on 07-25-2005 5:15 PM
Hello,
Is anyone there to help us to resove this error in XI?
We are getting ICM_HTTP_SSL_ERROR when we try to test the connection in HTTP connections for external servers from SM59.
ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
session uses PSE file "/usr/sap/X10/DVEBMGS13/sec/SAPSSLA.pse"
SecudeSSL_SessionStart: SSL_connect() failed
_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
>> Begin of Secude-SSL Errorstack >>
ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "OU=Secure Server Certification Authority, O=
get_path: (27/0x001b) Found root certificate of <OU=Secure Server Certification Authority, O="RSA Data Security, Inc.",
verify_with_PKs: (27/0x001b) Found root certificate of <OU=Secure Server Certification Authority, O="RSA Data Security,
<< End of Secude-SSL Errorstack
SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
No certificate request from Server
<<- ERROR: SapSSLSessionStart(sssl_hdl=0x60000000058257d0)==SSSLERR_SSL_CONNECT
->> SapSSLErrorName(rc=-57)
<<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
Can we get xi to bypass server side certificates ( like the businnesconnector use to? )
Thanks in Advance.
Hello,
perhaps the Blog: <a href="/people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https">Calling WebServices from ABAP via HTTPS</a> helds a solution for you.
Regards
Gregor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
We had similar problem with XI connection to external company thrue https(ssl)
First you need to install SAPCryptografic lib's
Our solution was to add the external comp. certificate to STRUST -> SSL Client(Standard) and SSL Server.
Then i created a RFC connection to that company using SSL
(Please note to use the DNS name Not Ip-Adress )
The RFC should get a response(we got a http-500) since we dont sent any data.
In XI we set the adapter to use a HTTP(RFC) connection Not a URL connection from the Integration Directory
And so far it looks good, but we are not finished yet we still are working to get the acknowledge from the external company.
I hope this helped
Best regards
Tord
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Check if the Keystore for the certficate is "Anonymn" Key store, may be it is now "Default" Key store. not sure if it helps, but you can try
Regards
Vishnu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your reply Vishnu..
we have instaled the certificate to resolve this error but if we try to test the connection in SM59 we are getting the below error now
HTTP BODY
BOUNDARY##Content-type: text/html##Content-length: 138####<HTML>##<HEA
D>##<TITLE>UPS Internet Software</TITLE>##</HEAD>##<BODY>##<P>UPS Intern
et Software, Copyright UPS 1998</P>##</BODY>##</HTMBOUNDARY##Con
tent-type: application/x-ups-psmpld##Content-length: 104####UPSOnLine%nu
ll%6931%6806Input format is invalid. (GET not supported)
##BOUNDARY##Content-type: application/x-ups-pld##Con
tent-length: 110####00010000009710000008800026806Input format is invalid
. (GET not supported) ##BOUNDARY-
and in the SXMB_MONI - the error message is ICM_HTTP_Connection_failed.
Do you have any idea?
Thanks.
Hi Murugadass,
Check if the RFC you have created for the HTTP conenction to external server is correct.Becoz this error only cimes when the RFC Destnation is not created properly.
I think there is some problem with the parameters for external servers.
Give the details of ur RFC destination to understand ur problem.
Regards
Arpit Seth
Hello Arbit,
These are the setting i have maintained in my RFC.
The connection type is G
under the techincal settings I have give my
Target host , path and service no.
under the log on security tab
SSL client certificate : Default SSL client(standard)
SSL : Active
Under the tab special Options
Time out :ICM Default Time out
HTTP version:HTTP 1.0
Compressed Response:No
Accept cookies :yes
Please let me know if i have missed anything.
Thanks in Advance!
Hi Murugadass,
glad that you are out of the first erorr. You can follow the previous steps and also try to use HTTPS post (and not GET). hope this fixes your error.
you can also try to use basic authentication option with "Anonym" keystore & give any login id pwd.. (in logon & security)
Hope this helps
Regards
Vishnu
Hi Murugadass,
Your RFC Destination looks like it's currently setup to use SSL client certificates for authentication. Is that how you are authenticating with the site? Likely not. I would assume that the site either doesn't require authentication or it requires a username and password.
1) If the site doesn't require authentication, change the Logon Procedure to 'No Logon'.
2) If the site requires a username and password, change the Logon Procedure to 'Basic Authentication' and then enter a username and password below.
Once you do either of these, the entry under SSL client certificate should change to ANONYM SSL Client(Anonymous)
Also, make sure the CN in trust manager (txn strust) is set to anonymous for the 'SSL Client(Anonymous)' PSE.
Thanks,
Jesse
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.