Dear Eric

I am not very sure that you met the same case like us.

So I will describe our situation first and "possible" solution next.

We had one scenario which ran on XI 3.0 well (which support SSL 3.0-3.1).

(J2EE Engine plays like client to access web service on another Web Server using SSL)

After we migrationed it from XI 3.0 to PI 7.1.1, it didn't work(which support SSL 3.0-3.2).

We got error just like I post before.

With SAP's support, he gave me a link to test SSL Server's capability.

http://jce.iaik.tugraz.at/sic/Products/Communication-Messaging-Security/iSaSiLk/demo

Using this link, we could get conclusion that problem was caused by ouy SSL Server in this scenario.

Why?

When we test to connect to our SSL Server using SSL version 3.2, server close session but not request lower SSL version.

(You could test any other SSL Server, it will lower SSL version if server doesn't support SSL 3.2)

So there are two "possible" solution now.

One is to implement new function that support SSL 3.2 on Server "in our scenario".

The other is that we need to replace two jar(iaik_ssl.jar and w3c_http.jar) files on J2ee server by using old PI 7.1's jar files.

(Location : /usr/sap/<SID>/<instance>/j2ee/cluster/bin/ext/mail-activation-iaik)

According to SAP' response, second one will run without problem. BUT WE DID NOT VERIFY IT.

Because we choose first one to solve this problem.

Hope it will be helpful.

Receiver Server with SSL lack-implementation

Dear All

Problem was solved.

It turned on that our SSL server(Receiver) didn't support lower SSL Version when client(our J2EE Engine) try to use higher SSL Version to communicate.

So it is not a problem for SAP now.

Thanks you so much.

Dear All

I get SAP reply and he mention that in PI7.1.1 SSL was enable by default.

And he told me that the problem is that our SOAP adapter could not accept SSL version 3.2.

And solution is to change it.

Do you know how to change it?

Best Regards,

Jim Wu

Dear CSY

Thanks again.

According to SAP HELP you post(for 7.01), I check HELP for 7.1.1

(link http://help.sap.com/saphelp_nwpi711/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm)

There is few different (more harder to understand)

But I have a question about it.

It mentioned

To enable an HTTPS connection, two steps are required:

1. Both parties of an HTTP connection (that is, the HTTPS client and the HTTPS server) must be technically enabled.

2. The internal PI communications and the messaging communications must be configured in PI to use these HTTP connections.

Does it mean even in our scenario, PI plays as https-client, we have to configure http-client and https-server step?

And I find a SAP Note - 856597 which only mention how to check in 7.1 but not 7.1.1.

Do you know how to check it in PI 7.1.1?

Best Regards,

Jim Wu

Dear Christian Sy

Thanks for your reply.

For you question, answer is below.

How did you upgrade ? Upgrade on 3.0 to 7.1 or install new and then copy scenarios ?

It is not upgrade. We install a new system and copy scenarios.

Did you check the STRUST configuration in the 7.1 system ? Can you compare it with the old 3.0 system ?

We compare PI7.1.1 and XI 3.0. There is no special different between two system.

(Or there is anything I need to do more check?)

Is SSL enabled on 7.1 ?

In our scenario, PI plays like https-client. Do we need to enable SSL for our system?

(But we could not login https : http://<servername>:<httpsport>, ie http://myserver:50001)

Are other HTTPS calls working on 7.1 ?

As I know, there is another HTTPS call and also failed.

Could you tell me how to check?

Many thanks.

Best Regards,

Jim Wu

Dear sekhar

Thanks for your help.

We met this error message when we try to migrate this scenario form XI 3.0 to PI7.1.1.

Is our case, we use a receiver channel to send message to other system, which provide web service.

Which confused us is that we did not import any public key in old XI and function work fine???

So do I need to import public key of system which provide web service?

Best Regards,

Jim Wu