cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error: SSL handshake failed: X509CertChainIncompleteErr

Go to solution
Former Member

on ‎03-10-2011 4:37 PM

0 Kudos

Hi All,

I have a proxy to HTTPs scenario. To connect to HTTPs url I created HTTP Destination in sm59.

I downloaded the certificate from the vendor url and uploaded in STRUST.

I even restartrd ICM through SMICM. I did connection test in SM 59 and got 200 as response.

But when i test end to end the files are failing at the vendor side( ie HTTPs URL) with error Error: SSL handshake failed: X509CertChainIncompleteErr

Can some one please help on this issuse.

Thanks,

Siva

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-10-2011 4:46 PM
0 Kudos

If you open the certificate, you will see the chain of the certificate, Import all the certificate in the chain.

Show replies
Show replies
Former Member
‎03-10-2011 4:55 PM
0 Kudos

Hi,

I even did that. Still i am getting the same error.

Thanks,

siva

Former Member
‎03-10-2011 4:59 PM
0 Kudos

also make sure that you have imported the signer certificate

Former Member
‎03-10-2011 5:34 PM
0 Kudos

Hi,

Still same error . Any more ideas???

Thnaks,

siva

Former Member
‎03-10-2011 5:40 PM
0 Kudos

Does vendor has imported your PI server certificate on their side?

Former Member
‎03-10-2011 5:43 PM
0 Kudos

Hi,

I didnt provide my certificate to vendor since its a asyncronus interface.

Is it necessary to provide my certificate to them even if iam connecting their URL ayncronusly

Thanks,

Siva

Former Member
‎03-10-2011 5:52 PM
0 Kudos

Hi,

Can you please tell me how to generate certificate from PI which has to be shared to vendor.

Thanks,

Siva

Answers (1)

Answers (1)

former_member4985
Employee
Employee
‎03-10-2011 6:38 PM
0 Kudos

Hi there,

The problem may be that the certificate chain is not in correct order. Basically the server certificate chain should be in order

Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).

Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted.

Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.

Regards,

Caio Cagnani

Show replies
Show replies
Ask a Question