cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error connecting to ftp server 'FileGateway.xxx.com': iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Go to solution
Former Member

on ‎02-20-2014 12:52 PM

0 Kudos

Hi All,

We are trying to establish an FTPS/SSL connection to one of our partner bank from PI system, and are receive the following error:

Error occurred while connecting to the FTP server "FileGateway.xxx.com:30021": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Communication Channel Parameters:

Connection Security: FTP (FTP Using SSL/TLS) for Control and Data Connection

Command Order: AUTH TLS, USER, PASS, PBSZ, PROT

Checkbox - Use X.509 Certificate for Client Authentication not checked

The UserName and password are valid, because I can connenct into the ftp server using the command line (on AIX) with this user and password

Other error messages:

Channel Partner_StatusFiles_out_FTP: Error connecting to ftp server 'FileGateway.xxx.com': iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Error during disconnect from ftp server FileGateway.xxx.com, ignored: com.sap.aii.adapter.file.ftp.FTPEx: 226 Closing data connection, Binary transfer complete.

Your help and suggestions will be greatly appreciated.

Thanks and Best Regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member184720
Active Contributor
‎02-20-2014 1:43 PM
0 Kudos

Hi - Checkbox - Use X.509 Certificate for Client Authentication not checked

Can you check with your FTP admin if the key based authentication is enabled. If so you might have to import all the certificates into the keystore.

Refer to the below blogs -

http://scn.sap.com/docs/DOC-26940 - Go through all the steps..

http://scn.sap.com/people/rajasekhar.reddy14/blog/2010/04/13/how-to-configure-ftps-in-file-adapter

Show replies
Show replies
Former Member
‎02-27-2014 1:56 PM
0 Kudos

Hi Amit, Hi Hareech,

Many thanks for your replies.

The problem was solved. The cause was not a certificate issue, but a mismatch between hostname and IP address.

we ran XPI Inspector and the result was:

IAIK SSL: ssl_debug(2): ChainVerifier: name mismatch:
filegateway.xxx.com != IP Address
IAIK SSL: ssl_debug(2): Sending alert: Alert Fatal: bad certificate
IAIK SSL: ssl_debug(2): Shutting down SSL layer...
IAIK SSL: ssl_debug(2): SSLException while handshaking: Peer
certificate rejected by ChainVerifier


Solution: entry filegateway.xxx.com IP Address in /etc/hosts


Regards

Answers (1)

Answers (1)

Former Member
‎02-20-2014 1:33 PM
0 Kudos

Hello,

Few quick points:

1) Hope u have maintained CN and host name of FTP server under host file on PI server (and the same CN name u have used under File channel)

2) U have imported certificate in correct order i.e. Root, intermediate and then the actual certificate under NWA?

Thanks

Amit Srivastava

Show replies
Show replies
Former Member
‎02-20-2014 1:47 PM
0 Kudos

Hello,

We are using PI 7.0 and I can see in Visual Admin under TrustedCAS only one certificate, it has the correct CN name.

Should I ask the partner bank for a new certificate?

Thanks

Former Member
‎02-20-2014 2:00 PM
0 Kudos

Hello,

Check Mark's reply in below thread where he has explained how to find Root and Intermediate certificates (thread is talking abt importing of certificated in strust, but u can still refer it becoz the concept of importing is same)

Error while connecting to external server, ICM_... | SCN

>>We are using PI 7.0 and I can see in Visual Admin under TrustedCAS only one certificat

I think u should ask for root and intermediate certificates and then check after importing the same.

Thanks

Amit Srivastava

Ask a Question