on 02-20-2013 11:49 AM
Hello gurus,
I have a JDBC to FTPs scenario in PI 7.31. I need to use SSL in my FTP Receiver.
I have read posts:
http://scn.sap.com/people/rajasekhar.reddy14/blog/2010/04/13/how-to-configure-ftps-in-file-adapter ,
http://scn.sap.com/thread/2047687 , http://help.sap.com/saphelp_nwpi71/helpdata/EN/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm
http://help.sap.com/saphelp_nwpi71/helpdata/EN/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm .
Here is some information:
FTP
I was sent a certificate named "root_cert" by e-mail. I imported the certificate "root_cert" and set up FTP receiver channel as in pictures:
But I have an error:
"Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier"
FTP server and PI are on the same server.
FTP Receiver works fine without connection security.
I restarted channel after every change.
Please, help to solve the question.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Gagandeep,
I found solution in thread in http://scn.sap.com/message/6973343
"For the Server name, give the hostname instead of Ip address. The hostname you can see in the certificate under "CN " . Put the same hostname in server of file adapter and try to connect."
I have changed channel field"Server": use hostname instead ip - And It works!!! With X509 and without it!
Regards,
Vladimir
Hi Vladimir,
Are you using SSL for client authentication also?
Have you exchanged your certificates in that case with FTP provider.
If you are not using certificate for client authentication then there is no need to tick the checkbox X.509 client authentication.
Also the root certificate needs to be imported in trustedCAs keystore only.
Regards,
Beena.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vladimir,
Is there any certificate chain? in that case, you need to import all the certificates in that chain.
Also following are the steps if you are not using client authentication:
1. Ensure Root certificate is stored in trustedCAs keystore
2. certificate is valid, check the expiry date
3. firewall issue - but in your case FTP is already working
4. port is correct, I am not sure if same port 21 will be used for FTPS also
5. provide username password for client authentication
http://help.sap.com/saphelp_nwpi711/helpdata/en/44/6830e67f2a6d12e10000000a1553f6/frameset.htm
To use FTPS (File Transfer Protocol using SSL/TLS), the following prerequisites must be met:
The CA certificate used to sign the server certificate must be added to the TrustedCAs keystore view.
Regards,
Beena.
Hi Beena,
There is no certificate chain: only one root certificate.
1. Yes
2. Ok
3. Ok
4. Port 21. Ok
5. Ok.
I found solution in thread in http://scn.sap.com/message/6973343
"For the Server name, give the hostname instead of Ip address. The hostname you can see in the certificate under "CN " . Put the same hostname in server of file adapter and try to connect."
I have changed channel field"Server": use hostname instead ip - And It works!!! With X509 and without it!
Regards,
Vladimir.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.