on 11-30-2009 9:08 PM
Hi experts,
I have been struggling for weeks now to configure XI to act as an FTP client using SSL.
We have to send a server a file using SSL. The server has requested to use a client certificate, so we have purchased one from SAP and we have installed it in the keystore of XI in Visual Admin as described by SAP.
I have configured a receiver adapter to send the file to the server. I can see that the connection is established properly to the server, but the server certificate is rejected by chain verifier.
So I have installed the server certificate in the Trusted CA view of the keystore. But still, it isn't working. Please note that the server certificate is a self signed certificate as this is just in testing right now. The DN name is good on the certificate (Same as the one in the communication channel).
What am I missing? Does anyone know?
Points will definitely be rewarded as we are stuck right now.
Kind regards,
Paula Rizk
Hi,
I have configured a receiver adapter to send the file to the server. I can see that the connection is established properly to the server, but the server certificate is rejected by chain verifier.
What error message you are getting?
So I have installed the server certificate in the Trusted CA view of the keystore. But still, it isn't working. Please note that the server certificate is a self signed certificate as this is just in testing right now. The DN name is good on the certificate (Same as the one in the communication channel).
What is the Command Order that you have given in your CC? The CN (common name) of the certificate should match the host or IP name of the server and you should use the same in the server details in the File Channel.
The FTPS server name should be understood by PI AE where certificates are loaded. If the certificate contains the DNS details instead of direct IP address, then it can be a problem.
Hope this helps.
Regards,
Neetesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Neetesh,
Thank you for your reply.
The problem is that the server certificate is a self-signed certificate with a CN host name different than the host name used to connect with in the communication channel.
I contacted our partner and they said it is because this is the front end server in their layered structure.
Is there any way that we can make XI work with this one?
When I use cuteFTP instead of XI, and I try to connect to their site, it prompts me to accept that certificate automatically and it works. How come XI does not work?
Any help is appreciated.
Regards,
Paula
Hi,
The problem is that the server certificate is a self-signed certificate with a CN host name different than the host name used to connect with in the communication channel.
As I had mentioned earlier, the CN (common name) of the certificate should match the host or IP name of the server and you should use the same in the server details in the File Channel.
I contacted our partner and they said it is because this is the front end server in their layered structure.
Is there any way that we can make XI work with this one?
So, you mean to say that you will be FTPing to the front end server, which is mapped to another server where you have to actually read/write file? Correct me if I am wrong.
If my understanding is correct, then do something like this -
Example:-
Front end Server - A_Serv
Actual Server to read / write - B_Serv
In you File CC -
Server -> A_Serv
Source Directory -> //B_Serv/<Rest of path>
Your command order sequence is fine. Hope this helps.
Regards,
Neetesh
Thanks guys for your replies.
We are trying to ftp to a third party server using SSL. I believe it is a shared server yes. And that is why the host name is different on the certificate I have imported into the trusted CA view.
Not even sure if this should go to the trusted CA view since this is not a trusted CA...
Isn't there a way to see in more detail what the error is. Server certificate rejected by chain verifier is very generic.
Thanks again!
Paula
User | Count |
---|---|
88 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.