on 05-24-2006 9:47 PM
Hi there,
we're having some problems in configuring SSL for XI communication. Since XI will be using SOAP adapter, we concluded that we don't need to configure SSL on Web AS ABAP, only on the Web AS Java (is this correct?).
In the Keystorage service, in Visual Administrator, we've created the certificate request and received the CA's response, and we've imported the response.
Also, we've installed the SAP Java Cryptographic Toolkit, to be the SSL provider. Its permissions are ok and the IAIK version is 3.13 (the full version).
The receiver SOAP adapter, in XI, is correctly configured (with the webservice address, https, and the operation), with certificate authentication option, and we've selected the previously imported certificate entry.
But whenever we try to perform a SSL conection (https) through this adapter, we get a error message, which is "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket".
Which steps did we miss, on the SSL configuration?
How can we associate the certificate to a socket?
Other than that, where can I check whether the CA which signed the certificate is trusted (meaning, whether its root certificate is imported into Visual Administrator). I's only on KeyStorage service, or I also need to check it under SSL Provider service?
And what about intermediate certificates?
When are they needed?
Thanks in advance,
Henrique,
Look at this OSS note: 891877, it may be if little bit of help in configuring SOAP Adapter.
/Raj.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
> Hi Henrique,
> I am also having the same issue, so did you check out
> the FAQ: SOAP Adapter 856597. I am also working on
> how to configure Security in VA for SOAP Adapter.
>
> I am getting HTML page in response from the web
> service. It is 401 unauthorized error HTML page. Any
> ideas ??
>
>
> Thanks,
> Raj.
Hi Raj,
I think your error is in a higher level than mine, at least you are capable of establishing a communication channel between XI and the webservice. Probably, your webservice requires user or certificate authentication, or you misconfigured your proxy settings.
Hope it helps.
Problem solved.
It was related to certificate chain being not accepted by server side.
Best regards,
Henrique.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Henrique,
I am getting same error in one of the scenario using receiver soap adapter. The error says "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket"
As you said, the problem was related to certificate chain being not accepted by server side. Could you please let me know how did you solve the problem.
Thanks in advance.
Regards
Swati
Swati,
the certificate not being accepted by the server side is just one of a zillion reasons why a connection might not be established between client and server side.
To check on the certificate, though, install it in your local machine and try to reach the web service address within your internet browser.
Other than that, "unable to create a socket" error could be related to IP not being reachable, firewall settings, proxy settings, etc.
Regards,
Henrique.
Folks,
I've done some changes in SSL configuration, and now I'm getting another error message: "com.sap.aii.af.ra.ms.api.DeliveryException: invalid content type for SOAP: TEXT/HTML".
Any ideas on that?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Henrique,
I am also exploring the same scenario with sender soap adapter. We are yet to implement the scenario, waiting for Visual Admin authorization. pls check whether the below link helps you.
>>only on the Web AS Java (is this correct?).
Correct you have to deploy Cryptographic toolkit on WebAS Java Only.
>>Which steps did we miss, on the SSL configuration?
can you check out the below link for Testing SSL Connection
http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
I have few question for you
Are u using XI 3.0 SP15?
In your scenario are u doing a data encryption using public-private key?
Regards,
Rakesh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
> Hi Henrique,
>
> I am also exploring the same scenario with
> rio with sender soap adapter. We are yet to implement
> the scenario, waiting for Visual Admin authorization.
> pls check whether the below link helps you.
>
> >>only on the Web AS Java (is this correct?).
> Correct you have to deploy Cryptographic toolkit on
> n WebAS Java Only.
> >>Which steps did we miss, on the SSL configuration?
> can you check out the below link for Testing SSL
> SSL Connection
> http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be
> 0382df45a398d3f9fb86a36a/frameset.htm
>
> I have few question for you
> Are u using XI 3.0 SP15?
> In your scenario are u doing a data encryption using
> public-private key?
>
> Regards,
> Rakesh.
Hi Rakesh,
I'm using Netweaver 2004s, XI 7.0 SP6.
And yeah, the key pairs were generated in the KeyStorage service, in Virtual Administrator, as I said before. I've gone through that step-by-step in the link you sent.
Thanks anyway.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.