on 06-09-2013 2:23 PM
Hi Experts,
I am having a an issue calling a FTPS server from sender FTPS chennell in SAP PI 7.11.
When the sendet FTP(s) channel polls the FTP server, it is throwing error, as seen in the audit log of channel monitoring in RWB:
Error occurred while connecting to the FTP server "xxx.yyy.com:21": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
I have taken following steps to configure the connection with the FTP server:
1. I have taken two .crt file (ssl certificate for host and intermediate CA) and one .cer (ssl certificate for root CA) file from the FTP server team and imported them into trustedCA Key store view. While uploading i have uploaded the host ssl certificate first, then the intermediate ssl certificate and then the root one. I have restarted the java server after importing the ssl certificates.
2. The host name of the FTP server in the ssl certificate is same as the host name used in sender FTP(S) channel.
3. THe SAP PI and he FTP server are in the same company network.
Please suggest if there is something i have missed or there is some solution to this issue.
the problem is solved. Thanks to the default trace view.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The certs should be stored in the keystore as chain. example. like root cert followed by intermediate cert and followed by main. if this chain level is not maintained you will have this error. Take help from BASIS.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
i have uploaded the certs in TrustedCA key store view, one by one:
First->Host cert
(by clicking import entry),
second->Intermediate CA
(by clicking import entry),
third->Root CA
(by clicking import entry).
But i can see that they get sorted alphabetically. Let me know the procedure of importing the certificates in chain maintaining sequence.
Do i need to import the host cert using "import entry", and then import the intermediate CA cert using "import CSR response", and then import root cert using "import CSR response" ?????
Please note- the certificates are X.509..
HI Baskar ..thanks for your reply about "The certs should be stored in the keystore as chain".
i have uploaded the certs in TrustedCA key store view, one by one:
First->Host cert
(by clicking import entry),
second->Intermediate CA
(by clicking import entry),
third->Root CA
(by clicking import entry).
But i can see that they get sorted alphabetically. Let me know the procedure of importing the certificates in chain maintaining sequence.
Do i need to import the host cert using "import entry", and then import the intermediate CA cert using "import CSR response", and then import root cert using "import CSR response" ?????
similar kind of discussion available on SCN..search ...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.