on 11-24-2015 10:56 PM
Hello,
We're in the process of implementing an ERP > HCI > C4C system. We've followed all the how-to guides and instructions to get where we are now. What we have is an ECC 6 ERP system that is connected via certificate authentication (somewhat) to HCI as middleware for using Cloud for Customer. We are only attempting the "Replicate Material from SAP Business Suite" iFlow at the moment.
Our problem is when we test the IDOC (MATMAS_CFS) from SAP using trans. BD10, it doesn't seem to transfer exactly as should.
Our ERP system is showing a 'No IDoc saved in target system (SOAP HTTP)" error. Screenshot attached and HCI is showing a similar error message on it's end. Log is attached.
Not sure where we're going wrong as everything seems to be configured as it should. Please help
Hi Adam
If you look into your MPL log in HCI, you can see that the error is happening when trying to send the message to the receiver COD system.
Processing exchange ID-vsa697905-od-sap-biz-33144-1448124847088-5-22 in cxf:bean:COD_{
Error = org.apache.cxf.interceptor.Fault: Could not generate the XML stream caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target., cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
SSL handshake with the target system failed because the certificate for the target system is not in your HCI tenant keystore.
To do that you need to update the system.jks keystore in your tenant with the root CA certificate for the C4C site. Refer to Paul's blog below for a comprehensive step by step guide on how to do it with the help of Keystore Explorer. I'd normally just import the Root CA (and not the whole chain of certificate)
After you have updated the keystore in HCI, you can test it out using the Test Outbound Connection feature in the Node Explorer.
Rgds
Eng Swee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's an excellent answer, thank you. Our problem is that if we create a new keystore (system.jks) file, then we lose the already existing certificates that the file contains.
If we try and open the existing keystore from HCI in order to perverse the existing certificates, we are asked for a password which we don't know.
Any suggestions? Or does need to be forwarded to SAP?
That's an excellent answer, thank you. Our problem is that if we create a new keystore (system.jks) file, then we lose the already existing certificates that the file contains.
If we try and open the existing keystore from HCI in order to perverse the existing certificates, we are asked for a password which we don't know.
Any suggestions? Or does need to be forwarded to SAP?
Hi Adam
When I received the details for my HCI tenant, SAP also provided the password for the existing keystore. I'd suggest you check if you had any such mail from SAP. If not, you should contact SAP to get the details then.
Rgds
Eng Swee
User | Count |
---|---|
89 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.