cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP call failed error

Go to solution
Former Member

on ‎12-07-2006 5:04 PM

0 Kudos

Got this error when invoking a web service:

SOAP: call failed: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure

Trying to determine what the root causes may be. We did install the client certificate in the Visual Admin under the service_ssl view. Here's what I did notice however. In the receiver SOAP adapter, when I choose to Configure Certificate Authentication and I select the input help, don't see my certificate as an option. I manually specified the Keystore Entry and selected service_ssl as the Keystore View.

I'm wondering if this could possibly cause the problem. Maybe the cert is not attaching to the SOAP message which is causing the handshake failure. Do these certs need to be in a special place in order to select them in the comm channel config??

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-07-2006 5:07 PM
0 Kudos

Hi James,

Check this..

cheers,

Prashanth

P.S Please mark helpful answers

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎12-07-2006 5:24 PM
0 Kudos

Hi James,

Just to know..... Did you follow the below steps while you installed the certificate.

Go to Key Storage in the Visual Admin…..

Under that service_ssl, generate a CSR request with the required information that it asks while creating the same. Do not leave any of the fields blank…. Then you need to create a certificate out of this by going to www.service.sap.com/tcs and this certificate that you get you need to import as the CSR Response.

After dong this, when you are configuring a Receiver SOAP Adapter, when you check on "Configure Certificate Authentication", you will have an option to select the certificate you have imported..... Are u getting this...?

Also go throuh these blogs and see if it helps....

/people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator

/people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows

/people/naresh.pai/blog/2005/03/14/was-security--demystified

/people/gregor.wolf3/blog/2005/04/01/setup-https-for-the-sap-netweaver-testdrive-sr1-on-linux

I am hoping to come out with a detailed Blog on this soon....

Regards,

Abhy

Show replies
Show replies
Former Member
‎12-07-2006 5:47 PM
0 Kudos

Abhy,

We didn't go thru that step because we're just importing a certificate given to us by the 3rd party web service partner. My understanding is that we only need to do what you describe when we need to give a certificate to a 3rd party that wishes to send us data. If we're initiating the communication via a synchronous call all we need is the cert they give us. The cert encrypts and signs the data which they can then decrypt using the private key.

Thanks for the blogs.. I suspect we never configured XI for SSL by installing the cryptography kit.

Former Member
‎12-08-2006 4:36 AM
0 Kudos

Hi James,

You are perfectly right.... You need not go through the steps i initially mentioned if you are actually directly importing the certificate that was given by the 3rd part web service partner.

Just to confirm that your SSL has ben configured in your XI properly.... There is one thing that you can do.

In the url that you give to access ur xi home page, change http to https and increase the port by 1.

For Example:

If below is the url with which you access you XI Home page,

http://xyz.abc.com:50000/rep

Give,

https://xyz.abc.com:50001/rep

If this page opens then your SSL is configured in your XI.

Also, In the visual admin->SSL Provider->Dispatcher->Server Identity->new sockets, add the certificate that you have imported in your key storage and also under Active sockets, under each of the host entries that you see, you need to add that certificate.

Regards,

Abhy

Former Member
‎12-12-2006 2:39 PM
0 Kudos

hey we're still stuck with this scenario. I still get the handshake error when we make the call.

I think the issue is that in the SOAP receiver channel, underneath "Configure Certificate Authentication" when I attempt to choose the cert using the input help, the certificate we have loaded into the Visual Admin does not show up.

We imported the client certificate directly into the ssl_service view. The CA for that cert is in the TrustedCAs view. Are these in the wrong place?

Is there some extra config that needs to be done in order to see the right certificate in that list??

Former Member
‎05-31-2007 4:11 PM
0 Kudos

Did you ever figure this out?

Ask a Question