cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Peer certificate rejected by ChainVerifier in file receiver communication channel

venkatagiri_gongadi
Participant

on ‎01-30-2015 8:24 AM

0 Kudos


Hi,

I have been searching in SDN from last two but no thread is solving my issue.
The scenario is FTP to SFTP and there is a self signed certificate and it got expired, so imported new certificate in NWA successfully which is provided by third party system.
When i am testing it, i am geeting below error,can you please suggest how to fix it,

Attempt to process file failed with Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.

Cheers,

Giri

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

venkatagiri_gongadi
Participant
‎02-02-2015 12:25 AM
0 Kudos

Thanks Guys for your time.

But i have checked all blogs already.Please check information below,

1.It was working with server details  in communication channel before certificate got expired.

2.Firewall are open.

3.when i am using server in communnication channel,getting below error,

Transmitting the message to endpoint <local> using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: FTPEx: Unexpected reply codeControl connection prematurely closed by server

4.When i am using IP address in communication channel ,getting below error,

Transmitting the message to endpoint <local> using connection File_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Please note that it was working with server details in receiver communication channel.

I feel it is a problem with certificate but third party is saying that the same certificate is working with different third party system connnected same receiver system.

Cheers,

Giri

Show replies
Show replies
naveen_chichili
Active Contributor
‎02-02-2015 2:14 AM
0 Kudos

Hi Giri,

Hopefully they have generated the certificate with the host name.Try to connect with host name in your communication channel.

Thanks and Regards,

Naveen

venkatagiri_gongadi
Participant
‎02-02-2015 2:19 AM
0 Kudos

Hi Naveen,

currently i am using host name in communication channel and i am getting below error,

Attempt to process file failed with Error when getting an FTP connection from connection pool: com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: FTPEx:

Unexpected reply codeControl connection prematurely closed by server.

Cheers,

Giri

naveen_chichili
Active Contributor
‎02-02-2015 4:13 AM
0 Kudos

Hi Giri,

Now the suggestion would be to regenerate the certificates with the host name and also check if your basis guys can ping the thirdparty server from OS level.

also ask basis team to add the host name in DNS.

Thanks and Regards,

Naveen.

manoj_khavatkopp
Active Contributor
‎02-02-2015 4:24 AM
0 Kudos

Hi ,

Check this below thread.

Br,

Manoj

venkatagiri_gongadi
Participant
‎02-02-2015 4:37 AM
0 Kudos

Hi Manoj,

I have already checked this and i am using port 21 only.

Cheers,

Giri

AnilDandi
Active Participant
‎02-02-2015 2:05 PM
0 Kudos

Hi Giri

Can you check the value of the parameter messaging.ssl.serverNameCheck in SAP XI AF Messaging service? Change it to false if it is set to true.

regards

Anil

che_eky
Active Contributor
‎02-02-2015 2:44 PM
0 Kudos

The last time I had an issue in this area, i.e. certificate expired and new cert uploaded, the Root CA had changed. Therefore new Root & Intermediate certificates had to be reloaded.

If you get nowhere then try using XPI_Inspector.

Che

venkatagiri_gongadi
Participant
‎02-03-2015 3:14 AM
0 Kudos

Hi che,

I am using self signed certificate so it is required to import Root and Intermediate certificates.

Cheers,

Giri

venkatagiri_gongadi
Participant
‎02-03-2015 3:16 AM
0 Kudos

Hi Anil,

Thanks for the suggestion but Where can i find this parameter in PI7.4?

Cheers,

Giri

venkatagiri_gongadi
Participant
‎02-03-2015 3:38 AM
0 Kudos

Hi Anil.

The parameter messaging.ssl.serverNameCheck is set to "Flase " in my system.

Cheers,

Giri

AnilDandi
Active Participant
‎02-03-2015 8:22 AM
0 Kudos

Hi Giri,

I guess you are left with the option to debug the problem using XPI inspector.

regards

hemanth2
Product and Topic Expert
Product and Topic Expert
‎02-03-2015 1:39 PM
0 Kudos

Hi Venkat,


Hope you are doing good.

You will need to get more detailed logs. Please set debugging level to ALL  for these locations:

com.sap.aii.security.lib.*

com.sap.aii.adapter.file.*

copy to sub tree and save to all server nodes.
Once this is done, reproduce and the detailed error should be available.

____________
Kind Regards,
Hemanth
SAP AGS
 

venkatagiri_gongadi
Participant
‎02-04-2015 12:53 AM
0 Kudos

Hi Hemanth.

I am good and How are you?

Thanks for the reply.But how to do it,Do you have any document for the same .

Cheers,

Giri

hemanth2
Product and Topic Expert
Product and Topic Expert
‎02-04-2015 11:48 AM
0 Kudos

Hi Giri,

Run the web diag tool as outlined in SAP Note No. 1332726-Troubleshooting Wizard SAP AS Java 7.20 and above with below locations activated:

com.sap.aii.security.lib.*

com.sap.aii.adapter.file.*

set to ALL severity level.

Check ManagingIncidents.zip as the note mentions and follow the instructions.

____________

Kind Regards,
Hemanth
SAP AGS

venkatagiri_gongadi
Participant
‎02-05-2015 1:24 AM
0 Kudos

Thanks Hemanth.

Please find the Error logs attached here with.

Error description :

com.sap.aii.af.lib.util.concurrent.ResourcePoolException: Unable to create new pooled resource: FTPEx: Unexpected reply codeControl connection prematurely closed by server

Cheers,

Giri

hemanth2
Product and Topic Expert
Product and Topic Expert
‎02-05-2015 7:23 PM
0 Kudos

Hello Venkat,

Check if are there any firewalls in between FTP server and XI as this is a usual issue. If there are, please create the necessary rules to allow communication from both IPs/DNS's. Also check if the imported certificate is the public certificate from the FTP server, and it is also a x.509 format cert.

Please let me know the outcome.

Best Regards,

Hemanth

venkatagiri_gongadi
Participant
‎02-06-2015 12:15 AM
0 Kudos

Firewalls are open and it is self signed certificate

Cheers,

Giri

former_member182412
Active Contributor
‎01-30-2015 11:37 AM
0 Kudos

Hi Venkat,

First your certificate got any chain certificates install all certificates in NWA, check below notes for if the host name return different IP addresses.

1764304 - FTPS Server certificate rejected by ChainVerifier

SAP Note 1591971 - Added property strictHostnameChecking

If you still not resolved run the XPI inspector as mention in below note.

1514898 - XPI Inspector for troubleshooting XI

Regards,

Praveen.

Show replies
Show replies
naveen_chichili
Active Contributor
‎01-30-2015 9:08 AM
0 Kudos

Hi Venkatagiri,

Check the below points:

1.Check if the firewall ports are open to the server you are trying to connect.

2.check if the CA certificates has not expired

3. try to regenerate the certificate from your thirdparty server and then try to reimport them again in your PI Server.

still if the issue is not solved please check the note below.

694290 - SAP J2EE: react on expiration of VeriSign CA certificates


Thanks,

Naveen

Show replies
Show replies
Former Member
‎01-30-2015 8:51 AM
0 Kudos

Hi Venkat

Check the note mentioned in the below blog

Thanks,

Indrajit

Show replies
Show replies
former_member181985
Active Contributor
‎01-30-2015 8:39 AM
0 Kudos

Hi,

Try stopping and starting the channel and send a fresh message

Br, Praveen

Show replies
Show replies
Ask a Question