cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Calling webservices from ABAP via https/ssl with p12 certificates.

Former Member

on ‎05-26-2011 3:18 PM

0 Kudos

Hi all,

I have a problem with calling an external webservice via HTTPS.

I configured my system as indicate in the blog /people/jens.gleichmann/blog/2008/10/31/calling-webservices-from-abap-via-httpsssl-with-pfx-certificates but when I check the RFC connection the result is: ICM_HTTP_SSL_ERROR.

I check the ICM monitor and this is the result:

[Thr 11] Thu May 26 16:02:57 2011

[Thr 11] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 11] session uses PSE file "/usr/sap/SV5/DVEBMGS10/sec/SAPSSLHTTPS1.pse"

[Thr 11] SecudeSSL_SessionStart: SSL_connect() failed

secude_error 536875072 (0x20001040) = "received a fatal SSLv3 handshake failure alert message from the peer"

[Thr 11] >> Begin of Secude-SSL Errorstack >>

[Thr 11] WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer

WARNING in ssl3_output_cert_chain: (12354/0x3042) No hierarchy certificate in FCPath

WARNING in reduce_FCPath_by_Issuer: (12354/0x3042) No hierarchy certificate in FCPath

[Thr 11] << End of Secude-SSL Errorstack

[Thr 11] SSL_get_state() returned 0x000021d0 "SSLv3 read finished A"

[Thr 11] Server's List of trusted CA DNames (from cert-request message):

[Thr 11] #1 " certificate 1

[Thr 11] #2 " certificate 2

[Thr 11] SSL NI-sock: local=ip peer=ip2

[Thr 11] <<- ERROR: SapSSLSessionStart(sssl_hdl=6000000000652010)==SSSLERR_SSL_CONNECT

[Thr 11] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]

SAP_ABA 700 0012 SAPKA70012 Componenti validi per tutte le applicazioni

SAP_BASIS 700 0012 SAPKB70012 Componenti di base SAP

PI_BASIS 2005_1_700 0012 SAPKIPYJ7C PI_BASIS 2005_1_700

ST-PI 2008_1_700 0001 SAPKITLRD1 SAP Solution Tools Plug-In

SAP_BW 700 0013 SAPKW70013 SAP NetWeaver BI 7.0

SAP_AP 700 0010 SAPKNA7010 Piatt. d'applicazione SAP

CCM 200_700 0010 SAPK-27010INCCM CCM 200_700 : Add-On Supplement

SRM_PLUS 550 0010 SAPKIBK010 SRM_PLUS per mySAP SRM

SRM_SERVER 550 0010 SAPKIBKT10 SRM_SERVER

BI_CONT 703 0001 SAPKIBIIP1 Contenuto Business Intelligence

ST-A/PI 01L_BCO700 0000 - Servicetools for other App./Netweaver 04

What do you think about it?

Best regards,

Norberto.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎05-27-2011 10:32 AM
0 Kudos

Hi,

Have you set up your certificates in STRUST. I received a similar error which was resolved by adding the adscerts certificate in STRUST under SSL Server Standard. (This is dependant on which SSL method you have selected in the ADS RFC destination in SM59).

Regards,

Andy.

Show replies
Show replies
Former Member
‎05-31-2011 8:40 AM
0 Kudos

Hi all,

thanks for your replies.

I note one thing during my test: the webservice I must call is located at a precise port, for example ip address 185.21.32.95:15603. In the RFC destination I set 15603 as service number.

On the contrary when I check the error in the ICM monitor I see that the local port change every time I test the RFC destination. It is necessary to configure the port 15603 as https also in the ICM?

These are the last lines of the log for three RFC test (the ip address are only examples).

SSL NI-sock: local=172.15.5.36:53659 peer=172.21.32.95:15603

SSL NI-sock: local=172.15.5.36:49770 peer=172.21.32.95:15603

SSL NI-sock: local=172.15.5.36:54928 peer=172.21.32.95:15603

The local port changes everytime.

Best regards,

Norberto.

Former Member
‎06-01-2011 1:24 PM
0 Kudos

Hi all,

I solved the problem with the note 1115328, it was necessary to update the cryptolib.

Regards,

Norberto

Former Member
‎05-27-2011 7:22 AM
0 Kudos 
Don´t forget to set your proxy settings! Be sure that the application server could establish a connection to the external server.

From the BLog.

Thr 11 WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer

From the Error.

Have you looked into the above details?

Thanks

SM

Show replies
Show replies
Ask a Question