on 11-09-2010 4:43 AM
Hello Expert,
I have to consume the webservice in the soap lookup using the https URL.I am able to test the webservice using atova xml spy without any certificate and I am getting the response back but in PI 7.11 message Mapping I am getting the error Peer certificate rejected by ChainVerifier.
Is it necessary to import the certificate to acess the https webservice in NWA? Is yes what are the steps to be followed to consume the https webservice usiing the receiver soap adapter in PI 7.11?
Regards,
Kubra fatima.
Hi,
it is not mandatory to use certificates in HTTPS communication, it depends on your web service system, like it is expecting SSL communication kind of comunication then you have to follow deploying certificates.. and the process.
Regards,
Raj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Markus,
The webservice provider is saying that the SSL certificate they use in that site is emitted by a globally trusted CA (Thawte Premium Server CA),so my application server should trust their site.
Appreacite your valuable advice on this issue.
Regards,
Kubra Fatima
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
SAP only trusts a certificate when it issued from a CA that is stored in the keystore.
the SAP keystore "Trusted CA" contains common CA already (such as the one that is used in your case)
But they may not be up to date any longer and therefore the CA should be imported into this keystore.
You should import both the Root CA and the intermediate CA.
best regards,
Markus
Thanks Raja, Markus for your valuable replies.
as I can test the webservice using altova xml spy without providing any authorization and certificate I should be able to test in PI without giving any certificate details .Right?Also I am calling the webservice by providing the proxy host and port.I dont think specifying proxy host and port create this problem.
another Question
I have generated the csr using open ssl toolkit by specifying the server host name and I get the digital certificate by the CA.Is the digital certificate specific to particular host ?can't we use the same certificate to test in different PI server?
Regards,
Kubra fatima
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
xml spy and pi behave differently in this case. PI will check if the server https certificate is trusted.
you do not need your own client certificate.
you will have to look at the server certificate. double-click and look at the CA that issued the certificate.
Then Import the CA into the keystore.
If you certificate is self signed and not issued by a CA, you need to import the self signed certificate in the trusted CA keystore.
Best regards,
Markus
Hi,
you don't need to import the certificate of the consuming webservice, but you need to ensure that the CA-certificate that issued the certificate of your webservice is imported in NWA KeyStore (Option "Certificate and Keys")
You fill find an entry "TrustedCA" there. Just click on "Import from File" to import the CA.
I am quite confident that this will solve your problem as we had the same error.
Hope this was helpful.
Best regards,
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.