on 12-13-2012 5:10 PM
Hi,
I am getting Peer certificate rejected by ChainVerifier in Receiver communication.
I have go through so many documents, i could not get out from this issue.
Here my scenario is INVOICE .. PI .. WS
In R/3 system
Once i Triggered the I DOC from R/3 system. it is showing 03 successful status.
PI system
IDX5 ... once i click the inbound idoc. is take into the moni. in MONI it self it is showing checked flag (successful stauts). there is no error.
in Receiver communication channel it is show below certificats error.
in message ID also it is same error.
I have checked the certificates in PI system with STRUST Tcode. All certificates are in live.
Basis team also working on this issure.
have any possible ways to resolve this error.
Regards,
Kesava
what is your PI version?
check "Rajkumar Rajagopal" reply: http://scn.sap.com/message/11074837
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Today we got a mail form basis team. please give me the suggestion as per the below.
I notice that all you request are http GET. This is not expected. Please confiigure the system to make http POST instead. The response to your requst logged is http 409 ("conflict"), this normally mean that the system you are trying to connect to will not handle that type of request (GET in this case). Please try reposting after reconfiguring your system.
What is the get and post ... where we can find the get and post option in PI system?
What king of setting i have to do in PI side.
Regards,
Kesava
again
out business process is Invoice..> PI ...>WS
in PI system, the certificates are uploaded in ABAP stack STRUST T- code.
My Questions:
in this case where i need to upload the client certificates? in ABAP stack( strust) or NWA ?
in my system NWA is not working .... it is showing NWA is not configured for accessing the current status value.
Receiver communication is SOAP (WS)
Please....
Regards,
Kesava
Hi Kesava,
Check this discussion, may be this will be helpful for you to resolve this issue : "http://scn.sap.com/message/6973343#6973343"
Then some additional: http://wiki.sdn.sap.com/wiki/display/TechTSG/Peer+certificate+rejected+by+ChainVerifier
Regards,
Sagarika
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kesava,
The error indicates that PI is not trusting the caller web service
EX:When you go to www.bankofamerica.com the server throws back its server certificate to the browser ex IE and IE has some predefined Root certificates installed in IE and then the verification takes place, as bank of america server root certificate is already trusted by IE a successful SSL connection establishes
In same way you have to load the web service intermediate and root certificates in the PI NWA key store view of trusted CA , by doing this PI will able to trust the web service, get the certicates from the server admin or you can directly copy to file from the URL itself
Just behind the webservice URL in the address bar, you will find certificate information. click on it and select certification path and then select the intermediate certificate and click on details and copy it to desktop and repeat the same step for root certificate and them import it to Trusted CA in NWA key store and re-satrt java engine
Sudheer
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi jains and sudheer,
Does the endpoint URL of the web service you are calling provide a trusted certificate.
Those certificates are valid. i have checked in PI System. using STRUST T- Code.
One thing here : webservive (end point) they are maintaining ceritifacte.. have to maintain same certificats in PI system in STRUST. is it right please currect me.
did you import the certificate to the PI's keystore?
we have to do this activity in NWA is right ( for importing the end point certificats in PI (NWA)
If yes, while open the NWA in PI system it is showing below error page.
Did you select the mentioned certificate within the SOAP communication channel?
No i have not select the mentioned certificates in Rceiver SOAP CC ( Configure certificates authentication)( what they mentioned in NWA)
I have selected that option ,again i have disable that option. due to basis team advise.
Regards,
Kesava
Unfortunately I cannot see the attached image of your error. Anyhow, as of my understanding, one of the following should apply:
1. The webservice you call (e.g. https:example.com/wheather) is providing a certificate that is trusted by some root CA like Verisign. Then you should be all settled and should not have to import anything in keystore
2. The webservice you call (e.g. https:exmaple.com/wheather) is only providing a self signed certificate. In this case, opening the URL in your browser would warn you for example that the certificate is not safe. If that's the case, you probably will need to import the endpoints self created certificate to your PI's keystore, hence enabling a trust relationship to the endpoint.
Maybe I'm incorrect on this because I actually never communicated with an untrusted endpoint (figure 2.) So please correct me if I'm wrong.
Cheers
Jens
Just some basic thoughts here:
does the endpoint URL of the web service you are calling provide a trusted certificate (e.g. signed by verisign or thawte) or is it a self signed certificate. If latter (and no other trust relationship is existing) did you import the certificate to the PI's keystore? Did you select the mentioned certificate within the SOAP communication channel?
Cheers
Jens
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.