on 11-04-2011 2:30 PM
Hi Gurus,
This is a synchronous interface (outbound proxy to webservice).
SAP->PI->3rd party app.
PI is calling the 3rd party app using receiver HTTP adapter.
I used URL address as addressing type in teh channel and Im calling HTTPs URL.
When I first executed teh interface it has thrown the below error.
HTTP client code 407 reason ICM_HTTP_SSL_ERROR
and after the Basis has installed teh certificates, I tested once again but I get teh same error.
Can you please tell me how I can I check whether the certificates are installed or am I missing anything in channel configuration to set up SSL.
Any help appreciated.
Thanks,
Jay.
Hi,
Seems your scenario is outbound. Try installing the SSL cert to TrustedCAs keystore reconfigure your communication channel that will locate the exact location of the certificate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I used URL address as addressing type in teh channel and Im calling HTTPs URL.
When you want to use SSL in the receiver HTTP channel, you have to use the following setting:
Adressing type = HTTP Destination.
Then in SM59 you have to configure the destination itself with the following:
host and service no. is your server (not ip address but fully qualified host name) and the port number
use string if needed
IGNORE the warning when saving!! Just save and then click ENTER, it will be saved!! (the warning is false)
Logon is as needed, i use BASIC and then fill username/password below.
SSL must be activated, and you can decide whether you need ANONYM or DEFAULT.
Finally in STRUST you have to manage the certificates. But that must be done by your BASIS people
Kr
Robert
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
and after the Basis has installed teh certificates, I tested once again but I get teh same error.
Yes, but did they perform an ICM restart afterwards so that the changes could take effect?
There is no way to enable SSL if you are using URL address, you have to use HTTP destination for that. Since the plain HTTP Adapter resides on the ABAP stack, the certificates have to be installed in STRUST.
You could also try using the SOAP Receiver Adapter for your requirement by checking the Do Not Use SOAP Envelope option. Make sure that the content type matches the one that the webservice is expecting by using the MessageTransformBean for your requirement.
Hope this helps,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Server certificate means PI server certificate or it is the 3rd party server certificate to which PI is connecting.
I did not understand teh below two options.
Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).
Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS serveru2019s certificate. For an actual HTTPS connection, you have to use the HTTPS port of the server in a corresponding HTTP destination and you have to configure this HTTP destination for using SSL with the corresponding client certificate
Setting up WebAS Engine means PI Web Application server right.
Can you please explain the above two options in detail and do I need to configure PI server WebAS ABAP Engine as HTTPs client or HTTPs server.
Thanks,
Jay.
Hi,
Yes, Server Certificate of the 3rd Party System need to be imported in PI System.
In order, to do this, go to:
STRUST transaction
Import the 3rd Party System Server Certificate, under the SSL Server node in STRUST (make sure that Hostname in certificate match Hostname in SM59 RFC)
Perform an Instance Restart after certificate importing.
>Can you please tell me how I can I check whether the certificates are installed or am I missing anything in channel configuration to set up SSL
Few things to be noted..
Certificates might be installed on java stack or abap stack. If it is abapstack use TC STRUST and see whether certificate is installed and have propery valid dates and so. If it is java stack, go to NWA -> configuration management and check over there. The cert is not properly installed. Also see when you use http destination as url , are you referencing cert credentials in the login portion of RFC destination of type H.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bhaskar,
I do not have access to STRUST or NWA. I have to basis guys
I'm not using the HTTP destination in SM59 to connect to to the 3rd party app.
Im using the URL address in the communication channel since PI allows to use two types of addressing types.
1)URL address
2)HTTP destination
Iniially I created teh HTTP destination
1)with hostname yyyyyyy
2)Pathprefix is ipmexports/orderexport.asp?userid=xxr&password=xxx&batchid=00000
but when i saved this it is throwing warning that query string is not allowed because of which I have chosen to use the URL addressing type
Can you please tell me how I can get rid of this error.
In case of HTTP Destination only I can activate the SSL client certificate option
In case of URL address there is no option like SSL certificate.
Can you please tell me where I can activate teh SSL certificate option in teh communication channel and not in teh HTTP destination.
Thanks,
Jay.
Edited by: j r saithala on Nov 4, 2011 5:50 PM
>Can you please tell me where I can activate teh SSL certificate option in teh communication channel and not in teh HTTP destination.
If you store the target system or clients certificate in the keystore of java or abap stack. That is enough. During runtime the PI does the certificate authentication check based on the certificate imported and installed in the keystore. You dont need to activate anything. Only Basis guys have to import and install successsfully.
>but when i saved this it is throwing warning that query string is not allowed because of which I have chosen to use the URL addressing type
Can you please tell me how I can get rid of this error.
Keep cursor in that query string field and hit enter. It must save the query.
If the server certificate is imported correctly (and Hostname in the certificate and Hostname in RFC Destination are the same) this should be work fine.
Try to test the connection directly with the PI Scenario.
If I remember correctly, the RFC test tool have some problems in SSL connections.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
91 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.