on 07-11-2007 11:50 PM
Hello Gurus,
We have a scenario where we need to connect to external FTP'S server and pull the files from there and process them and send them to XI. This is scenario is working fine with FTP server.
I went through some forums and also SAP NOTE : 821267, according to them we pushed the server certificate(The one which they used to enable the SSL on FTP) into the XI server's trusted CA store under KEY storage, still we get the same error. In CC I have tried with the connection security as Data/Data and control option, also with and with out using X.509 certificate. NO USE still the same.
- 2007-07-11 17:33:48 CDT: Error: Error connecting to ftp server 'FTP'S Server: iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
- 2007-07-11 17:33:43 CDT: Processing started
The only way is to generate the CSR request through XI server and get it signed by the third party CA(From the same CA who signed the FTP'S server certificate) and push that into the XI server. But the business owners are not willing to spend on that....
CAN ANY ONE PLEASE DIRECT ME TO SOME DOCS or EXPLAIN ME IN DETAIL, WHAT TO DO ON XI SERVER AND Integration Builder : configurator.
Any help is greatly appreciated and also Forum points....
Thanks & Regards,
Raju.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mamidi,
Check this document and see whether have done all the steps as mentioned in the document or not:
If you configure as mentioned in the document then you should not have any problem.
Regards,
---Satish
Hi All,
We have the same 'Server certificate rejected by ChainVerifier' problem. And nothing is helpful from the SDN or SAP Notes.
Finally, we found the root cause by changing the severity to 'Debug' for the Java application com.sap.aii.adapter.file.ftp and com.sap.aii.security.lib in the Log Configurator service via Visual Admin.
Our root cause is the IP to DNS name resolving problem. The FTPS server's name can not be resolved on the server where the File Adapter is running via the 'Ping -a ###.###.###.###' command.
The SSL handshake needs to confirm that the FTPS client is using the FTPS servers DNS name to access the FTP service since only the DNS name of the FTPS server is stored in the certificate signed by the trusted CA (e.g. VeriSign). That does make sense since its the way the Certification Authorities works.
Hope this helps.
Regards,
Changzheng
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Changzheng,
Your answer solved a problem which has been pestering me for 3 days now!
1. I had loaded my FTP server's cert in my TrustedCa's in my keystore ( It was a self signed certificate) but I was using the IP address in the FTP adapter. Certificate got rejected.
2. Pulled my hair out, saw your thread, gave it a shot, and bingo it worked.
You ve just made my day! Thanks.!
Cheers,
Bhavesh
Hi Raju,
have a look at this problem guide:
http://help.sap.com/saphelp_nw04s/helpdata/en/ab/08194116bfb167e10000000a155106/content.htm
and this part from that page:
"Symptom:
iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier
Problem:
Server certificate not be accepted.
Solution:
Add the certificate of the server to a keystore view that is used by the destination. See Checking used credentials and URL."
Regards,
michal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.