cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Former Member

on ‎10-30-2014 10:34 AM

0 Kudos

Dear Experts,

Facing the SSLCertificateException exception with SOAP adapter receiver communication lookup channel. We have not being configured the SSL

certificate exchange setup with Target Sales-force system in PI servers. With same configurations we have been working since April'2014. Since

Yesterday we are facing this strange issues in all the landscapes.

Integration Scenario: SAP PI to Salesforce communication, during initial call to get the Salesforce Session ID with receiver SOAP communication channel we are getting the below Error. Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected

by ChainVerifier. iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier. Error in call over HTTP: HTTP 0 null

Using the EndPoint URL from SOAP Receiver channel :

https://test.salesforce.com/XXXX


The respective Host IPs are already maintained in Server Host file.

Please provide your inputs.

Regards

RK N

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (7)

Answers (7)

yuvaraja_devarajan
Discoverer
‎10-31-2014 8:46 PM
0 Kudos

Hi RK,

We had the similar issue from 10/29/2014 and reached out to Salesforce support. We have been asked to review the below knowledge base article. P

We installed the certificate chains in the below article under the TrustedCA certificates in PI and the channel is up and running.

https://help.salesforce.com/apex/HTViewSolution?urlname=Certificate-updates-October-2014&language=en...

Regards

Yuva

Show replies
Show replies
Former Member
‎11-10-2014 9:12 AM
0 Kudos

Hi Yuva,

Thanks for sharing the info.

Yes, We do faced this issues with SSL issues while getting the sessionID from. test.salesfoce.com (HTTPS communication).  The Domain IPs (IPs maintained in PI server Host entry file) for test.salesfoce.com was updated during the same period.

After updating the new IPs for both Test.salesfoce.com, C7 & C8 new IPs in Host entry file, we are able to communicate with SFDC from 1st Nov on-wards without installing the TrustedCA certificates in PI !!!.

Welcome your inputs and comments on above.

Regards

RK

former_member208397
Explorer
‎04-20-2015 11:12 AM
0 Kudos

Hi RK,

I am also facing the same issue.

If possible could you please let me know the steps to debug it.

Thanks,

Akhil

yuvaraja_devarajan
Discoverer
‎04-20-2015 7:25 PM
0 Kudos

Hi Akhil,

Read the below article,

https://help.salesforce.com/apex/HTViewSolution?urlname=HTTPS-Security-Certificate-Switch-from-SHA-1...

SFDC updated their Sandbox certificates effective April 13. If your sandbox connectivity is failing now, you would need to update SFDC sandbox wildchar certificate (issued by Symantac) in PI Trusted CA.

Try and let us know if it works.

Thanks,

Yuva

Former Member
‎05-28-2015 10:13 AM
0 Kudos

Hi Yuva,

We never exchanging the any certificates previously with SFDC from PI -Dev/QA and Prod landscapes and Integration's are working perfectly !!

With the above SFDC update activity, Do we really required to update the certificates in PI Trusted CA for HTTPs communications - Please provide your thoughts on this.

Regards,

Ravi Neelagiri.

Former Member
‎10-31-2014 3:47 AM
0 Kudos

Hi All,

Thanks for reply. However, I would like to know as what could have triggered this error, all of a sudden, because everything was running fine since last couple of months. Below are few points for your consideration.

1. Till now, we were using HTTPS as host for connecting with SFDC and that too without installing any certificates and everything was running fine.

2. Now, even after using HTTP as host in the target url in SOAP Channel, we are getting this certificate issue. After changing host from HTTPS to HTTP in our communication channel, we have done a complete server restart but still XPI Inspector is showing the communication to be happening over HTTPS.

Kindly Please suggest !!!

Regards

RK N

Show replies
Show replies
engswee
Active Contributor
‎10-31-2014 5:03 AM
0 Kudos

RK

The issue is a bit confusing. Your initial post indicates an HTTPS URL, but you are saying it's now HTTP??

If you are using HTTPS, did you check if any of the certificates in the chain have expired?

Rgds

Eng Swee

Former Member
‎10-31-2014 5:19 AM
0 Kudos

Hello,

I believe you cannot call an HTTPS service without a certificate. You can check with basis team for the certificate validity status and check the validity of all certificates in the chain, as suggested by Eng Swee.

BR,

Diptee

Harish
Active Contributor
‎10-30-2014 7:57 PM
0 Kudos

Hi,

Please check the sap Note 1588148 - Trusted certificates for SOAP receiver channels.

regards,

Harish

Show replies
Show replies
AnilDandi
Active Participant
‎10-30-2014 11:13 AM
0 Kudos

Hi RK

Make sure you have all the certificates in the certificate path present in the keystore.

If you are unsure, you can use XPI inspector (Option 11) and test the URL you are trying to connect to. It will list the missing certificates and links to download them.

In addition: Ensure that messaging.ssl.serverNameCheck is set to false in SAP XI AF Messaging service

regards

Show replies
Show replies
naveen_chichili
Active Contributor
‎10-30-2014 10:59 AM
0 Kudos

Hi,

Make sure you have the valid and correct certificates shared and deployed.

also ask your admin guys to make an DNS entry also.

Thanks and Regards,

Naveen

Show replies
Show replies
Former Member
‎10-30-2014 10:49 AM
0 Kudos

Hi,

Please make sure that you have the correct CA and chain certificates. Import them into your KeyStore Under TrustedCa's.

Regards,

Jannus Botha

Show replies
Show replies
former_member181985
Active Contributor
‎10-30-2014 10:38 AM
0 Kudos

Hi,

Import Sales-force system certificated under TrustedCA's and restart the soap channel

//BR,

Praveen Gujjeti

Show replies
Show replies
Ask a Question