Hi there,

we're having some problems in configuring SSL for XI communication. Since XI will be using SOAP adapter, we concluded that we don't need to configure SSL on Web AS ABAP, only on the Web AS Java (is this correct?).

In the Keystorage service, in Visual Administrator, we've created the certificate request and received the CA's response, and we've imported the response.

Also, we've installed the SAP Java Cryptographic Toolkit, to be the SSL provider. Its permissions are ok and the IAIK version is 3.13 (the full version).

The receiver SOAP adapter, in XI, is correctly configured (with the webservice address, https, and the operation), with certificate authentication option, and we've selected the previously imported certificate entry.

But whenever we try to perform a SSL conection (https) through this adapter, we get a error message, which is "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket".

Which steps did we miss, on the SSL configuration?

How can we associate the certificate to a socket?

Other than that, where can I check whether the CA which signed the certificate is trusted (meaning, whether its root certificate is imported into Visual Administrator). I's only on KeyStorage service, or I also need to check it under SSL Provider service?

And what about intermediate certificates?

When are they needed?

Thanks in advance,