cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Certificate issue while connecting to SFDC from SAP PI

Go to solution
viswanahreddy
Participant

on ‎08-10-2015 1:09 PM

0 Kudos

While connecting from ECC --> SAP PI --> SFDC.

I am getting the Error as below. But we are not using any certificates at receiver SOAP adapter.

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>

- <!-- 

 Inbound Message

--> 

- <SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">

<SAP:Category>XIAdapterFramework</SAP:Category>

<SAP:Code area="MESSAGE">GENERAL</SAP:Code>

<SAP:P1 />

<SAP:P2 />

<SAP:P3 />

<SAP:P4 />

<SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier</SAP:AdditionalText>

<SAP:Stack />

<SAP:Retry>M</SAP:Retry>

</SAP:Error>

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

viswanahreddy
Participant
‎08-13-2015 12:40 PM
0 Kudos

Issue got resolved.

what ever the URL for which we are connecting to SFDC from PI system.

from that URL i have downloaded certificate and imported in NWA > TrustedCA's from then my channel could able to open the connectivity between PI and SFDC.

Thanks for your support.

Show replies
Show replies

Answers (4)

Answers (4)

Former Member
‎08-10-2015 6:46 PM
0 Kudos

Hi ,

We had similar issues when we were testing with SFDC Server for the first time.

We do not need any  CA Certificates from Salesforce to resolve this issue.

It was resolved by adding  below mentioned module  configuration  in SOAP adapter  :

Module Name  :sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean
Module Key  = soap
Parameter Name = trustStore
Parameter Value = TrustedCAs


Please refer to SAP note 1588148 as mentioned by Harish for more Info.


Regards,

Yeshwanth

Show replies
Show replies
viswanahreddy
Participant
‎08-10-2015 3:22 PM
0 Kudos

Hi Harish/Indrajit

We are not using any  certificates at channel level.

in which Tcode can i see the SSL certificates whether expired or not.

Show replies
Show replies
Harish
Active Contributor
‎08-11-2015 7:08 AM
0 Kudos

Hi,

If you are connecting to HTTPS webservice so you need to download the connection certificate and upload in trusted key store. then you should be able to connect to web service.,

regards,

Harish

viswanahreddy
Participant
‎08-11-2015 7:00 PM
0 Kudos

could you please suggest me how to download connection certificate....
or i have to get it form SFDC team.

Former Member
‎08-11-2015 9:23 PM
0 Kudos

Hi,

You Can Create your own Trusted CAs  as mentioned in below mentioned link:

Creating Certificates and Key Pairs&lt;/title&gt; &lt;meta content=&quot;Salesforce offers two types...

Download the .crt File after completion and deploy it in J2EE server of PI system.

But I would like to suggest you to check on module parameters I have mentioned below.

We had raised Incident to SAP support team and they only  recommended to use the  adapter module parameter mentioned in my previous post.

Regards,

Yeshwanth R

viswanahreddy
Participant
‎08-12-2015 11:38 AM
0 Kudos

When i open the given link i could't able to download the .crt file.

do i have to login the SFDC to download .crt file.

please provide me in detail, "if possible please share your contact no it will be easier for me to close the issue in PROD asap"

As you said i will make the necessary changes in module, but i have a question here, this is not the first time we are connecting to SFDC suddenly suddenly messages were failing with that exception.

Note: there is another interface with the same structure which will connect to SFDC but only the server is different and there is no issue with this interface.

viswanahreddy
Participant
‎08-12-2015 12:25 PM
0 Kudos

Hi Yeshwanth

I am stucked at filling the fields

Lable: ?

UniqueName: ?The unique name used by the API and managed packages. The name must begin with a letter and use only alphanumeric characters and underscores. The name cannot end with an underscore or have two consecutive underscores

what does this mean?

Common Name:   can this be ok  ->   www.hostname.xxx.com if not what i need to maintain.

Former Member
‎08-12-2015 12:30 PM
0 Kudos

Hi

Check transaction STRUST in abap stack.Make sure that the certificates are not expired.

Thanks,

Indrajit

viswanahreddy
Participant
‎08-12-2015 2:23 PM
0 Kudos

Hi Indrajit

please find the attached screen shot.

Status was in Green, when i click on red cross status showing (error loading PSE)    please suggest my next step

Former Member
‎08-10-2015 2:18 PM
0 Kudos

Hi

Check this. It may help

http://wiki.scn.sap.com/wiki/display/TechTSG/Peer+certificate+rejected+by+ChainVerifier

Thanks,

Indrajit

Show replies
Show replies
viswanahreddy
Participant
‎08-10-2015 5:26 PM
0 Kudos

From last week onward messages were getting failed in Prod system without any change (certificate issue)

Is it mandatory to have SSL certificates without configured at receiver channel level? if yes,

In which transaction i need to import SSL certificates...Please suggest.

Do i have to get the certificates form the SFDC team to import in SAP?

Harish
Active Contributor
‎08-10-2015 2:03 PM
0 Kudos

Hi,

Please check the sap Note 1588148 - Trusted certificates for SOAP receiver channels.

regards,

Harish

Show replies
Show replies
Ask a Question