on 07-13-2010 8:53 AM
I am using the SOAP adapter to send a message via HTTPS. The receiver server only accepts client authorisation, so I configured the communication channel accordingly: I imported the certificate in NWA keystore (PI 7.1) and selected "Configure Client Authentication" on the communication channel.
However, when I try and send a message to the receiving service, the following error shows up in the communication channel monitoring:
Delivering the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificate. Setting message to status failed.
When I import the used certificate in my browser and try to connect via my browser to the receiving soap service, I get a response indicating the the webservice has been reached OK.
I pulled some more details out of the JAVA logging:
additional info ssl_debug(10): Starting handshake (iSaSiLk 4.1)...
ssl_debug(10): Sending v3 client_hello message, requesting version 3.2...
ssl_debug(10): Received v3 server_hello handshake message.
ssl_debug(10): Server selected SSL version 3.1.
ssl_debug(10): Server created new session 34:18:00:00:22:73:B0:4E...
ssl_debug(10): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
ssl_debug(10): CompressionMethod selected by server: NULL
ssl_debug(10): Received certificate handshake message with server certificate.
ssl_debug(10): Server sent a 1024 bit RSA certificate, chain has 3 elements.
ssl_debug(10): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(10): Received certificate_request handshake message.
ssl_debug(10): Accepted certificate types: RSA
ssl_debug(10): Accepted certificate authorities:
...
ssl_debug(10): Received server_hello_done handshake message.
ssl_debug(10): Sending certificate handshake message with RSA client certificate...
ssl_debug(10): Sending client_key_exchange handshake message (1024 bit)...
ssl_debug(10): Sending certificate_verify handshake message...
ssl_debug(10): Sending change_cipher_spec message...
ssl_debug(10): Sending finished message...
ssl_debug(10): Received alert message: Alert Fatal: bad certificate
ssl_debug(10): SSLException while handshaking: Peer sent alert: Alert Fatal: bad certificate
ssl_debug(10): Shutting down SSL layer...
What might cause these errors?
Problem solved. The error was in the response of the server.
PI uses SSL v3.2, the server SSL v3.1. This is ok: SSL v3.1 will be used in this case, but the server responded by error with SSL v3.2. Hence the communication was broken.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.