cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Server certificate rejected by ChainVerifier

Former Member

on ‎02-24-2012 10:14 PM

0 Kudos

Hi All,

Need your help.

We are getting following error when the customer is trying to send a message to us.

In service wm.estd.chemical.transportHandlers:send, 
Error occurred while sending data using protocol 
https to URL :
 'https://<server>:<httpsport>/MessagingSystem/receive/CIDXAdapter/CIDX'. 
The Error Message is 
com.wm.estd.chemical.networkTransport.NetworkTransportException: 
com.wm.estd.chemical.RosettaNetException: com.wm.app.b2b.server.ServiceException: 
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier.

Our business partner has given us - Root, Intermediate and public certificates.

I have imported the Root, Intermediate and public certificate to "service_ssl" - certificate view on Netweaver Administrator.

Is that right?

I have shared our public certificate with my customer

reg

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

HuseyinBilgen
Active Contributor
‎02-26-2012 10:10 AM
0 Kudos

Hi Naveen,

First of all;

Is the certificate you've is a PKCS#12 formatted (extention .pfx) file?

Then, please if this is a dual stack system, set the following profile parameter in instance profile so that the SSL provider is set to Java instance:

ssl/pse_provider JAVA

Then, on NWA as you mentioned, upload the PKCS12 formatted certificate not only to server_sslbut also to ICM Server Stores named as ICM_SSL_**

for each store, after upload you'Ve to click Export View to PSE

and then try

Show replies
Show replies
Former Member
‎02-26-2012 10:31 PM
0 Kudos

First of all;

Is the certificate you've is a PKCS#12 formatted (extention .pfx) file?

- Are you talking about our public certificate?

From Verisign's site, we have downloaded it is X509. And we have saved it as .PEM file.

As we are getting the error - " Server certificate rejected by ChainVerifier".

I am guessing that - the root certificate and the intermediate certificate have to be imported into the "TrustedCAs" view in the "certificates and KeyStore" - in NWA.

Am I right?

HuseyinBilgen
Active Contributor
‎02-28-2012 9:37 AM
0 Kudos

Hi,

Sorry for delay, but I was skiing yesterday.

The PKCS#12 format means, all the root, intermediate and your public certificates are packaged as a chain certificate in one file.

You've to combine the Verisign's root, inter. and your certificate to build PKCS12 file.

Ask Verisign to help you for this.

You don't have to import any other cert into system. Just PKCS12 file is enough.

Former Member
‎03-02-2012 9:07 PM
0 Kudos

Hi Huseyin,

I am still struggling to make this SSL thing.

When, I try to "Export View to PSE", I get an the following error.

ERROR:  -> PSE file[./../../../sec/SAPSSLS.pse] for view [ICM_SSL_35227] 
not updated or not created -> Not a root certificate.

Former Member
‎02-26-2012 1:28 AM
0 Kudos

If you open the certificate, you can see all the certificate chain. Install all the certificate in the chain.

Show replies
Show replies
baskar_gopalakrishnan2
Active Contributor
‎02-26-2012 1:11 AM
0 Kudos

You can import the certificate in the java stack as well in STRUST in abap stack. Make sure the certificate is valid with hostname , date etc. I think what you do is right. Yes, you have to share the certificate with customer and also import the customer certificate in the PI server too. check you install the certificate in the exact sequence root, intermediate in the order.

Show replies
Show replies
Ask a Question