cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Server certificate rejected by ChainVerifier:FTPS server(Points Guaranteed)

Go to solution
Former Member

on ‎07-11-2007 11:50 PM

0 Kudos

Hello Gurus,

We have a scenario where we need to connect to external FTP'S server and pull the files from there and process them and send them to XI. This is scenario is working fine with FTP server.

I went through some forums and also SAP NOTE : 821267, according to them we pushed the server certificate(The one which they used to enable the SSL on FTP) into the XI server's trusted CA store under KEY storage, still we get the same error. In CC I have tried with the connection security as Data/Data and control option, also with and with out using X.509 certificate. NO USE still the same.

- 2007-07-11 17:33:48 CDT: Error: Error connecting to ftp server 'FTP'S Server: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

- 2007-07-11 17:33:43 CDT: Processing started

The only way is to generate the CSR request through XI server and get it signed by the third party CA(From the same CA who signed the FTP'S server certificate) and push that into the XI server. But the business owners are not willing to spend on that....

CAN ANY ONE PLEASE DIRECT ME TO SOME DOCS or EXPLAIN ME IN DETAIL, WHAT TO DO ON XI SERVER AND Integration Builder : configurator.

Any help is greatly appreciated and also Forum points....

Thanks & Regards,

Raju.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

prateek
Active Contributor
‎07-12-2007 4:15 AM
0 Kudos

See if this helps

Regards,

Prateek

Show replies
Show replies
Former Member
‎07-12-2007 3:49 PM
0 Kudos

That talks about the https and also he is sending the cert through his program. I am looking for FTPS and more over only signed certs are visible in Integration builder : configurator.

Regards,

raju.

Former Member
‎07-12-2007 6:12 PM
0 Kudos

Mamidi,

Check this document and see whether have done all the steps as mentioned in the document or not:

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff670...

If you configure as mentioned in the document then you should not have any problem.

Regards,

---Satish

Answers (2)

Answers (2)

Former Member
‎01-11-2008 5:46 PM
0 Kudos

Hi All,

We have the same 'Server certificate rejected by ChainVerifier' problem. And nothing is helpful from the SDN or SAP Notes.

Finally, we found the root cause by changing the severity to 'Debug' for the Java application ‘com.sap.aii.adapter.file.ftp’ and ‘com.sap.aii.security.lib’ in the Log Configurator service via Visual Admin.

Our root cause is the IP to DNS name resolving problem. The FTPS server's name can not be resolved on the server where the File Adapter is running via the 'Ping -a ###.###.###.###' command.

The SSL handshake needs to confirm that the FTPS client is using the FTPS server’s DNS name to access the FTP service since only the DNS name of the FTPS server is stored in the certificate signed by the trusted CA (e.g. VeriSign). That does make sense since it’s the way the Certification Authorities works.

Hope this helps.

Regards,

Changzheng

Show replies
Show replies
bhavesh_kantilal
Active Contributor
‎08-07-2008 3:09 PM
0 Kudos

Changzheng,

Your answer solved a problem which has been pestering me for 3 days now!

1. I had loaded my FTP server's cert in my TrustedCa's in my keystore ( It was a self signed certificate) but I was using the IP address in the FTP adapter. Certificate got rejected.

2. Pulled my hair out, saw your thread, gave it a shot, and bingo it worked.

You ve just made my day! Thanks.!

Cheers,

Bhavesh

MichalKrawczyk
Active Contributor
‎07-12-2007 12:18 AM
0 Kudos

Hi Raju,

have a look at this problem guide:

http://help.sap.com/saphelp_nw04s/helpdata/en/ab/08194116bfb167e10000000a155106/content.htm

and this part from that page:

"Symptom:

iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier

Problem:

Server certificate not be accepted.

Solution:

Add the certificate of the server to a keystore view that is used by the destination. See Checking used credentials and URL."

Regards,

michal

Show replies
Show replies
Ask a Question