cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ICM_HTTP_SSL_ERROR

Go to solution
Former Member

on ‎11-04-2011 2:30 PM

0 Kudos

Hi Gurus,

This is a synchronous interface (outbound proxy to webservice).

SAP->PI->3rd party app.

PI is calling the 3rd party app using receiver HTTP adapter.

I used URL address as addressing type in teh channel and Im calling HTTPs URL.

When I first executed teh interface it has thrown the below error.

HTTP client code 407 reason ICM_HTTP_SSL_ERROR

and after the Basis has installed teh certificates, I tested once again but I get teh same error.

Can you please tell me how I can I check whether the certificates are installed or am I missing anything in channel configuration to set up SSL.

Any help appreciated.

Thanks,

Jay.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-08-2011 1:47 PM
0 Kudos

Hi,

Seems your scenario is outbound. Try installing the SSL cert to TrustedCAs keystore reconfigure your communication channel that will locate the exact location of the certificate.

Show replies
Show replies

Answers (4)

Answers (4)

Former Member
‎11-08-2011 12:54 PM
0 Kudos

Hi,

I used URL address as addressing type in teh channel and Im calling HTTPs URL.

When you want to use SSL in the receiver HTTP channel, you have to use the following setting:

Adressing type = HTTP Destination.

Then in SM59 you have to configure the destination itself with the following:

  • host and service no. is your server (not ip address but fully qualified host name) and the port number

  • use string if needed

IGNORE the warning when saving!! Just save and then click ENTER, it will be saved!! (the warning is false)

  • Logon is as needed, i use BASIC and then fill username/password below.

  • SSL must be activated, and you can decide whether you need ANONYM or DEFAULT.

Finally in STRUST you have to manage the certificates. But that must be done by your BASIS people

Kr

Robert

Show replies
Show replies
markangelo_dihiansan
Active Contributor
‎11-05-2011 10:29 PM
0 Kudos

Hello,

and after the Basis has installed teh certificates, I tested once again but I get teh same error.

Yes, but did they perform an ICM restart afterwards so that the changes could take effect?

There is no way to enable SSL if you are using URL address, you have to use HTTP destination for that. Since the plain HTTP Adapter resides on the ABAP stack, the certificates have to be installed in STRUST.

You could also try using the SOAP Receiver Adapter for your requirement by checking the Do Not Use SOAP Envelope option. Make sure that the content type matches the one that the webservice is expecting by using the MessageTransformBean for your requirement.

Hope this helps,

Mark

Show replies
Show replies
Former Member
‎11-06-2011 10:54 AM
0 Kudos

I agree with Mark.

In order, be sure that:

- Server Certificate is installed in STRUST

- Server Certificate's Hostname and RFC's Hostname is the same

- After Certificate import, be sure that a Instance Restard is performed

- RFC Destination have right HTTPS port & SSL checked in settings

Former Member
‎11-07-2011 9:39 AM
0 Kudos

Hi,

Server certificate means PI server certificate or it is the 3rd party server certificate to which PI is connecting.

I did not understand teh below two options.

Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS server. If not already done, you have to import a certificate generated by a trusted CA identifying the SAP Web AS. In addition, you have to enable the HTTPS port in the ICM (Internet Communication Manager).

Use transaction STRUST to set up an SAP Web AS ABAP engine as HTTPS client. If not already done, you have to import the certificate of the CA of the HTTPS serveru2019s certificate. For an actual HTTPS connection, you have to use the HTTPS port of the server in a corresponding HTTP destination and you have to configure this HTTP destination for using SSL with the corresponding client certificate

Setting up WebAS Engine means PI Web Application server right.

Can you please explain the above two options in detail and do I need to configure PI server WebAS ABAP Engine as HTTPs client or HTTPs server.

Thanks,

Jay.

Former Member
‎11-08-2011 9:48 AM
0 Kudos

Hi,

Yes, Server Certificate of the 3rd Party System need to be imported in PI System.

In order, to do this, go to:

STRUST transaction

Import the 3rd Party System Server Certificate, under the SSL Server node in STRUST (make sure that Hostname in certificate match Hostname in SM59 RFC)

Perform an Instance Restart after certificate importing.

baskar_gopalakrishnan2
Active Contributor
‎11-04-2011 2:36 PM
0 Kudos

>Can you please tell me how I can I check whether the certificates are installed or am I missing anything in channel configuration to set up SSL

Few things to be noted..

Certificates might be installed on java stack or abap stack. If it is abapstack use TC STRUST and see whether certificate is installed and have propery valid dates and so. If it is java stack, go to NWA -> configuration management and check over there. The cert is not properly installed. Also see when you use http destination as url , are you referencing cert credentials in the login portion of RFC destination of type H.

Show replies
Show replies
Former Member
‎11-04-2011 4:50 PM
0 Kudos

Hi Bhaskar,

I do not have access to STRUST or NWA. I have to basis guys

I'm not using the HTTP destination in SM59 to connect to to the 3rd party app.

Im using the URL address in the communication channel since PI allows to use two types of addressing types.

1)URL address

2)HTTP destination

Iniially I created teh HTTP destination

1)with hostname yyyyyyy

2)Pathprefix is ipmexports/orderexport.asp?userid=xxr&password=xxx&batchid=00000

but when i saved this it is throwing warning that query string is not allowed because of which I have chosen to use the URL addressing type

Can you please tell me how I can get rid of this error.

In case of HTTP Destination only I can activate the SSL client certificate option

In case of URL address there is no option like SSL certificate.

Can you please tell me where I can activate teh SSL certificate option in teh communication channel and not in teh HTTP destination.

Thanks,

Jay.

Edited by: j r saithala on Nov 4, 2011 5:50 PM

baskar_gopalakrishnan2
Active Contributor
‎11-04-2011 7:16 PM
0 Kudos

>Can you please tell me where I can activate teh SSL certificate option in teh communication channel and not in teh HTTP destination.

If you store the target system or clients certificate in the keystore of java or abap stack. That is enough. During runtime the PI does the certificate authentication check based on the certificate imported and installed in the keystore. You dont need to activate anything. Only Basis guys have to import and install successsfully.

>but when i saved this it is throwing warning that query string is not allowed because of which I have chosen to use the URL addressing type

Can you please tell me how I can get rid of this error.

Keep cursor in that query string field and hit enter. It must save the query.

Former Member
‎11-04-2011 2:34 PM
0 Kudos

If the server certificate is imported correctly (and Hostname in the certificate and Hostname in RFC Destination are the same) this should be work fine.

Try to test the connection directly with the PI Scenario.

If I remember correctly, the RFC test tool have some problems in SSL connections.

Show replies
Show replies
Ask a Question