Possible HTTP security levels are (in ascending order):
HTTP without SSL
HTTP with SSL (= HTTPS), but without client authentication
HTTP with SSL (= HTTPS) and with client authentication
HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
In both ABAP and J2EE components, HTTPS server authentication is enabled as follows:
Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
Use the J2EE Visual Administrator to set up an SAP Web AS J2EE engine as HTTPS server. If not already done, you have to import a certificate generated by a CA identifying the SAP Web AS into the keystore named service_ssl in the Keystore service. In addition, you have to assign this certificate in the SSL Provider service.
http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
General guide
Message level security
Regarding message level you can encrypt the message using certificates.
For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
Check the following links.. you will get the information all about the securities...
http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba68...
Also find soeminformation in these links
http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
/people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
Step by step guide for SSL security
Configuring SSL Connection between
SAP XI and IBM WebSphere MQ [Link Removed: PDF deleted 29 March 2011]
Regards
Pullarao
Edited by: Jason Lax on Mar 29, 2011 2:09 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
solved
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pradeep,
May I know how you fixed/solved this problem.
Thanks
Sekhar.
Hi,
The error "received a fatal SSLv3 bad certificate alert message from the peer" usually means that the destination server failed to authenticate the SSL certificate that you've sent.
It could be that the SSL certificate that is needed by the destination server is:
1. incorrectly installed
2. expired
Also, if possible, avoid using self-signed certificates since it is a bad business practice.
Hope this helps,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
10 | |
10 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.