on 10-30-2014 10:34 AM
Dear Experts,
Facing the SSLCertificateException exception with SOAP adapter receiver communication lookup channel. We have not being configured the SSL
certificate exchange setup with Target Sales-force system in PI servers. With same configurations we have been working since April'2014. Since
Yesterday we are facing this strange issues in all the landscapes.
Integration Scenario: SAP PI to Salesforce communication, during initial call to get the Salesforce Session ID with receiver SOAP communication channel we are getting the below Error. Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected
by ChainVerifier. iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier. Error in call over HTTP: HTTP 0 null
Using the EndPoint URL from SOAP Receiver channel :
https://test.salesforce.com/XXXX
The respective Host IPs are already maintained in Server Host file.
Please provide your inputs.
Regards
RK N
Hi RK,
We had the similar issue from 10/29/2014 and reached out to Salesforce support. We have been asked to review the below knowledge base article. P
We installed the certificate chains in the below article under the TrustedCA certificates in PI and the channel is up and running.
Regards
Yuva
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Yuva,
Thanks for sharing the info.
Yes, We do faced this issues with SSL issues while getting the sessionID from. test.salesfoce.com (HTTPS communication). The Domain IPs (IPs maintained in PI server Host entry file) for test.salesfoce.com was updated during the same period.
After updating the new IPs for both Test.salesfoce.com, C7 & C8 new IPs in Host entry file, we are able to communicate with SFDC from 1st Nov on-wards without installing the TrustedCA certificates in PI !!!.
Welcome your inputs and comments on above.
Regards
RK
Hi Akhil,
Read the below article,
SFDC updated their Sandbox certificates effective April 13. If your sandbox connectivity is failing now, you would need to update SFDC sandbox wildchar certificate (issued by Symantac) in PI Trusted CA.
Try and let us know if it works.
Thanks,
Yuva
Hi Yuva,
We never exchanging the any certificates previously with SFDC from PI -Dev/QA and Prod landscapes and Integration's are working perfectly !!
With the above SFDC update activity, Do we really required to update the certificates in PI Trusted CA for HTTPs communications - Please provide your thoughts on this.
Regards,
Ravi Neelagiri.
Hi All,
Thanks for reply. However, I would like to know as what could have triggered this error, all of a sudden, because everything was running fine since last couple of months. Below are few points for your consideration.
1. Till now, we were using HTTPS as host for connecting with SFDC and that too without installing any certificates and everything was running fine.
2. Now, even after using HTTP as host in the target url in SOAP Channel, we are getting this certificate issue. After changing host from HTTPS to HTTP in our communication channel, we have done a complete server restart but still XPI Inspector is showing the communication to be happening over HTTPS.
Kindly Please suggest !!!
Regards
RK N
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please check the sap Note 1588148 - Trusted certificates for SOAP receiver channels.
regards,
Harish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi RK
Make sure you have all the certificates in the certificate path present in the keystore.
If you are unsure, you can use XPI inspector (Option 11) and test the URL you are trying to connect to. It will list the missing certificates and links to download them.
In addition: Ensure that messaging.ssl.serverNameCheck is set to false in SAP XI AF Messaging service
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Make sure you have the valid and correct certificates shared and deployed.
also ask your admin guys to make an DNS entry also.
Thanks and Regards,
Naveen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please make sure that you have the correct CA and chain certificates. Import them into your KeyStore Under TrustedCa's.
Regards,
Jannus Botha
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Import Sales-force system certificated under TrustedCA's and restart the soap channel
//BR,
Praveen Gujjeti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
79 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.