cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP PI 7.40 adapter FTPs sender iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Go to solution
Former Member

on ‎09-23-2015 2:56 PM

0 Kudos

Hi the community,

We are migrating from a server SAP PI 7.11 to a server SAP PI 7.40.

We have a connexion with an adapter sender FTPs .

The same certificate is on both server (7.11 and 7.40)

I made the same configuration on SAP PI 7.40 than on SAP PI 7.11.

The connection on SAP PI 7.11 works perfectly but doesn't work on SAP PI 7.40

I receive an error "iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier"

The certificate is defined on a TLS 1.2 protocol.

Can someone help me to understand ?

Kind Regards

Eric Koralewski

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

pvishnuvardan_reddy
Active Contributor
‎09-24-2015 1:34 PM
0 Kudos

Hi Eric,

Can you check the below note and see it helps you.

Note 1992392:Peer certificate rejected by ChainVerifier error due to name mismatch in FTPS Adapter

Show replies
Show replies
Former Member
‎09-24-2015 2:08 PM
0 Kudos

Hi Vishnu,

The name of the server in CN name is *.car-pass.be and the name of the server is ftp-car-pass.be

I applied the parameter strictHostnameChecking to flase in advanced parameters.

The issue is still there.

Can you tell me how to check if  the correct patches are deployed to bypass that check, please?

Kind Regards

Eric Koralewski

pvishnuvardan_reddy
Active Contributor
‎09-24-2015 2:27 PM
0 Kudos

Hi Eric,

Can you check with your basis/network team on any issue with the firewall which is not allowing the connectivity.

Also, as suggested by Hareesh, is the certificate imported properly into the Trusted CA's path of NWA. And are you able to select the same in the channel level.

Former Member
‎09-24-2015 2:46 PM
0 Kudos

Hi Vishnu,

There is no issue of connection with firewall.

I installed Filezilla on the server and the connection with it works perfectly.

The certificate is correctly installed under TrustedCAs.

Regards

former_member186851
Active Contributor
‎09-24-2015 2:49 PM
0 Kudos

Hello Eric,

Connecting from File Zilla is different,

Just check ports/firewalls are enabled from PI and client side.

pvishnuvardan_reddy
Active Contributor
‎09-24-2015 3:01 PM
0 Kudos

Hi Eric,

Can you check the below links

Former Member
‎09-24-2015 3:10 PM
0 Kudos

Hi Vishnu,

Thanks very much for your collaboration!

That was an issue of certificate.

The provider didn't give the good one.


Regards

Eric Koralewski

former_member186851
Active Contributor
‎09-24-2015 3:19 PM
0 Kudos

Hello Eric,

Just a small question for understanding.

As per your discussion-

The same certificate is on both server (7.11 and 7.40)

I made the same configuration on SAP PI 7.40 than on SAP PI 7.11.

The connection on SAP PI 7.11 works perfectly but doesn't work on SAP PI 7.40

Then how this certifcate worked in 7.11 when the issuer provided bad certificate?

Former Member
‎09-24-2015 3:26 PM
0 Kudos

Hello Raghuraman,

Little history:

First I exported the certificate used on PI 7.11 but the end date was exopired

Despite that expiration, the connexion works on PI 7.11.

I imported that certificate  in PI 7.40 and the connexion didn't work.

I requested a new cetificate to the provide of the ftp site.

He provided me a new one. 2 days ago  but the connexion didn't worked.

that's why I posted this message.

Today, he provide another certificate and there, the connexion works.

Regards.

Eric Koralewski

former_member186851
Active Contributor
‎09-24-2015 3:34 PM
0 Kudos

Got It Eric..

Answers (3)

Answers (3)

former_member182455
Active Contributor
‎09-24-2015 4:53 AM
0 Kudos

Hi. Follow the instructions of note 694290 to import the certificate chain Regards Srinivas

Show replies
Show replies
former_member186851
Active Contributor
‎09-23-2015 3:04 PM
0 Kudos

Hello Eric,

Check with the network team whether firewall setting/port are open for the new PI system.

Show replies
Show replies
former_member184720
Active Contributor
‎09-23-2015 3:04 PM
0 Kudos

Where did you upload the certificates? Under Trusted CA"s?

If you have several certificates in the chain, you should upload them all into NWA.( http:// host : port//nwa/key-storage -> Trusted CA's)

Show replies
Show replies
Ask a Question