on 02-24-2012 10:14 PM
Hi All,
Need your help.
We are getting following error when the customer is trying to send a message to us.
In service wm.estd.chemical.transportHandlers:send,
Error occurred while sending data using protocol
https to URL :
'https://<server>:<httpsport>/MessagingSystem/receive/CIDXAdapter/CIDX'.
The Error Message is
com.wm.estd.chemical.networkTransport.NetworkTransportException:
com.wm.estd.chemical.RosettaNetException: com.wm.app.b2b.server.ServiceException:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier.
Our business partner has given us - Root, Intermediate and public certificates.
I have imported the Root, Intermediate and public certificate to "service_ssl" - certificate view on Netweaver Administrator.
Is that right?
I have shared our public certificate with my customer
reg
Hi Naveen,
First of all;
Is the certificate you've is a PKCS#12 formatted (extention .pfx) file?
Then, please if this is a dual stack system, set the following profile parameter in instance profile so that the SSL provider is set to Java instance:
ssl/pse_provider JAVA
Then, on NWA as you mentioned, upload the PKCS12 formatted certificate not only to server_sslbut also to ICM Server Stores named as ICM_SSL_**
for each store, after upload you'Ve to click Export View to PSE
and then try
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
First of all;
Is the certificate you've is a PKCS#12 formatted (extention .pfx) file?
- Are you talking about our public certificate?
From Verisign's site, we have downloaded it is X509. And we have saved it as .PEM file.
As we are getting the error - " Server certificate rejected by ChainVerifier".
I am guessing that - the root certificate and the intermediate certificate have to be imported into the "TrustedCAs" view in the "certificates and KeyStore" - in NWA.
Am I right?
Hi,
Sorry for delay, but I was skiing yesterday.
The PKCS#12 format means, all the root, intermediate and your public certificates are packaged as a chain certificate in one file.
You've to combine the Verisign's root, inter. and your certificate to build PKCS12 file.
Ask Verisign to help you for this.
You don't have to import any other cert into system. Just PKCS12 file is enough.
If you open the certificate, you can see all the certificate chain. Install all the certificate in the chain.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can import the certificate in the java stack as well in STRUST in abap stack. Make sure the certificate is valid with hostname , date etc. I think what you do is right. Yes, you have to share the certificate with customer and also import the customer certificate in the PI server too. check you install the certificate in the exact sequence root, intermediate in the order.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.