cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

FTPS error: Peer certificate rejected by ChainVerifier

Former Member

on ‎06-09-2013 2:23 PM

0 Kudos

Hi Experts,

I am having a an issue calling a FTPS server from sender FTPS chennell in SAP PI 7.11.

When the sendet FTP(s) channel polls the FTP server, it is throwing error, as seen in the audit log of channel monitoring in RWB:

Error occurred while connecting to the FTP server "xxx.yyy.com:21": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

I have taken following steps to configure the connection with the FTP server:

1. I have taken two .crt file (ssl certificate for host and intermediate CA) and one .cer (ssl certificate for root CA) file from the FTP server team and imported them into trustedCA Key store view. While uploading i have uploaded the host ssl certificate first, then the intermediate ssl certificate and then the root one. I have restarted the java server after importing the ssl certificates.

2. The host name of the FTP server in the ssl certificate is same as the host name used in sender FTP(S) channel.

3. THe SAP PI and he FTP server are in the same company network.

Please suggest if there is something i have missed or there is some solution to this issue.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-14-2013 8:24 AM
0 Kudos

the problem is solved. Thanks to the default trace view.

Show replies
Show replies
Former Member
‎06-30-2015 11:01 AM
0 Kudos

Hi Sudeep,

I am also facing the same issue in deploying the chain certificates (Host, Intermediate and Root) in SAP PI 7.1.

Could you please help on this.

Regards,

Boopathi

baskar_gopalakrishnan2
Active Contributor
‎06-09-2013 2:43 PM
0 Kudos

The certs  should be stored in the keystore as chain. example. like root cert followed by intermediate cert  and followed by main. if this chain level is not maintained you will have this error. Take help from BASIS.

Show replies
Show replies
Former Member
‎06-09-2013 3:10 PM
0 Kudos

i have uploaded the certs in TrustedCA key store view, one by one:

First->Host cert

(by clicking import entry),

second->Intermediate CA

(by clicking import entry),

third->Root CA

(by clicking import entry).

But i can see that they get sorted alphabetically. Let me know the procedure of importing the certificates in chain maintaining sequence.

Do i need to import the host cert using "import entry", and then import the intermediate CA cert using "import CSR response", and then import root cert using "import CSR response" ?????


Please note- the certificates are X.509..

Former Member
‎06-12-2013 5:26 AM
0 Kudos

HI Baskar ..thanks for your reply about "The certs  should be stored in the keystore as chain".

i have uploaded the certs in TrustedCA key store view, one by one:

First->Host cert

(by clicking import entry),

second->Intermediate CA

(by clicking import entry),

third->Root CA

(by clicking import entry).

But i can see that they get sorted alphabetically. Let me know the procedure of importing the certificates in chain maintaining sequence.

Do i need to import the host cert using "import entry", and then import the intermediate CA cert using "import CSR response", and then import root cert using "import CSR response" ?????

rajasekhar_reddy14
Active Contributor
‎06-09-2013 2:28 PM
0 Kudos

similar kind of discussion available on SCN..search ...

Show replies
Show replies
Former Member
‎06-09-2013 2:40 PM
0 Kudos

i have seen your blog and many other blogs on the topic, followed them but no help.

Ask a Question