on 08-03-2009 9:30 AM
Hello,
in a integration scenario one of our partners wants to send a xml to our server via https.<br/>
I tried this internal with a test business connector. I simple use the WmPublic.pub.client http service.<br/>
I try to post a record to an https:// URL and get an error. It seems that there is some trouble with the ssl handshake. However it is working in the browser.<br/>
The option Security -> Certificates -> Trusted Certificates -> CA Certificates Directory is 'unspecified'. Therefore no server certificate should be reject.<br/>
<br/>
Now I got an 'iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>
' error. I do not find any helpful entries in this forum. Did anyone solve this issue?<br/>
<br/>
Thank you,<br/>
Nils<br/>
<br/>
error:<br/>
2009-08-03 10:08:13 CEST iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure<br/>
at iaik.security.ssl.r.f(Unknown Source)<br/>
at iaik.security.ssl.x.b(Unknown Source)<br/>
at iaik.security.ssl.x.a(Unknown Source)<br/>
at iaik.security.ssl.r.d(Unknown Source)<br/>
at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)<br/>
at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)<br/>
at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)<br/>
at com.wm.net.NetURLConnection.trySSLConnect(NetURLConnection.java:691)<br/>
at com.wm.net.NetURLConnection.httpsConnect(NetURLConnection.java:562)<br/>
at com.wm.net.NetURLConnection.connect(NetURLConnection.java:171)<br/>
at com.wm.net.HttpURLConnection.getOutputStream(HttpURLConnection.java:419)<br/>
at com.wm.net.HttpContext.getOutputStream(HttpContext.java:578)<br/>
at com.wm.net.HttpContext.getOutputStream(HttpContext.java:554)<br/>
at com.wm.net.HttpContext.post(HttpContext.java:338)<br/>
at pub.client.http(client.java:512)<br/>
<br/>
SAP BC Info:<br/>
Software <br/>
Product webMethods Integration Server <br/>
Version 4.6 (Standard Encryption) Release Notes <br/>
Updates BC46_CoreFix7 <br/>
Build Number 940 + CoreFix 7 [Fixes 1-205 + SP1-3] <br/>
SSL Standard (40-bit), Provider: IAIK 2.6 <br/>
<br/>
Server Environment <br/>
Java Version 1.3.1_20 (47.0) <br/>
Java Vendor Sun Microsystems Inc. <br/>
Java Home /usr/jdk1.3.1_20/jre <br/>
Java VM Version 1.3.1_20-b03 <br/>
Java VM Info Java HotSpot(TM) Client VM (mixed mode) <br/>
Classpath /usr/local/sapbc46/server/updates/BC46_CoreFix7.jar<br/>
/usr/local/sapbc46/server/lib/server.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/java/lib/i18n.jar<br/>
/usr/java/jre/lib/rt.jar<br/>
/usr/local/sapbc46/server/lib/classes<br/>
/usr/local/sapbc46/server/lib/client.jar<br/>
/usr/local/sapbc46/server/lib/mail.jar<br/>
/usr/local/sapbc46/server/lib/server.jar<br/>
packages/SAP/code/classes<br/>
packages/SAP/code/jars/static/inqmyxml.jar<br/>
packages/SAP/code/jars/static/jARM.jar<br/>
packages/SAP/code/jars/static/jCO.jar<br/>
packages/SAP/code/jars/static/sapjco.jar<br/>
packages/SAP/code/jars/static/sapxmltoolkit.jar<br/>
packages/WmPartners/code/classes<br/>
packages/WmWin32/code/classes <br/>
OS Linux <br/>
OS Platform i386 <br/>
OS Version 2.6.18.8-0.13-default <br/>
Current User sapbc <br/>
Working Dir /usr/local/sapbc46/server<br/>
Hi,
you need to do a correct setup of the SSL cert in your BC.
The SSL cert. that is used by BC to identify itself towards the partner needs to be setup within your BC admin interface (http://localhost:5555). Your private key, public key and the public of the ca need to be placed on the local folders:
- There is a folder for "trusted certs" where you need to put the ca cert and also all the ca certs of your communication partners.
- In the folder "certificates" you need to put your private key and public cert and also all the public certs of your communication partners.
Now you specify the folders and files for your private / public key and ca cert in the admin console under http://localhost:5555. You need to navigate to the ports and there you select the https port that has been created. Here you can specify the SSL details the BC should use when communicating per https.
Hope this helps to move forward ;o)
Kai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Details are available in the guides:
https://websmp207.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000719290
Ok - in this case you need to include to session based SSL setup in your flow (scenario).
The pub.security:setKeyAndChain and pub.security:clearKeyAndChain services are used to control which client certificate
the SAP BC server presents to remote servers. You need to use these services to switch between certificates and
certificate chains if you are not using aliases for remote servers.
List of services to be used:
pub.security:clearKeyAndChain
-- Associates the default key and certificate chain with the subsequent set of invoked services.
pub.security:setKeyAndChain
-- Processes a digital signature to make sure that the provided data has not been modified. The signature input is the DER encoding of the PKCS#7 SignedData object.
pub.security.pkcs7:sign
-- Creates a PKCS7 SignedData object.
pub.security.pkcs7:verify
-- Processes a digital signature to make sure that the provided data has not been modified.
pub.security.util:createMessageDigest
-- Generates a message digest for a given message.
pub.security.util:getCertificateInfo
-- Retrieves information (e.g., serial number, issuer, expiration date) from a digital certificate.
pub.security.util:loadPKCS7CertChain
-- Converts a certificate chain that is in PKCS7 format to a list (a one-dimensional array) of byte arrays.
Example:
Invoke pub.client:http to send data to Company D.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company B.
Invoke pub.client:http to send data to Company B.
Invoke pub.security:setKeyAndChain using the key and certificate chain for Company C.
Invoke pub.client:http to send data to Company C.
Invoke pub.security:clearKeyAndChain to revert back to the default key and certificate chain for Company
Au2019s server.
Invoke pub.client:http to send data to Company D.
Edited by: Kai Lerch-Baier on Aug 3, 2009 1:47 PM
Then simply use this service:
pub.client:http
-- Issues an HTTP request that you specify and returns the HTTP response (headers and data).
Inputs are (among others):
url
-- A String specifying the URL of the resource that you want to access. This string must begin with http: or https: (Example http://www.rubicon.com/orders/orders.html)
method
-- A String specifying the HTTP method you want to use. Valid values are: delete / get / head / options / post / put / trace
loadAs
-- A String specifying the form in which you want the http service to store the returned document.
-- set to "bytes" or "steam"
data
-- A Record (an IData object) specifying the data that you want the http service to submit with the HTTP request. Specify your data in one or more of the following keys. Important! When you use more than one element to specify data, args is appended first, table is appended second, and string is appended last.
auth
-- A Record (an IData object) that specifies authorization information that the http service will submit if the resource specified in
url is protected.
-- -- user: A String specifying the user name that this service will submit when requesting a protected resource.
-- -- pass: A String specifying the password associated with user.
You will need to set user and pass here!
Regards,
Kai
If you couldn't find much help here, you may try using WebMethod's forum.
Regards,
Prateek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.