cancel
Showing results for 
Search instead for 
Did you mean: 

SAP PI 7.3 Peer certificate rejected by ChainVerifier

Former Member
0 Kudos

Hi

We upgraded the PI systems(Dev and Quality) from 7.0 to v7.3 Before the upgrade https scenario was working fine. Important thing is we were not using any certificates to transfer files to our vendor. All the SOAP receiver adapter with HTTPS url is working fine in production. The production is still with PI 7.0

After basis upgrade the PI system to v7.3 when I send a messaage to the below url with SOAP receiver adapter i see the below error. This is not a webservice interface.

https://staging.napa-ibiz.com/.

The error is:

SOAP: error occured: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Delivering the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.

The strange part is, after the upgrade it is working fine with one vendor. The SOAP receiver adapter configuration is no different from other scenerios.

We even restarted the JAVA engine still no luck.

I didn't get answer for my below questions:

1. When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.

2. If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration.

3. Why only after the upgrade i see this error?

Can you please throw some lights on this?

Thanks,

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Install the certificate provided from receiving party to TrustedCAs in NWA..

In your SOAP Receiver Comm Channel..tick "Configure Certificate Authentication" the put "TrustedCAs\(your certicate filename)". Try testing it again.

Cheers,

R-jay

Former Member
0 Kudos

Hi Baskar, R-Jay, Thanks for your replies. From PI7.3 we need to get the certificates from the vendor(with whom you are sending and receiving files) and install that in NWA in TrustedCA keystore. It worked for me though still i'm not using that certificate in the receiver SOAP adapter channel.

Thanks,

raj.

Former Member
0 Kudos

Hi All,

I am also having the same issue, which certificate should be provided by Vendor to me and what should be the extension of the certificate?

In Keystore, I get option Import view from file so which all extensions are allowed to be imported.

Regards,

Manish

baskar_gopalakrishnan2
Active Contributor
0 Kudos

>When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.

The URL shows that you are using https transport communication. So you might be sharing the certificate or anonymous ssl with different vendors. PLease go to STRUST and see whether you have certificates in the keystore for the different vendors. As you production environment behaves different from pre production in terms of security.

>If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration

You might share certificate correctly for one vendor and keystore might not have for the other vendors. This is nothing related to soap receiver channel configuration. Certificates can be maintained either java stack level or abap stack.

>Why only after the upgrade i see this error?

PI 7.1 and above are 64 bit OS products. There are plenty of changes in the installation and security standards. Talk to BASIS,