cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Peer certificate rejected by ChainVerifier

Go to solution
Former Member

on ‎11-09-2010 4:43 AM

0 Kudos

Hello Expert,

I have to consume the webservice in the soap lookup using the https URL.I am able to test the webservice using atova xml spy without any certificate and I am getting the response back but in PI 7.11 message Mapping I am getting the error Peer certificate rejected by ChainVerifier.

Is it necessary to import the certificate to acess the https webservice in NWA? Is yes what are the steps to be followed to consume the https webservice usiing the receiver soap adapter in PI 7.11?

Regards,

Kubra fatima.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

rajasekhar_reddy14
Active Contributor
‎11-09-2010 4:47 AM
0 Kudos

Hi,

it is not mandatory to use certificates in HTTPS communication, it depends on your web service system, like it is expecting SSL communication kind of comunication then you have to follow deploying certificates.. and the process.

Regards,

Raj

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎11-10-2010 6:28 AM
0 Kudos

Hello Markus,

The webservice provider is saying that the SSL certificate they use in that site is emitted by a globally trusted CA (Thawte Premium Server CA),so my application server should trust their site.

Appreacite your valuable advice on this issue.

Regards,

Kubra Fatima

Show replies
Show replies
Former Member
‎11-10-2010 7:06 AM
0 Kudos

Hi,

SAP only trusts a certificate when it issued from a CA that is stored in the keystore.

the SAP keystore "Trusted CA" contains common CA already (such as the one that is used in your case)

But they may not be up to date any longer and therefore the CA should be imported into this keystore.

You should import both the Root CA and the intermediate CA.

best regards,

Markus

Former Member
‎11-09-2010 8:27 AM
0 Kudos

Thanks Raja, Markus for your valuable replies.

as I can test the webservice using altova xml spy without providing any authorization and certificate I should be able to test in PI without giving any certificate details .Right?Also I am calling the webservice by providing the proxy host and port.I dont think specifying proxy host and port create this problem.

another Question

I have generated the csr using open ssl toolkit by specifying the server host name and I get the digital certificate by the CA.Is the digital certificate specific to particular host ?can't we use the same certificate to test in different PI server?

Regards,

Kubra fatima

Show replies
Show replies
Former Member
‎11-09-2010 9:54 AM
0 Kudos

Hi,

xml spy and pi behave differently in this case. PI will check if the server https certificate is trusted.

you do not need your own client certificate.

you will have to look at the server certificate. double-click and look at the CA that issued the certificate.

Then Import the CA into the keystore.

If you certificate is self signed and not issued by a CA, you need to import the self signed certificate in the trusted CA keystore.

Best regards,

Markus

Former Member
‎11-09-2010 7:01 AM
0 Kudos

Hi,

you don't need to import the certificate of the consuming webservice, but you need to ensure that the CA-certificate that issued the certificate of your webservice is imported in NWA KeyStore (Option "Certificate and Keys")

You fill find an entry "TrustedCA" there. Just click on "Import from File" to import the CA.

I am quite confident that this will solve your problem as we had the same error.

Hope this was helpful.

Best regards,

Markus

Show replies
Show replies
Ask a Question