Dear All

We want to consume an external SOAP Service provided by a Partner using SSL.

In the Scenario SAP ERP calls the SOAP Service via SAP PI.

Our SAP Systems do NOT have SSL enabled.

Calling the SOAP Service directly from SOAP UI works fine.

When calling the Service from SOAP UI via SAP PI we always get the "Peer certificate rejected by ChainVerifier" exception.

com.sap.engine.interfaces.messaging.api.exception.MessagingException:
iaik.security.ssl.SSLCertificateException: Peer certificate rejected by
ChainVerifier
at com.sap.aii.adapter.soap.web.SOAPHandler.processSOAPtoXMB(SOAPHandler.java:702)
at com.sap.aii.adapter.soap.web.MessageServlet.doPost(MessageServlet.java:470)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)

The first question is, if it is supposed to work, if one part of the communication is non-SSL (SAP ERP/SOAP UI to SAP PI) and the other part of the communication is SSL enabled (SAP PI to external SOAP Service)?

To make SSL working i ran the URL to the external Service and downloaded the certificate of the browser. This certificate i uploaded to the Keystore in the NWA and selected it in the communication channel.

Is there anything wrong in this procedure?

When calling the URL in the browser, i do not get a warning in the browser, so the SSL certificate seems to be signed by a generally trusted authority.

Do i still need to get a root certificate of our Partner and upload that?

Remark: SAP PI is a NW 7.31 dual stack Installation.

Thank you very much for your Support!

Best Regards

Martin