cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ERP > HCI > C4C iFlow errors

Go to solution
Former Member

on ‎11-24-2015 10:56 PM

0 Kudos

Hello,

We're in the process of implementing an ERP > HCI > C4C system.  We've followed all the how-to guides and instructions to get where we are now.  What we have is an ECC 6 ERP system that is connected via certificate authentication (somewhat) to HCI as middleware for using Cloud for Customer.  We are only attempting the "Replicate Material from SAP Business Suite" iFlow at the moment.

Our problem is when we test the IDOC (MATMAS_CFS) from SAP using trans. BD10, it doesn't seem to transfer exactly as should.

Our ERP system is showing a 'No IDoc saved in target system (SOAP HTTP)" error.  Screenshot attached and HCI is showing a similar error message on it's end.  Log is attached.

Not sure where we're going wrong as everything seems to be configured as it should.  Please help

MessageLog-com.sap.scenarios.erp2cod.material.replicate.txt.zip
Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

engswee
Active Contributor
‎11-25-2015 2:53 AM
0 Kudos

Hi Adam

If you look into your MPL log in HCI, you can see that the error is happening when trying to send the message to the receiver COD system.



Processing exchange ID-vsa697905-od-sap-biz-33144-1448124847088-5-22 in cxf:bean:COD_{


                                                      Error               = org.apache.cxf.interceptor.Fault: Could not generate the XML stream caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target., cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

SSL handshake with the target system failed because the certificate for the target system is not in your HCI tenant keystore.

To do that you need to update the system.jks keystore in your tenant with the root CA certificate for the C4C site. Refer to Paul's blog below for a comprehensive step by step guide on how to do it with the help of Keystore Explorer. I'd normally just import the Root CA (and not the whole chain of certificate)

After you have updated the keystore in HCI, you can test it out using the Test Outbound Connection feature in the Node Explorer.

Rgds

Eng Swee

Show replies
Show replies
Former Member
‎11-25-2015 9:39 PM
0 Kudos

That's an excellent answer, thank you.  Our problem is that if we create a new keystore (system.jks) file, then we lose the already existing certificates that the file contains.

If we try and open the existing keystore from HCI in order to perverse the existing certificates, we are asked for a password which we don't know.

Any suggestions?  Or does need to be forwarded to SAP?

Former Member
‎11-25-2015 9:39 PM
0 Kudos

That's an excellent answer, thank you.  Our problem is that if we create a new keystore (system.jks) file, then we lose the already existing certificates that the file contains.

If we try and open the existing keystore from HCI in order to perverse the existing certificates, we are asked for a password which we don't know.

Any suggestions?  Or does need to be forwarded to SAP?

engswee
Active Contributor
‎11-26-2015 1:18 AM

Hi Adam

When I received the details for my HCI tenant, SAP also provided the password for the existing keystore. I'd suggest you check if you had any such mail from SAP. If not, you should contact SAP to get the details then.

Rgds

Eng Swee

Former Member
‎11-28-2015 3:13 AM
0 Kudos

Thank you again.  We're in talks now with SAP on getting them to update our keystore in HCI.

Thank you for your help.

~Adam

Answers (0)

Ask a Question