cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP Receiver with SSL Certificate

Go to solution
Former Member

on ‎09-26-2012 2:53 PM

0 Kudos

Hi,

We are implementing SOAP Reveiver Scenario with SSL Certificate, and we are getting following response:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

- <!-- 

 Inbound Message

-->

- <SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">

<SAP:Category>XIAdapterFramework</SAP:Category>

<SAP:Code area="MESSAGE">GENERAL</SAP:Code>

<SAP:P1 />

<SAP:P2 />

<SAP:P3 />

<SAP:P4 />

<SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier</SAP:AdditionalText>

<SAP:Stack />

<SAP:Retry>M</SAP:Retry>

</SAP:Error>

We have imported certifcates and CA in NWA Certificates and Keys.

It seems to be ok the configuration but connection in Receiver is refused because of certificate?

Any help¿

Thanks in advance.

Best Regards.

Silvia.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-26-2012 4:14 PM
0 Kudos

Hi Silvia,

This message shows that either your certificate invalid or or expired or not using the certificate. So target system throws this error. You import the target system's certificate in the java stack or abap stack to fix this error.

  • The problem might be at your configuration side, Please check  your WSDL URL configured in the soap receiver channel? 
  • whether you use http or https in the URL field?
  • please checked certificate authentication

Best Regards,

Sagarika

Show replies
Show replies
Former Member
‎09-26-2012 4:21 PM
0 Kudos

Hi Sagarika,

I have https in url field.

Thanks.

Former Member
‎09-26-2012 4:27 PM
0 Kudos

Hi Silvia,

In general different IP address and port for HTTP and HTTPS. Can you please check whether you are using the IP address and port for HTTPS.

Best Regards,

Sagarika

Former Member
‎09-26-2012 4:30 PM
0 Kudos

Yes, there are correct.

Tahks

Former Member
‎09-26-2012 5:18 PM
0 Kudos

Hi Silvia,

Check the Adapter-Specific Message Attributes in the receiver adapter.

Please find the below url http://help.sap.com/saphelp_nw70/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm which will be helpful for you.

Best Regards,

Sagarika

Former Member
‎09-26-2012 5:23 PM
0 Kudos

For what I need Adapter Specific Atributes¿?

Former Member
‎09-26-2012 6:28 PM
0 Kudos

Hi Silvia,

To process adapter attributes in the message header of the XI message, set the Use Adapter-Specific Message Attributes indicator.

Please have a look to the url http://help.sap.com/saphelp_nw70/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm for more details.

Best Regards,

Sagarika

Answers (4)

Answers (4)

Former Member
‎09-27-2012 9:52 AM
0 Kudos

HI Silvia,

As you have re-imported the certificate, please check the below points:

1. Check the expiration of the certificate.

2. Also, check the Keystore view & Keystore values provided in NWA/VA and need to have same in SOAP adapter communication channel.

3. Check the username and password provided.

What is the SOAP protocol used to configure the interface?

Show replies
Show replies
srikanth_srinivasan3
Active Participant
‎09-26-2012 3:46 PM
0 Kudos

Hello Silvia,

Connection Reset issues can be caused by both parties. In other words, incorrect request or connection killed by client. One commonly found problem is that the size of data being transmitted over the underlying protocol. Invesitagting the problem from there can help a bit.

-

Srii

Show replies
Show replies
baskar_gopalakrishnan2
Active Contributor
‎09-26-2012 3:08 PM
0 Kudos

I think the problem could be due to order of installing the certificates or expiration.  Basically the order is own->intermediate->root.   You might want to see the ciao's reply on this thread.

http://scn.sap.com/thread/1817976

Hope this might be helpful

Show replies
Show replies
Former Member
‎09-26-2012 3:31 PM
0 Kudos

Hi Baskar,

I've reimported certificates in order you said, and know I get:

<SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: java.net.SocketException: Connection reset</SAP:AdditionalText>

<SAP:Stack />
Thanks.

baskar_gopalakrishnan2
Active Contributor
‎09-26-2012 3:38 PM
0 Kudos

This error is totally different from the previous error. The connection reset error is due to network connection-> for example firewall rules for port opening -> not established between your PI server and target system.  Please take help from Basis.

naveen_chichili
Active Contributor
‎09-26-2012 3:50 PM
0 Kudos

Hi Silvia,

Please check the below note for the same issue.

Note 1394546 - Socket and connection issues in Java Web services

naveen_chichili
Active Contributor
‎09-26-2012 3:03 PM
0 Kudos

Hi Silvia,

certificate is generated with fully qualified host name or IP?

if the certificate is generated with fully qualified host name you have to use the same...

Regards,

Naveen.

Show replies
Show replies
Former Member
‎09-26-2012 3:27 PM
0 Kudos

Hi Naveen,

If I put the hostname in order to IP in Communication Channel, I get:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Communication over HTTPS. Unable to create a socket

naveen_chichili
Active Contributor
‎09-26-2012 3:38 PM
0 Kudos

Hi Silvia,

please check if the host name/IP is added in your DNS settings at your OS level.

this will also create some problem some times.

also you can try to re create the certificate and do some dummy changes-->activate the channel and then check.

Regards

Naveen.

Ask a Question