cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Problem with SSL certificate

Former Member

on ‎06-21-2007 11:05 AM

0 Kudos

I'm trying to connect SRM with a Marketsite through XI:

Here's the scenario:

SRM (Purchase Order) > XI 7.0 (Marketplace Adapter) > Marketsite

Right now, I am getting an error in the adapter engine saying:

"Error while silently connecting: org.w3c.www.protocol.http.HttpException: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"

Apparently, the problem seems to be related to the ssl certificate. I am using an https connection and UID/PW as the authentication method in the marketplace adapter settings.

Where should I import the certificate of the marketsite in XI? I have tried putting it into the TrustedCAs of the Key Storage in the Visual Administrator, but I still get the same error.

Is there a specific format of the certificate that XI accepts? What else should I be configuring to get the message successfully processed? How can I troubleshoot this properly?

Hoping you can help me out.

Best Regards,

Glenn

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-21-2007 11:11 AM
0 Kudos

Glenn,

You need to make sure that you have loaded all the certificates in the certificate path, not just the last certificate. You are getting a chain error, i.e. you are missing certificates.

The certificate you got from the Marketplace will have a certificate from the issue party.

Regards,

Simon

Show replies
Show replies
Former Member
‎06-21-2007 11:59 AM
0 Kudos

Thank you very much, Simon.

I'm having difficulty importing the certificate into the "TrustedCAs"; it wants me to provide a password, then asks for chain certificates.

The certificate I got from the marketsite is in the format PKCS#7, which contains the certificate of the issuing party and the certificate itself., but apparently XI only accepts PKCS8 and 12. Could this be the cause of the problem?

Would you know the specific formats I should be importing?

Warm regards,

Glenn

Former Member
‎06-21-2007 1:44 PM
0 Kudos

The Visual Administrator excepts the following certificate formats

Base64 Encoded Certificate (*.cert)

Base64 Encoded Private Key (*.key)

PKCS#8 Private Key (*.p8)

PKCS#12 Key (*.p12, *.pfx)

X.509 Certificate (*.crt).

If your adapter is using ABAP you need to load the certificates into the Trust Manager (STRUST)

Look at the certificate that you got from the market place.

Open in windows and then go to the <b>Certification Path</b> tab and get certificates for every entry in the path.

Regards,

Simon

Former Member
‎07-15-2007 4:29 PM
0 Kudos

Glen, did u manage to solve this issue? im facing the same1

henrique_pinto
Active Contributor
‎07-15-2007 8:48 PM
0 Kudos

You don't need to import the same certificate in TrustedCAs.

Instead, you have to import the certificate of the issuer in the TrustedCAs...

Regards,

Henrique.

Former Member
‎07-16-2007 6:32 AM
0 Kudos

Hi Shai,

I haven't solved the problem yet, unfortunately. We're still working on it but I'll update you guys with the solution as soon as it is done. Thank you all for your help!

Glenn

Former Member
‎07-16-2007 6:35 AM
0 Kudos

Glenn,

Please check this document and verify all the steps you have done or not. If you follow this you should not have any problem.

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff670...

Regards,

---Satish

Ask a Question