cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error on mail adapter : Peer certificate rejected by ChainVerifier

Go to solution
Former Member

on ‎02-01-2011 3:30 AM

0 Kudos

Hi expert,

I have a problem when executing scenario using mail adapter in PI 7.1 EHP 1. I want to get message from Microsoft exchange 2007. I got error in RWB like :

exception caught during processing mail message; iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Here is the configuration on Communication Channel :

URL : imaps://mail.xx.xxxxx/Inbox
Authentication Method : Plain
User : xxx
Password : xxx
Poll Interval : 1 Minute
Folder for deleted Message : Outbox
Use Mail Package : Yes
Content Encoding : Base64
Keep Attachment : Yes
QoE : Exactly Once
S/MIME : Yes
Persist Duration : 30 Days

I also have certificate from exchange, but I confuse where to import that certificate and make the scenario running well. Anybody know the step by step to import that certificate or any documentation guide from SAP? please help

Thanks,

Glenn

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

marksmyth
Product and Topic Expert
Product and Topic Expert
‎02-04-2011 4:08 PM
0 Kudos

Hello Glenn

If you have a 7.x java system < SP20, you will find the jars in the directory ...j2ee\cluster\server0\bin\ext\tcsecssl. You can just copy them into the 7.1x directory ...j2ee\cluster\bin\ext\mail-activation-iaik.

If not, please open a support ticket with BC-XI-CON-AFW-SEC and we will provide them.

Regards

Mark

Show replies
Show replies
Former Member
‎02-08-2011 7:03 AM
0 Kudos

Hi Mark,

I'm not sure, my error is causing by jar file because in December the mail message is successfully retrieved. I traced the error and I get some log in our PI server :

additional info ssl_debug(12560): Starting handshake (iSaSiLk 4.31)...
ssl_debug(12560): Sending v3 client_hello message to mail.xx.xx.xx:993, requesting version 3.2...
ssl_debug(12560): Received v3 server_hello handshake message.
ssl_debug(12560): Server selected SSL version 3.1.
ssl_debug(12560): Server created new session C6:03:00:00:B6:37:31:60...
ssl_debug(12560): CipherSuite selected by server: SSL_RSA_WITH_RC4_128_MD5
ssl_debug(12560): CompressionMethod selected by server: NULL
ssl_debug(12560): Received certificate handshake message with server certificate.
ssl_debug(12560): Server sent a 1024 bit RSA certificate, chain has 2 elements.
ssl_debug(12560): ChainVerifier: Error verifying certificate chain: java.security.cert.CertificateExpiredException
ssl_debug(12560): Sending alert: Alert Fatal: bad certificate
ssl_debug(12560): Shutting down SSL layer...
ssl_debug(12560): SSLException while handshaking: Peer certificate rejected by ChainVerifier

can you give me some solution?

Thanks in advance.

Glenn

deepak_shah
Contributor
‎02-09-2011 6:46 AM
0 Kudos

Hi Glenn,

Please refer below thread link.

Regards,

Deepak.

Former Member
‎02-21-2011 10:14 AM
0 Kudos

Hello glenn,

I have the same problem with you.

I solved my problem when I updated Exchange certificate in my PI server.

contact with your basis team and exchange PIC.

Best Regard

Robby

Former Member
‎02-22-2011 4:10 AM
0 Kudos

Hi Robby,

My problem solved by your solution.. The new certificate is generated and install on PI server..

Thx for the answer and thx for everyone help me..

Regard,

Glenn

Answers (2)

Answers (2)

marksmyth
Product and Topic Expert
Product and Topic Expert
‎02-01-2011 1:32 PM
0 Kudos

Hello

Check the note #1551481 After SPS20 installation or after upgrade to 7.11, SSL connection issues. You may need to change the .jar files.

Regards

Mark

Show replies
Show replies
Former Member
‎02-04-2011 10:21 AM
0 Kudos

Hi Mark,

thx for your reply,

Where I can found jar file described in note?

Thx,

Glenn

RKothari
Contributor
‎02-01-2011 5:58 AM
0 Kudos

Hello,

Please check the below link:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2b...

-Rahul

Show replies
Show replies
Former Member
‎02-01-2011 6:31 AM
0 Kudos

Hi Rahul,

Thx for your reply,

I have check that article, and try in my development machine, but still no luck. Mail sender adapter still error.

Can you explain whether Certificate from Microsoft Exchange Server is necessary? if yes, how to use it according to sender mail adapter?

Thx in advance.

Glenn

RKothari
Contributor
‎02-01-2011 7:32 AM
0 Kudos

Hello,

>Can you explain whether Certificate from Microsoft Exchange Server is necessary?

I guess you are using imaps:// as your URL, so you would require to set up secure connection.

>if yes, how to use it according to sender mail adapter?

I already provided the document for setting up the SSL connection.

Have you restarted your system after implementing the processes mentioned in the document??

Former Member
‎02-01-2011 11:37 AM
0 Kudos

Hi Rahul,

I was restarted my system and the error message still same.. I'll repeat the processes tomorrow to make sure the process run correctly.

So, I don't need to use any generated certificate from exchange server??

sorry, I have no experience in this scenario..

Thanks,

Glenn

Ask a Question