cancel
Showing results for 
Search instead for 
Did you mean: 

iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Former Member
0 Kudos

Hi Experts,

i have an interface Proxy-----SAP PI------Soap(Web method(Web service provider) .

for this interface we need to enable the https between SAP PI and Web Method

i got certificate from webmethod  and i have imported into ABAP stack through "Strust"  Client standard PSE(SSL provider is Abap stack).

when we run the interface it gives the error"iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier"

i have import the certifcate in a format root Certificate ---->Host Certificate.(as per the certificate path)

but still i am getting same error. Can anyone add in your opinions wer i am going wrong

thanks in Advance.........

Accepted Solutions (1)

Accepted Solutions (1)

rajasekhar_reddy14
Active Contributor
0 Kudos

Answers (4)

Answers (4)

Former Member
0 Kudos

once installed the certificates in NWA. i have provided the kestore view name & keystore entry manually in soap Commumnication channel.

when i am runing the interface first i got the error :

"com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: unable to create a socket."

after this i got another error " com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.net.SocketException: Broken pipe"

finally now i am continously getting the below error: "com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac"

can anyone advice me how to resolve this..................

Former Member
0 Kudos

com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad record mac

for resolving the above issue we need to follow this SAP note 1507568. as per the note we have updated the  SSL libraries the issue got resloved....

peter_wallner2
Active Contributor
0 Kudos

Hello Mahesh,

You could also use XPI inspector to get a more detailed log file.

Note: 1514898

Best regards,

Peter

markangelo_dihiansan
Active Contributor
0 Kudos

Hello,

Since you are using the SOAP Adapter as your CC, you should install your certificates in NWA (Netweaver Administrator) for PI 7.1 and above or in Visual Admin for PI 7.0 and below.

Hope this helps,

Mark

Former Member
0 Kudos

Hi Mark,

as per as i know if the icm parameter ssl/PSEprovider is set ABAP then ABAP stack will be the ssl provider.

please let me weather it is right or wrong?

markangelo_dihiansan
Active Contributor
0 Kudos

Hello,

SSL Configuration on ABAP stack are for adapters that reside on that stack e.g Plain HTTP, WS. SOAP Adapter is in Java Stack so you can follow this guide from SAP Help for SSL in Java

http://help.sap.com/saphelp_nwpi711/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm

Hope this helps,

Mark

Former Member
0 Kudos

Hi Mark,

thanks for the reply

now i have import the certificate into Client_ICM_<xxxxxxx> view in NWA.

now i am getting another error.

com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: unable to create a socket.

could you please let me know what could be the cause.....

baskar_gopalakrishnan2
Active Contributor
0 Kudos

since you get the certifcate error " rejected by Chainverifier",  I think the certifcate is not imported in a chain like root-> intermediate->certificate. Check the sequence.