cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS With Client Authentication

Former Member

on ‎03-10-2011 12:38 PM

0 Kudos

Hi,

I've created a simple Web Service in PI 7.11 SP 4 when trying to connect to the Web Service from Soap UI I get the following error:

java.security.AccessControlException: client certificate required

In the the transaction scim the following can be seen:

[Thr 5061] <<- SapSSLSessionInit()==SAP_O_K

[Thr 5061] in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"

[Thr 5061] out: sssl_hdl = 1117534b0

[Thr 5061] <<- SapSSLSetSessionCredHdl(sssl_hdl=1117534b0)==SAP_O_K

[Thr 5061] in: sssl_hdl = 1117534b0

[Thr 5061] in: cred_hdl = 116cfc110

[Thr 5061] NiIBlockMode: set blockmode for hdl 271 TRUE

[Thr 5061] SSL NI-sock: local=XX.XX.XX.XX:50001 peer=XX.XX.XX.XX:2310

[Thr 5061] <<- SapSSLSetNiHdl(sssl_hdl=1117534b0, ni_hdl=271)==SAP_O_K

[Thr 5061] <<- SapSSLSessionStart(sssl_hdl=1117534b0)==SAP_O_K

[Thr 5061] status = "resumed SSL session, NO client cert"

The fault is not at the Soap UI end as I've fired the request at a Tomcat server and confirmed that a certificate is sent when requested.

Sender Communication Channel,

Transport Protocol: HTTP,

Message Protocol: Soap 1.1,

Adapter Engine: Central Adepter Engine,

HTTPS with Client Authentication,

Keep Headers

Any ideas?

Kind regards,

John

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

ihar_karatkou
Discoverer
‎12-24-2012 10:12 AM
0 Kudos

Hi John,

Have you managed to solve the problem? Our configuration is PI 7.31 Process Orchestration, but it looks as if we have the same problem.

Could you please let me know if you have found the solution? Thanks.

Ihar.

Show replies
Show replies
Former Member
‎07-30-2013 2:05 PM
0 Kudos

Hi gurus,

can anyone help us in this regard? We are getting "client certificate required" message from SOAP UI tool.

We tried to call "HTTPS with client authentication".

Regards,

Peter 

ihar_karatkou
Discoverer
‎07-30-2013 3:39 PM
0 Kudos

Hi!

You should put necessary certificate for authorization here SOAP UI->File->Preferences:

Don't forget to put password and mark 'client authentication' option.

Hope this help.

Regards,

Ihar

Former Member
‎07-30-2013 4:24 PM
0 Kudos

Hi Peter,

If memory serves we did not find a solution to this problem. I think, and a quick check of the configuration suggests I'm right, that we're handling the HTTPS connection on an IIS box and passing it through to a non encrypted HTTP sender on PI.

It may be that Soap UI is not configured correctly, however when I was getting the 'client certificate required', as mentioned in the original post, I'd confirmed that soap UI was correctly configured by connecting to an alternative Web Service. I also used Wireshark to see whether or not a certificate was being requested, or sent. It's invaluable if you're using Soap UI.

All the best,

John

baskar_gopalakrishnan2
Active Contributor
‎03-10-2011 3:05 PM
0 Kudos

Questions: Do you have trusted root node certificate imported in netweaver PI keystore? Your PI server should have trusted root node certificate and similar trusted client certificate should come from external system or client (SOAP UI) which consume web service of PI server. If both happens then only we can able to communicate via HTTPS client authentication.

Show replies
Show replies
Former Member
‎03-10-2011 3:10 PM
0 Kudos

Hi Baskar,

Both the root CA and the clients certificate are installed in the trust store.

The CA and the Client certs are just for test purposes and were created in house.

John

Ask a Question