06-07-2010 9:30 AM
Dear all,
I have a PI 7.10 system with a B2B scenario where the business partner is connected via soap + https. the message fails on the java stack with the error message:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
I am pretty sure that there is a problem with the root certificate of the server certificate altough I imported the according root ca in the trusted CAs key store view.
Unfortunately, when calling the https url via the browser the root certificate has been replaced (company firewall) by an company internal certificate. so I cannot get more information on the root certificate. This root certificate replacement has been disable for the PI communication according to the firewall team.
Is there a way to get more information on the used root certificate of the server certificate during https connections in the nwa logs? Thats the only way for me to validate that the root ca replacement has been really disabled and if so what root ca is actually used...
Thanks,
Kris
06-07-2010 10:27 AM
Hi,
With the java stack, it is always a nightmare to find significative logs...
What I did in a similar case, was to create an HTTP destination from transaction SM59 of the PI abap stack.
The HTTP destination points to the B2B partner URL.
You can then increase the ICM trace level and test the connection.
You will find useful certificates information in the ICM trace with transaction SMICM.
I hope this helps.
Olivier