cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Peer Certificate Rejected by Chain Verifier - IN SAP PI Receiver Channel

Go to solution
vishnu_pallamreddy
Contributor

on ‎02-10-2016 12:12 PM

0 Kudos

Hi All,

We are facing issue in our  PI receiver adapter when attempting to connect a DMZ network based FTPS directory using an SSL Certificate for authentication .

The error log states : “ Peer Certificate Rejected by Chain Verifier”  

Please help me to resolve the issue.

Thanks & Regards,

Vishnu Pallamreddy.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member213558
Active Participant
‎02-10-2016 12:38 PM
0 Kudos

it is SSL handshake error. check your signer  by using  XPI trace and see the whether you've inserted the same certificate in Trusted CAs. if not download the certificate and import to Trusted CA.


once download and import it into the TrustedCAs keystore  and you restart the communication channel, this SSL communication will work fine.

refer the blog to to find the signer.

Show replies
Show replies

Answers (5)

Answers (5)

former_member499364
Participant
‎07-27-2020 7:32 PM
0 Kudos

https://answers.sap.com/questions/504106/sslcertificateexception-peer-certificate-rejected-.html This blog talks about the fix as below:- I am yet to try though.

So, the error was because the remote server had an expired certificate installed, thus when PI check for the certificates of the remote server, it returned the valid certificate, but also an invalid expired certificate, this being the cause of the error.

Show replies
Show replies
former_member186851
Active Contributor
‎02-10-2016 3:05 PM
0 Kudos

You can refer the below note as well Vishnu.

Note 1992392:Peer certificate rejected by ChainVerifier error due to name mismatch in FTPS Adapter ...

Show replies
Show replies
former_member186851
Active Contributor
‎02-10-2016 1:27 PM
0 Kudos

Hello Vishnu,

Certificate seems to be invalid.

Make sure certificates are valid and within the expiry date.

Show replies
Show replies
manoj_khavatkopp
Active Contributor
‎02-10-2016 12:21 PM
0 Kudos

Hi Vishnu,

Have you installed the certificate given by FTPS server in NWA ? Check with your Server guy whether do that have chain certificated i.e and intermediate or root you need to install these certificates too if any.

Br,

Manoj

Show replies
Show replies
vishnu_pallamreddy
Contributor
‎02-10-2016 12:26 PM
0 Kudos

Hi Manoj,

We have followed the below steps:

Development steps for this connection –

1. The given SSL Server certificates were loaded into PI system  NWA under Trusted CAs following the same order of the certificate hierarchy (i.e. Root  main  Intermediate)

2. Corresponding Private key created using the main certificate .

3. File Receiver adapter configured using the IP address of the FTPS directory.

4. Port used for the connection is 21.

5. Connection mode : Passive .

6. High port range opened for high volume of traffic from 18100 to 18410.

7. Private key used in channel for certificate call.

8. Also , a host file entry added into PI system’s local host file.

9. FQDN also tried in place of hostname for the same entry.

10. Firewall changes are also up for the same connection , Though, we are also doing a recheck on this point.

11. New certificates were also used for the same connection.

However, with all these options , the error remains the same as mentioned above .

nitindeshpande
Active Contributor
‎02-10-2016 2:26 PM
0 Kudos

Hello Vishnu,

This happens even if your third party system is not allowing you to connect to their system. Can you please check if the ports of PI system are allowed by your 3rd party system. If they have allowed and you are able to connect to it successfully, then please check if the certificate provided is perfect and CA signed. Unless this trust is not setup, there will be no handshake allowed by PI system.

Regards,

Nitin

former_member213558
Active Participant
‎02-10-2016 12:15 PM
0 Kudos

please share the trace of log.

Show replies
Show replies
former_member499364
Participant
‎07-27-2020 7:29 PM
0 Kudos

Hi All,

I am getting the error "MP: exception caught with cause java.io.IOException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier" in the REST receiver channel in SAP PO 7.5

1) I have imported all the three chain certificates in the correct sequence.

2) In the XPI trace, we can see handshake is happening successfully but we are still not getting the response back.

PFA XPI trace.xpi-trace.jpg

Ask a Question