on 02-20-2014 12:52 PM
Hi All,
We are trying to establish an FTPS/SSL connection to one of our partner bank from PI system, and are receive the following error:
Error occurred while connecting to the FTP server "FileGateway.xxx.com:30021": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Communication Channel Parameters:
Connection Security: FTP (FTP Using SSL/TLS) for Control and Data Connection
Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
Checkbox - Use X.509 Certificate for Client Authentication not checked
The UserName and password are valid, because I can connenct into the ftp server using the command line (on AIX) with this user and password
Other error messages:
Channel Partner_StatusFiles_out_FTP: Error connecting to ftp server 'FileGateway.xxx.com': iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Error during disconnect from ftp server FileGateway.xxx.com, ignored: com.sap.aii.adapter.file.ftp.FTPEx: 226 Closing data connection, Binary transfer complete.
Your help and suggestions will be greatly appreciated.
Thanks and Best Regards
Hi - Checkbox - Use X.509 Certificate for Client Authentication not checked
Can you check with your FTP admin if the key based authentication is enabled. If so you might have to import all the certificates into the keystore.
Refer to the below blogs -
http://scn.sap.com/docs/DOC-26940 - Go through all the steps..
http://scn.sap.com/people/rajasekhar.reddy14/blog/2010/04/13/how-to-configure-ftps-in-file-adapter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Amit, Hi Hareech,
Many thanks for your replies.
The problem was solved. The cause was not a certificate issue, but a mismatch between hostname and IP address.
we ran XPI Inspector and the result was:
IAIK SSL: ssl_debug(2): ChainVerifier: name mismatch:
filegateway.xxx.com != IP Address
IAIK SSL: ssl_debug(2): Sending alert: Alert Fatal: bad certificate
IAIK SSL: ssl_debug(2): Shutting down SSL layer...
IAIK SSL: ssl_debug(2): SSLException while handshaking: Peer
certificate rejected by ChainVerifier
Solution: entry filegateway.xxx.com IP Address in /etc/hosts
Regards
Hello,
Few quick points:
1) Hope u have maintained CN and host name of FTP server under host file on PI server (and the same CN name u have used under File channel)
2) U have imported certificate in correct order i.e. Root, intermediate and then the actual certificate under NWA?
Thanks
Amit Srivastava
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Check Mark's reply in below thread where he has explained how to find Root and Intermediate certificates (thread is talking abt importing of certificated in strust, but u can still refer it becoz the concept of importing is same)
Error while connecting to external server, ICM_... | SCN
>>We are using PI 7.0 and I can see in Visual Admin under TrustedCAS only one certificat
I think u should ask for root and intermediate certificates and then check after importing the same.
Thanks
Amit Srivastava
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.