on 06-10-2011 12:00 PM
Hi,
We are trying to develop a Receiver communication channel to connect our PI 7.0 to an FTPS server.
We have configured the connection in our local PC with the program Core FTP. The options that we have selected are:
Host: XXXX
User Name: YYY, Password: ZZZZ
Port: 990, Timeout: 60
Passive
Connection: AUTH SSL
SSL Options: SSL Listings, SSL Transfer, Open SSL
In SAP PI we have the next configuration:
Server: XXXX
Port: 990
Data Connection: Passive
Timeout: 60
Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
User Name: YYY
Password: ZZZZ
Connect mode: Permanently
Transfer Mode: Binary
In the communication channel monitoring we have the next error:
Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
In our PCs we had not installed the certificate, so, is it necessary to install it in our PI server?
Someone have any idea to solve the error?
Thanks
Hi,
It will not be easy to allow explicit FTP in the FTP server, because this server is owned by an external institution. We have asked for the change but the answer will probably be negative. Is there another way to connect PI with implicit FTP?
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Ask your IS(Infrastructure/Basis) team to add the Ceritificate then only you are authrized to perform any operation otherwise it will through the same error.
Once the system is trusted then you can perform any file operation.
Hope this helps.
Cheers,
Jay
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Javier,
Don't use port 990, it is used for implicit FTPS, not supported by PI. Use port 21 and allow explicit FTPS in FTP server.
Generate certificate from the ftp program and import it into Visual administrator->Key Storage->TrustedCAs. (Remove private key from certificate if needed).
Generate certificate with FQDN, not IP, and in CC use this server name as ip address. Server hosting FTPS server must have a FQDN.
Regards,
Iván.
As Fabio & Mark said above, you need to install Server Certificate in TrustedCAs keystore view.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
According to SAP help, To start using FTPS(SSL/TLS) you need to add the CA certificate used to sign the server cert into the trusted CA's keystore view.
http://help.sap.com/saphelp_nwpi71/helpdata/EN/44/69d7cfa4b633eae10000000a1553f6/frameset.htm
Hope this helps,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
go through this blog:
/people/rajasekhar.reddy14/blog/2010/04/13/how-to-configure-ftps-in-file-adapter
Fabio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
96 | |
11 | |
11 | |
10 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.