cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problems with FTPS connection

Former Member

on ‎06-10-2011 12:00 PM

0 Kudos

Hi,

We are trying to develop a Receiver communication channel to connect our PI 7.0 to an FTPS server.

We have configured the connection in our local PC with the program Core FTP. The options that we have selected are:

Host: XXXX

User Name: YYY, Password: ZZZZ

Port: 990, Timeout: 60

Passive

Connection: AUTH SSL

SSL Options: SSL Listings, SSL Transfer, Open SSL

In SAP PI we have the next configuration:

Server: XXXX

Port: 990

Data Connection: Passive

Timeout: 60

Connection Security: FTPS (FTP Using SSL/TLS) for Control and Data Connection

Command Order: AUTH TLS, USER, PASS, PBSZ, PROT

User Name: YYY

Password: ZZZZ

Connect mode: Permanently

Transfer Mode: Binary

In the communication channel monitoring we have the next error:

Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Error when getting an FTP connection from connection pool: com.sap.aii.af.service.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

In our PCs we had not installed the certificate, so, is it necessary to install it in our PI server?

Someone have any idea to solve the error?

Thanks

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎06-23-2011 11:58 AM
0 Kudos

Hi,

It will not be easy to allow explicit FTP in the FTP server, because this server is owned by an external institution. We have asked for the change but the answer will probably be negative. Is there another way to connect PI with implicit FTP?

Thanks

Show replies
Show replies
Former Member
‎06-10-2011 12:31 PM
0 Kudos

Hi,

Ask your IS(Infrastructure/Basis) team to add the Ceritificate then only you are authrized to perform any operation otherwise it will through the same error.

Once the system is trusted then you can perform any file operation.

Hope this helps.

Cheers,

Jay

Show replies
Show replies
Former Member
‎06-15-2011 5:18 PM
0 Kudos

Hi Javier,

Don't use port 990, it is used for implicit FTPS, not supported by PI. Use port 21 and allow explicit FTPS in FTP server.

Generate certificate from the ftp program and import it into Visual administrator->Key Storage->TrustedCAs. (Remove private key from certificate if needed).

Generate certificate with FQDN, not IP, and in CC use this server name as ip address. Server hosting FTPS server must have a FQDN.

Regards,

Iván.

Former Member
‎06-10-2011 12:27 PM
0 Kudos

As Fabio & Mark said above, you need to install Server Certificate in TrustedCAs keystore view.

Show replies
Show replies
markangelo_dihiansan
Active Contributor
‎06-10-2011 12:07 PM
0 Kudos

Hello,

According to SAP help, To start using FTPS(SSL/TLS) you need to add the CA certificate used to sign the server cert into the trusted CA's keystore view.

http://help.sap.com/saphelp_nwpi71/helpdata/EN/44/69d7cfa4b633eae10000000a1553f6/frameset.htm

Hope this helps,

Mark

Show replies
Show replies
Former Member
‎06-10-2011 12:07 PM
0 Kudos

Hi,

go through this blog:

/people/rajasekhar.reddy14/blog/2010/04/13/how-to-configure-ftps-in-file-adapter

Fabio

Show replies
Show replies
Ask a Question