on 04-13-2007 4:41 PM
Guys,
Here is the scenario..
We are getting the HTTPS message from external system to XI.
We are using CIDX Adopter to read external message and validate the digital certificates and map to ORDERS05 Idoc. As soon I trigger the message from external system (HTTPS message), I am seeing message in XI RWB adopter engine, when CIDX adopter is trying the validate the digital signatures somehow it is pointing to J2EE_GUSET user. And it is giving error as below mention.
<b>ERROR</b>
"Signature verification failed, alerted;Error when accessing keystore:service_ssl
Signature verification failed, alerted
Unexpected error while packing the CIDX message -
null
Message Processing caused Failure. -
BTD handler indicated processing error
Error encountered while receiving inbound action; See nested exception for detailed error message -
Message Processing caused Failure. -
Message Processing caused Failure. -
BTD handler indicated processing error
Delivery of the message to the application using connection CIDXAdapter failed, due to: Error encountered while receiving inbound action; See nested exception for detailed error message. "
<b>Regarding Digital Certificates</b>
We got the digital certificates from my external party and installed and
created the Key stores in XI Visual Administration tool.
We configured in sender agreement by selecting those key stores..
Can any one help me on how to resolve the issue, is there any problem in Visual Admin Toll, while installing the certificates..
Thanks
Murali
Message was edited by:
Murali Babu Pallabothula
HI,
See the below links
HTTP* Errors /people/krishna.moorthyp/blog/2006/07/23/http-errors-in-xi
also see the below links may be useful..
See the below links
/people/sap.user72/blog/2005/06/16/using-digital-signatures-in-xi
SAP Java Cryptographic Toolkit
http://help.sap.com/saphelp_nw04/helpdata/en/8d/cb71b8046e6e469bf3dd283104e65b/content.htm
http://help.sap.com/saphelp_nw04/helpdata/en/fb/322f41d606ef23e10000000a155106/frameset.htm
http://help.sap.com/saphelp_nw04/helpdata/en/45/341a2176b74002e10000000a155369/frameset.htm
Also see the below threads.
Regards
CHilla
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I hope you guys had good weekend..
I totally see the 2 messages in RWB adopter engine.
One message is successful and the second is general exception.
When I going to general exception message -> details
ERROR
Transmitting message 93510270ec2011dba498001438ee46bd to partner failed with HTTP code 500, alerted
Transmitting the message to endpoint http://Host/MessagingSystem/receive/CIDXAdapter/CIDX using connection CIDXAdapter failed, due to: Received HTTP response code 500..
When I am looking into the Message content, It is giving like
Error when checking keystore view Message is signed. Signing is not required for this message according to the agreement
I dont know that, are we load the digital certificates in visual administration tool proper way.
Can any one give us the step by step process to load certificates in visual admin tool.
Thanks
M
>>>"Signature verification failed, alerted;Error when accessing keystore:service_ssl..."
The adapter framework uses the XIAFUSER to access the keystore entires. I guess you've placed your certs in the "service_ssl" view.
Try this - open up VA and go to the Security Provider service. Then in "Components", look for "keystore-view.service_ssl". Then click on the "Security Roles" tab on the right. Go into change mode (pencil icon) and highlight "KeystoreAdministrator". If not selected already, select Role Type "Security Role" radio button (click OK on the warning). Click on the "Add" button and add user XIAFUSER.
Then try your scenario again.
Regards,
Jin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
jin,
Thanks a lot we made small progress.
I did the change what you suggest me.
Now I am seeing 2 messages in RWB (1 with success and 2 is System error) it looks like it sending message to integration engine but I am not seeing any message in SXMB_MONI. But it gave error message below mention.
<b>ERROR</b>
"Transmitting the message to endpoint httpS://od0su-wad026.sun-rm.com:52101/MessagingSystem/receive/CIDXAdapter/CIDX using connection CIDXAdapter failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: java.lang.RuntimeException: Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier."
Can you please let us know do we need to change any other setting..
I think it is failing when it is trying to send the Receipt Acknowledge to the system, Is there any way we stop the receipt acknowledge for time being.
another question is when it is sending to integration engine why it did not showed up in the SXMB_MONI.
Thanks for your time..
Thanks
M
Message was edited by:
Murali Babu Pallabothula
<i>>>>Transmitting the message to endpoint httpS://od0su-wad026.sun-rm.com:52101/MessagingSystem/receive/CIDXAdapter/CIDX...</i>;
Is <i>od0su-wad026.sun-rm.com</i> your XI host or your partner's host?
In your sender CIDX channel, what do you have configured for "URL" within "Transport Parameters". This should be the URL of your partner system (where the signal/receipt ack should be sent back to).
<i>>>>Is there any way we stop the receipt acknowledge for time being.</i>
Not that I know of...
<i>>>>another question is when it is sending to integration engine why it did not showed up in the SXMB_MONI.</i>
My guess is that b/c the ack is failing, it's not forwarding on to the integration engine. You would see a 3rd message for the one that gets forwarded on to the integration engine.
Jin
Jin,
Appreciate your time
Last time I gave wrong url for Receipt Acknowledge in the sender adopter.
Actually we are getting message from DMZ(Which is outside of the firewall)
When we are sending back Receipt Acknowledge to different system (for time being we are using XI quality system).
But I seeing the 2 messages only in RWB.
It gave below error now.
<b>ERROR</b>
Transmitting the message to endpoint http://host:port/MessagingSystem/receive/CIDXAdapter/CIDX using connection CIDXAdapter failed, due to: Received HTTP response code 401..
If possible is there any phone number I can reach you or if possible can you please reach by 248-943-4239.
Thanks a lot..
M
Message was edited by:
Murali Babu Pallabothula
<i>>>>When we are sending back Receipt Acknowledge to different system (for time being we are using XI quality system).</i>
You mean you're not actually sending it back to the original sender? Not sure if that would work. Unfortunately, my test systems are being patched and I can't confirm the problems this might cause.
In any case, the 401 is authentication related so in the meantime double check your user/pwd in the Authentication area as you referred to earlier.
Unfortunately, I won't be available til next week, but hopefully you can get some additional help from the forum on this.
Regards,
Jin
To import certificates into Key Storage service, dont use Import option. Use Load. 😛
You should be able to load .p12 or .pfx files.
Import is for when you generate key par certificate into Key Storage, create a sign request, submit it to a certification autority (such as Verysign) and then you import their sign response.
Regards,
Henrique.
Jin,
I hope you had nice vacation
I am still facing the same error, can you please help us on the How to save customer digital certificates in XI Visual Admin. We got like 3 files from customer. 2 are .DER and 1 is .CRT.
How these files will save in the visual admin. After that how can we them in the sender agreement..
Appreciate your help..
Thanks
Murali
Hi Murali -
For loading the files, see Henrique's response above. Choose the proper view and use the load option. For the message level security (e.g. digital signature), you can create your own view in the Key Storage service and load the certificates there.
As far as the files/certs you received from your partner:
1.) One file should be to verify the digital signature on the initial message sent by your partner (in Sender Agreement, this corresponds to section "Partner Certificate for Signing".
2.) If using https to send your receipt acknowledgement back to your partner, then one file should be a root CA certificate that you load into the TrustedCAs view. Essentially, when you send the receipt acknowledgement back to your partner's server, which is SSL enabled, you need to trust the issuer/CA of the server certificate presented by your partner's system.
Don't know what the 3rd file you received is for.
Also, in the Sender Agreement, in section "Current Certificate for Signing", this is where you specify the private key that you generated and will use to sign the action/rec. acknowledgement message. Your partner would need the corresponding public key to verify the signature.
Regards,
Jin
Murali,
Its complaining about the keys stored in the Key storage of J2EE. Check once again whether you have installed correctly or not as per this help:
http://help.sap.com/saphelp_nw04/helpdata/en/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
---Satish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Satish,
Thanks for your quick response.
we created the Key Pair in the Visual Admin Tool (cluster -> Keystore -> create button )
is there any step by step guide for installing the certificates(which explains what type of certificates we need from external vendor, what is publickey and privatekey and all) in Visual Admin Tool and CIDX configuration...
Appreciate your time.
Thanks
M
Hi,
I think we dont have any document on this. You do have SAP help on this. Check this help out:
http://help.sap.com/saphelp_nw04/helpdata/en/36/7627aa3fe440369150a434f8137eda/content.htm
---Satish
Hi
I am looking into like which you sent me.
the other questions is, we got 3 (1 is .CER and 2 are .DER)files from my external party. do I need to generate publickey or privatekey by using the generate button in the Visual Admin Tool. or I can import these files using the import option..
we are just in confusion stage how we can install 3 files into Visual Admin Tool
Thanks
M
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.