on 07-24-2015 10:13 PM
Hi,
We are deploying SMP 3.0 SP07 in our UAT and Production environment.
The application is using Integration gateway as the Backend Endpoint in the SMP application (Admin page).
For the Integration gateway we have created a load balanced URL to balance 2 SMP nodes in UAT and PROD environment.
When I am using the load balanced URL in the SMP Admin cockpit for the application as Backend Endpoint and performing ping on that I am getting exception "peer not authenticated".
If certificate Alias is mentioned in the BackEnd configuration then the error is that the hostname is not matching.
I have imported the load balancer node SSL certificate and the SMP node certificate in the SMP keystore using the keytool command and also restarted the SMP server still the error persists.
Keytool Command :
keytool -import -v -alias loadbalancer -keystore smp_keystore.jks -storepass LHM0bility -file C:\Certs\loadBalancer.cer
keytool -import -v -alias uatnode1 -keystore smp_keystore.jks -storepass LHM0bility -file C:\Certs\usaxaashbsmp2.grouphc.net.cer
Both imports are successful.
In the SMP Admin Back End configuration I have tried using the above certificate Alias also still the issue continues.
I have referred to this blog :http://scn.sap.com/thread/3597324 and the issue persists.
Attached is the image that shows the application configuration in SMP and the error after ping.
Please provide assistance in resolving this issue.
Regards,
Amit
Hello Amit,
For the Integration gateway we have created a load balanced URL to balance 2 SMP nodes in UAT and PROD environment.
I am not clear on this, do you have any sample diagram to explain the app communication flow?
Regards,
JK
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jitendra,
Please find a sample diagram which shows the load balance structure for UAT environment.
SMP integration gateway service document URL is load balanced with port 8083 connection since we cannot use the localhostname in the SMP application Backend configuration in a loadbalanced environment.
Please let me know if more clarity is needed.
Regards,
Amit
Hello Amit,
In general, IGW URLs listen on same host and port as SMP Admin cockpit. While setting up an application id in Admin cockpit, INTERNAL option is checked for the BACKEND in case if endpoint URL is IGW's one. Hence there is no need of 'Certificate Alias'.
But I would call and to share more info on this.
Regards,
JK
Hi Jitendra,
Thanks for the reply.
I understand that we want to use IGW URL as BACKEND with Internal option set in SMP Admin cockpit but to use that we will have to use hostname for the URL and we cannot use localhost as it will give Exception in SMP connection.
But if we use hostname in the BACKEND Url how will the it work for 2 different UAT nodes ?
Eg : For node 1 the URL with Hostname it has to be
https://<UATNode1>:8083:/gateway/odata/SAP/ITest_ODATA;v=1
For node 1 the URL with Hostname it has to be
https://<UATNode2>:8083:/gateway/odata/SAP/ITest_ODATA;v=1
again that will not work since for UATNode1 the second backend URL will fail and for UATNode2 first backend URL will fail also we will have 2 BACKEND connections created for one application and that would be duplicate and mobile app will have to change connection ID based on connecting node which not possible.
Please let me know what solution is there around this.
Regards,
Amit
Hi Andreas,
I am working with Kevin Bates to understand and resolve the issue. We think the issue is related to ping functionality in the SMP Admin cockpit.
But the SMP application is able to connect internally to integration gateway on localhost when data is requested via SMP application.
We are still testing and checking to see if there are any issues.
In summary the hostname used for either node doesn't matter if "Internal" is checked in the Backend configuration.
Regards,
Amit
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.