cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL exception when using FileAdapter - PI 7.0

Former Member

on ‎02-18-2009 2:58 AM

0 Kudos

Hi,

I'm currently using the FileAdapter to send a CSV file to an external FTPs server. I have loaded the FTPs server certificated into the ClientCertificates keystore in J2EE as well as the Verisign intermediate and root certs into the Trusted CAs. When testing the connection, i'm still getting a chain verification exception like below:

Delivery of the message to the application using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Peer certificate rejected by ChainVerifier: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.

Has anyone had experience configuring this scenario and might be able to help out?

Many thanks,

Nicholas

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

stefan_grube
Active Contributor
‎02-18-2009 9:15 AM
0 Kudos

This is a typical answer to OSS ticket concerning this issue:

"A strict server name check is first performed in the SSL handshake,

before any certificate chain is verfied against the certificates in the

Trusted CA keytore view.

The strict server name check means that the CN in the server certificate

must exactly match the host name in the request URL.

In this step, the certificates in the client (J2EE engine) Trusted CA

keystore view are not yet involved.

You'll either need to configure the host name, as the CN of the

server certificate or create the server certificate with the CN (and

import/use it in the server), as you plan to use it in the FTP Adapter

receiver channel configuration.

Please ensure your channel configuration uses the hostname expected

by the server. i.e. that you are also using: *.sap.com

and that this FQHN is used consistently.

If you still have problems, please note that the FTP protocol itself

has no concept of hostnames, so an FTP client is reliant on the IP

address of the server to obtain the hostname. If any reverse DNS

lookup is taking place during the processing on your network, you need

to ensure the DNS lookup returns the FQHN of your FTP server, which

is: *.sap.com

Try run the scenario using a public certificate and adding the IP

address and host name to the host file."

Hope that helps

Stefan

Show replies
Show replies
JoelTrinidade
Active Contributor
‎02-18-2009 6:28 AM
0 Kudos

Hi Nick,

There is a problem during verifying the certificate chain sent by the peer. This error mentioned above occurs where the verifyChain method returns a boolean value indicating whether the certificate verifcation has failed or not.

Please check the place where you have imported the certificate or better still re-import it.

Rgds

joel

Show replies
Show replies
prateek
Active Contributor
‎02-18-2009 6:13 AM
0 Kudos

You need to import the CA hierarchy of your FTPS server certificate into the list of Trusted CA's at XI.

You may also check SAP Note 694290.

Regards,

Prateek

Show replies
Show replies
Former Member
‎02-18-2009 4:02 AM
0 Kudos

Hi,

It looks like the FTPs server certificate signature is not recognized by your system (client). Could you make sure that you have uploaded the CA certificate of the FTPs server as a Trusted CA in your system?

Regards,

Lim...

Show replies
Show replies
Ask a Question