on 02-10-2016 12:12 PM
Hi All,
We are facing issue in our PI receiver adapter when attempting to connect a DMZ network based FTPS directory using an SSL Certificate for authentication .
The error log states : “ Peer Certificate Rejected by Chain Verifier”
Please help me to resolve the issue.
Thanks & Regards,
Vishnu Pallamreddy.
it is SSL handshake error. check your signer by using XPI trace and see the whether you've inserted the same certificate in Trusted CAs. if not download the certificate and import to Trusted CA.
once download and import it into the TrustedCAs keystore and you restart the communication channel, this SSL communication will work fine.
refer the blog to to find the signer.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
https://answers.sap.com/questions/504106/sslcertificateexception-peer-certificate-rejected-.html This blog talks about the fix as below:- I am yet to try though.
So, the error was because the remote server had an expired certificate installed, thus when PI check for the certificates of the remote server, it returned the valid certificate, but also an invalid expired certificate, this being the cause of the error.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can refer the below note as well Vishnu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Vishnu,
Certificate seems to be invalid.
Make sure certificates are valid and within the expiry date.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Vishnu,
Have you installed the certificate given by FTPS server in NWA ? Check with your Server guy whether do that have chain certificated i.e and intermediate or root you need to install these certificates too if any.
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Manoj,
We have followed the below steps:
Development steps for this connection –
1. The given SSL Server certificates were loaded into PI system NWA under Trusted CAs following the same order of the certificate hierarchy (i.e. Root main Intermediate)
2. Corresponding Private key created using the main certificate .
3. File Receiver adapter configured using the IP address of the FTPS directory.
4. Port used for the connection is 21.
5. Connection mode : Passive .
6. High port range opened for high volume of traffic from 18100 to 18410.
7. Private key used in channel for certificate call.
8. Also , a host file entry added into PI system’s local host file.
9. FQDN also tried in place of hostname for the same entry.
10. Firewall changes are also up for the same connection , Though, we are also doing a recheck on this point.
11. New certificates were also used for the same connection.
However, with all these options , the error remains the same as mentioned above .
Hello Vishnu,
This happens even if your third party system is not allowing you to connect to their system. Can you please check if the ports of PI system are allowed by your 3rd party system. If they have allowed and you are able to connect to it successfully, then please check if the certificate provided is perfect and CA signed. Unless this trust is not setup, there will be no handshake allowed by PI system.
Regards,
Nitin
please share the trace of log.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
I am getting the error "MP: exception caught with cause java.io.IOException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier" in the REST receiver channel in SAP PO 7.5
1) I have imported all the three chain certificates in the correct sequence.
2) In the XPI trace, we can see handshake is happening successfully but we are still not getting the response back.
PFA XPI trace.xpi-trace.jpg
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.