cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems with SAP BC to post a request to https URL

Former Member

on ‎08-03-2009 9:30 AM

0 Kudos

Hello,

in a integration scenario one of our partners wants to send a xml to our server via https.<br/>

I tried this internal with a test business connector. I simple use the WmPublic.pub.client http service.<br/>

I try to post a record to an https:// URL and get an error. It seems that there is some trouble with the ssl handshake. However it is working in the browser.<br/>

The option Security -> Certificates -> Trusted Certificates -> CA Certificates Directory is 'unspecified'. Therefore no server certificate should be reject.<br/>

<br/>

Now I got an 'iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>

' error. I do not find any helpful entries in this forum. Did anyone solve this issue?<br/>

<br/>

Thank you,<br/>

Nils<br/>

<br/>

error:<br/>

2009-08-03 10:08:13 CEST iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>

at iaik.security.ssl.r.f(Unknown Source)<br/>

at iaik.security.ssl.x.b(Unknown Source)<br/>

at iaik.security.ssl.x.a(Unknown Source)<br/>

at iaik.security.ssl.r.d(Unknown Source)<br/>

at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)<br/>

at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)<br/>

at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)<br/>

at com.wm.net.NetURLConnection.trySSLConnect(NetURLConnection.java:691)<br/>

at com.wm.net.NetURLConnection.httpsConnect(NetURLConnection.java:562)<br/>

at com.wm.net.NetURLConnection.connect(NetURLConnection.java:171)<br/>

at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:419)<br/>

at com.wm.net.HttpContext.getOutputStream(HttpContext.java:578)<br/>

at com.wm.net.HttpContext.getOutputStream(HttpContext.java:554)<br/>

at com.wm.net.HttpContext.post(HttpContext.java:338)<br/>

at pub.client.http(client.java:512)<br/>

<br/>

SAP BC Info:<br/>

Software <br/>

Product webMethods Integration Server <br/>

Version 4.6 (Standard Encryption) Release Notes <br/>

Updates BC46_CoreFix7 <br/>

Build Number 940 + CoreFix 7 [Fixes 1-205 + SP1-3] <br/>

SSL Standard (40-bit), Provider: IAIK 2.6 <br/>

<br/>

Server Environment <br/>

Java Version 1.3.1_20 (47.0) <br/>

Java Vendor Sun Microsystems Inc. <br/>

Java Home /usr/jdk1.3.1_20/jre <br/>

Java VM Version 1.3.1_20-b03 <br/>

Java VM Info Java HotSpot(TM) Client VM (mixed mode) <br/>

Classpath /usr/local/sapbc46/server/updates/BC46_CoreFix7.jar<br/>

/usr/local/sapbc46/server/lib/server.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/java/lib/i18n.jar<br/>

/usr/java/jre/lib/rt.jar<br/>

/usr/local/sapbc46/server/lib/classes<br/>

/usr/local/sapbc46/server/lib/client.jar<br/>

/usr/local/sapbc46/server/lib/mail.jar<br/>

/usr/local/sapbc46/server/lib/server.jar<br/>

packages/SAP/code/classes<br/>

packages/SAP/code/jars/static/inqmyxml.jar<br/>

packages/SAP/code/jars/static/jARM.jar<br/>

packages/SAP/code/jars/static/jCO.jar<br/>

packages/SAP/code/jars/static/sapjco.jar<br/>

packages/SAP/code/jars/static/sapxmltoolkit.jar<br/>

packages/WmPartners/code/classes<br/>

packages/WmWin32/code/classes <br/>

OS Linux <br/>

OS Platform i386 <br/>

OS Version 2.6.18.8-0.13-default <br/>

Current User sapbc <br/>

Working Dir /usr/local/sapbc46/server<br/>

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-03-2009 10:06 AM
0 Kudos

Hi,

you need to do a correct setup of the SSL cert in your BC.

The SSL cert. that is used by BC to identify itself towards the partner needs to be setup within your BC admin interface (http://localhost:5555). Your private key, public key and the public of the ca need to be placed on the local folders:

- There is a folder for "trusted certs" where you need to put the ca cert and also all the ca certs of your communication partners.

- In the folder "certificates" you need to put your private key and public cert and also all the public certs of your communication partners.

Now you specify the folders and files for your private / public key and ca cert in the admin console under http://localhost:5555. You need to navigate to the ports and there you select the https port that has been created. Here you can specify the SSL details the BC should use when communicating per https.

Hope this helps to move forward ;o)

Kai

Show replies
Show replies
Former Member
‎08-03-2009 10:31 AM
0 Kudos

Details are available in the guides:

https://websmp207.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000719290

Former Member
‎08-03-2009 11:39 AM
0 Kudos

Hi Kai,

thanks for your help. This configuration is already done. However this isn'it only used for the communication to the SAP BC server. I want to send something to an ssl port. I do not want to receive something.

Best regards,

Nils

Former Member
‎08-03-2009 12:46 PM
0 Kudos

Ok - in this case you need to include to session based SSL setup in your flow (scenario).

The pub.security:setKeyAndChain and pub.security:clearKeyAndChain services are used to control which client certificate

the SAP BC server presents to remote servers. You need to use these services to switch between certificates and

certificate chains if you are not using aliases for remote servers.

List of services to be used:

pub.security:clearKeyAndChain

-- Associates the default key and certificate chain with the subsequent set of invoked services.

pub.security:setKeyAndChain

-- Processes a digital signature to make sure that the provided data has not been modified. The signature input is the DER encoding of the PKCS#7 SignedData object.

pub.security.pkcs7:sign

-- Creates a PKCS7 SignedData object.

pub.security.pkcs7:verify

-- Processes a digital signature to make sure that the provided data has not been modified.

pub.security.util:createMessageDigest

-- Generates a message digest for a given message.

pub.security.util:getCertificateInfo

-- Retrieves information (e.g., serial number, issuer, expiration date) from a digital certificate.

pub.security.util:loadPKCS7CertChain

-- Converts a certificate chain that is in PKCS7 format to a list (a one-dimensional array) of byte arrays.

Example:

Invoke pub.client:http to send data to Company D.

Invoke pub.security:setKeyAndChain using the key and certificate chain for Company B.

Invoke pub.client:http to send data to Company B.

Invoke pub.security:setKeyAndChain using the key and certificate chain for Company C.

Invoke pub.client:http to send data to Company C.

Invoke pub.security:clearKeyAndChain to revert back to the default key and certificate chain for Company

Au2019s server.

Invoke pub.client:http to send data to Company D.

Edited by: Kai Lerch-Baier on Aug 3, 2009 1:47 PM

Former Member
‎08-03-2009 1:34 PM
0 Kudos

Hi Kai,

sorry that I do not specified my problem in detail. It is really more simple as you expect. The server do not demand a client certificate. The authentification is done by username and password.

So it is a normal http ssl request, like your browser opens a https url.

Best regards,

Nils

Former Member
‎08-03-2009 1:52 PM
0 Kudos

Then simply use this service:

pub.client:http

-- Issues an HTTP request that you specify and returns the HTTP response (headers and data).

Inputs are (among others):

url

-- A String specifying the URL of the resource that you want to access. This string must begin with http: or https: (Example http://www.rubicon.com/orders/orders.html)

method

-- A String specifying the HTTP method you want to use. Valid values are: delete / get / head / options / post / put / trace

loadAs

-- A String specifying the form in which you want the http service to store the returned document.

-- set to "bytes" or "steam"

data

-- A Record (an IData object) specifying the data that you want the http service to submit with the HTTP request. Specify your data in one or more of the following keys. Important! When you use more than one element to specify data, args is appended first, table is appended second, and string is appended last.

auth

-- A Record (an IData object) that specifies authorization information that the http service will submit if the resource specified in

url is protected.

-- -- user: A String specifying the user name that this service will submit when requesting a protected resource.

-- -- pass: A String specifying the password associated with user.

You will need to set user and pass here!

Regards,

Kai

prateek
Active Contributor
‎08-03-2009 9:40 AM
0 Kudos

If you couldn't find much help here, you may try using WebMethod's forum.

http://www.wmusers.com/forum/

Regards,

Prateek

Show replies
Show replies
Ask a Question