cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Configuration on Visual Administrator (for XI Receiver Soap Adapter)

Go to solution
Former Member

on ‎05-24-2006 9:47 PM

0 Kudos

Hi there,

we're having some problems in configuring SSL for XI communication. Since XI will be using SOAP adapter, we concluded that we don't need to configure SSL on Web AS ABAP, only on the Web AS Java (is this correct?).

In the Keystorage service, in Visual Administrator, we've created the certificate request and received the CA's response, and we've imported the response.

Also, we've installed the SAP Java Cryptographic Toolkit, to be the SSL provider. Its permissions are ok and the IAIK version is 3.13 (the full version).

The receiver SOAP adapter, in XI, is correctly configured (with the webservice address, https, and the operation), with certificate authentication option, and we've selected the previously imported certificate entry.

But whenever we try to perform a SSL conection (https) through this adapter, we get a error message, which is "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket".

Which steps did we miss, on the SSL configuration?

How can we associate the certificate to a socket?

Other than that, where can I check whether the CA which signed the certificate is trusted (meaning, whether its root certificate is imported into Visual Administrator). I's only on KeyStorage service, or I also need to check it under SSL Provider service?

And what about intermediate certificates?

When are they needed?

Thanks in advance,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-24-2006 10:37 PM
0 Kudos

Henrique,

Look at this OSS note: 891877, it may be if little bit of help in configuring SOAP Adapter.

/Raj.

Show replies
Show replies
henrique_pinto
Active Contributor
‎05-25-2006 12:25 AM
0 Kudos

Raj,

thanks a lot but I think that this note aplies only to sender SOAP Adapter, which has "HTTP Security" field.

My case is using receiver SOAP Adapter.

Thanks anyway!

Former Member
‎05-25-2006 12:38 AM
0 Kudos

Hi Henrique,

I am also having the same issue, so did you check out the FAQ: SOAP Adapter 856597. I am also working on how to configure Security in VA for SOAP Adapter.

I am getting HTML page in response from the web service. It is 401 unauthorized error HTML page. Any ideas ??

Thanks,

Raj.

henrique_pinto
Active Contributor
‎05-25-2006 2:00 PM
0 Kudos

> Hi Henrique,

> I am also having the same issue, so did you check out

> the FAQ: SOAP Adapter 856597. I am also working on

> how to configure Security in VA for SOAP Adapter.

>

> I am getting HTML page in response from the web

> service. It is 401 unauthorized error HTML page. Any

> ideas ??

>

>

> Thanks,

> Raj.

Hi Raj,

I think your error is in a higher level than mine, at least you are capable of establishing a communication channel between XI and the webservice. Probably, your webservice requires user or certificate authentication, or you misconfigured your proxy settings.

Hope it helps.

Answers (3)

Answers (3)

henrique_pinto
Active Contributor
‎01-11-2008 6:37 PM
0 Kudos

Problem solved.

It was related to certificate chain being not accepted by server side.

Best regards,

Henrique.

Show replies
Show replies
Former Member
‎02-15-2008 2:35 PM
0 Kudos

Hello Henrique,

I am getting same error in one of the scenario using receiver soap adapter. The error says "com.sap.aii.af.ra.ms.api.DeliveryException: unable to create a socket"

As you said, the problem was related to certificate chain being not accepted by server side. Could you please let me know how did you solve the problem.

Thanks in advance.

Regards

Swati

maulik
Contributor
‎02-15-2008 9:29 PM
0 Kudos

Did anyone try a simple ping to the destination IP to make sure if it's reachable?

henrique_pinto
Active Contributor
‎02-18-2008 11:02 AM
0 Kudos

Swati,

the certificate not being accepted by the server side is just one of a zillion reasons why a connection might not be established between client and server side.

To check on the certificate, though, install it in your local machine and try to reach the web service address within your internet browser.

Other than that, "unable to create a socket" error could be related to IP not being reachable, firewall settings, proxy settings, etc.

Regards,

Henrique.

henrique_pinto
Active Contributor
‎05-25-2006 6:12 PM
0 Kudos

Folks,

I've done some changes in SSL configuration, and now I'm getting another error message: "com.sap.aii.af.ra.ms.api.DeliveryException: invalid content type for SOAP: TEXT/HTML".

Any ideas on that?

Show replies
Show replies
Former Member
‎05-25-2006 7:55 AM
0 Kudos

Hi Henrique,

I am also exploring the same scenario with sender soap adapter. We are yet to implement the scenario, waiting for Visual Admin authorization. pls check whether the below link helps you.

>>only on the Web AS Java (is this correct?).

Correct you have to deploy Cryptographic toolkit on WebAS Java Only.

>>Which steps did we miss, on the SSL configuration?

can you check out the below link for Testing SSL Connection

http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

I have few question for you

Are u using XI 3.0 SP15?

In your scenario are u doing a data encryption using public-private key?

Regards,

Rakesh.

Show replies
Show replies
henrique_pinto
Active Contributor
‎05-25-2006 5:49 PM
0 Kudos

> Hi Henrique,

>

> I am also exploring the same scenario with

> rio with sender soap adapter. We are yet to implement

> the scenario, waiting for Visual Admin authorization.

> pls check whether the below link helps you.

>

> >>only on the Web AS Java (is this correct?).

> Correct you have to deploy Cryptographic toolkit on

> n WebAS Java Only.

> >>Which steps did we miss, on the SSL configuration?

> can you check out the below link for Testing SSL

> SSL Connection

> http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be

> 0382df45a398d3f9fb86a36a/frameset.htm

>

> I have few question for you

> Are u using XI 3.0 SP15?

> In your scenario are u doing a data encryption using

> public-private key?

>

> Regards,

> Rakesh.

Hi Rakesh,

I'm using Netweaver 2004s, XI 7.0 SP6.

And yeah, the key pairs were generated in the KeyStorage service, in Virtual Administrator, as I said before. I've gone through that step-by-step in the link you sent.

Thanks anyway.

Ask a Question