Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

Hello everybody,

I am tryining to establish a connection from SAP PI 7.0 to an external web service that requires SSL with client authentication. I am using the SOAP adapter for that. The private key of us and the public key of the web service were installed in the VA in the TrustedCAs view. In the corresponding receiver channel configuration I have ticked "Configure Certificate Authetication" and selected appropriate entries in "Keystore Entry" and "Keystore View".

Whenever I send a message through the channel I am getting though an error during the SSL handshake: Decrypt error.

Below is the SSL debug log

ssl_debug(15): Sending v3 client_hello message to, requesting version 3.1...

ssl_debug(15): Received v3 server_hello handshake message.

ssl_debug(15): Server selected SSL version 3.1.

ssl_debug(15): Server created new session 81:ED:F8:61:3B:51:8E:70...

ssl_debug(15): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA

ssl_debug(15): CompressionMethod selected by server: NULL

ssl_debug(15): Server does not supports secure renegotiation.

ssl_debug(15): Received certificate handshake message with server certificate.

ssl_debug(15): Server sent a 2048 bit RSA certificate, chain has 3 elements.

ssl_debug(15): ChainVerifier: No trusted certificate found, OK anyway.

ssl_debug(15): Received certificate_request handshake message.

ssl_debug(15): Accepted certificate types: RSA, DSA

ssl_debug(15): Accepted certificate authorities:


ssl_debug(15):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US

ssl_debug(15):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US

ssl_debug(15): Received server_hello_done handshake message.

ssl_debug(15): Sending certificate handshake message with RSA client certificate...

ssl_debug(15): Sending client_key_exchange handshake...

ssl_debug(15): Sending certificate_verify handshake message...

ssl_debug(15): Sending change_cipher_spec message...

ssl_debug(15): Sending finished message...

ssl_debug(15): Received alert message: Alert Fatal: decrypt error

ssl_debug(15): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error

ssl_debug(15): Shutting down SSL layer...

My first assumption was that it might be caused by missing public key of other side's server in the TrustedCAs view. Now I have assured that we have this key installed (although I am currious why there is still the "ChainVerifier: No trusted certificate found" message in the log).

Does somebody have an idea what could cause this SSL handshake failure?

Best regards,


Not what you were looking for? View more on this topic or Ask a question