cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ICM_HTTP_SSL_ERROR

Former Member

on ‎07-25-2005 5:15 PM

0 Kudos

Hello,

Is anyone there to help us to resove this error in XI?

We are getting ICM_HTTP_SSL_ERROR when we try to test the connection in HTTP connections for external servers from SM59.

      • ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

session uses PSE file "/usr/sap/X10/DVEBMGS13/sec/SAPSSLA.pse"

SecudeSSL_SessionStart: SSL_connect() failed

_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

>> Begin of Secude-SSL Errorstack >>

ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "OU=Secure Server Certification Authority, O=

get_path: (27/0x001b) Found root certificate of <OU=Secure Server Certification Authority, O="RSA Data Security, Inc.",

verify_with_PKs: (27/0x001b) Found root certificate of <OU=Secure Server Certification Authority, O="RSA Data Security,

<< End of Secude-SSL Errorstack

SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

No certificate request from Server

<<- ERROR: SapSSLSessionStart(sssl_hdl=0x60000000058257d0)==SSSLERR_SSL_CONNECT

->> SapSSLErrorName(rc=-57)

<<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

Can we get xi to bypass server side certificates ( like the businnesconnector use to? )

Thanks in Advance.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

gregorw
Active Contributor
‎08-08-2006 10:33 AM
0 Kudos

Hello,

perhaps the Blog: <a href="/people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https">Calling WebServices from ABAP via HTTPS</a> helds a solution for you.

Regards

Gregor

Show replies
Show replies
Former Member
‎08-26-2005 7:56 AM
0 Kudos

Hi

We had similar problem with XI connection to external company thrue https(ssl)

First you need to install SAPCryptografic lib's

Our solution was to add the external comp. certificate to STRUST -> SSL Client(Standard) and SSL Server.

Then i created a RFC connection to that company using SSL

(Please note to use the DNS name Not Ip-Adress )

The RFC should get a response(we got a http-500) since we dont sent any data.

In XI we set the adapter to use a HTTP(RFC) connection Not a URL connection from the Integration Directory

And so far it looks good, but we are not finished yet we still are working to get the acknowledge from the external company.

I hope this helped

Best regards

Tord

Show replies
Show replies
Former Member
‎07-25-2005 5:36 PM
0 Kudos

Hi,

Check if the Keystore for the certficate is "Anonymn" Key store, may be it is now "Default" Key store. not sure if it helps, but you can try

Regards

Vishnu

Show replies
Show replies
Former Member
‎07-25-2005 10:55 PM
0 Kudos

Thanks for your reply Vishnu..

we have instaled the certificate to resolve this error but if we try to test the connection in SM59 we are getting the below error now

HTTP BODY

BOUNDARY##Content-type: text/html##Content-length: 138####<HTML>##<HEA

D>##<TITLE>UPS Internet Software</TITLE>##</HEAD>##<BODY>##<P>UPS Intern

et Software, Copyright UPS 1998</P>##</BODY>##</HTMBOUNDARY##Con

tent-type: application/x-ups-psmpld##Content-length: 104####UPSOnLine%nu

ll%6931%6806Input format is invalid. (GET not supported)

##BOUNDARY##Content-type: application/x-ups-pld##Con

tent-length: 110####00010000009710000008800026806Input format is invalid

. (GET not supported) ##BOUNDARY-

and in the SXMB_MONI - the error message is ICM_HTTP_Connection_failed.

Do you have any idea?

Thanks.

Former Member
‎07-26-2005 6:47 AM
0 Kudos

Hi Murugadass,

Check if the RFC you have created for the HTTP conenction to external server is correct.Becoz this error only cimes when the RFC Destnation is not created properly.

I think there is some problem with the parameters for external servers.

Give the details of ur RFC destination to understand ur problem.

Regards

Arpit Seth

Former Member
‎07-26-2005 5:31 PM
0 Kudos

Hello Arbit,

These are the setting i have maintained in my RFC.

The connection type is G

under the techincal settings I have give my

Target host , path and service no.

under the log on security tab

SSL client certificate : Default SSL client(standard)

SSL : Active

Under the tab special Options

Time out :ICM Default Time out

HTTP version:HTTP 1.0

Compressed Response:No

Accept cookies :yes

Please let me know if i have missed anything.

Thanks in Advance!

Former Member
‎07-26-2005 7:59 PM
0 Kudos

Hi Murugadass,

glad that you are out of the first erorr. You can follow the previous steps and also try to use HTTPS post (and not GET). hope this fixes your error.

you can also try to use basic authentication option with "Anonym" keystore & give any login id pwd.. (in logon & security)

Hope this helps

Regards

Vishnu

Former Member
‎07-27-2005 7:50 PM
0 Kudos

Hi Murugadass,

Your RFC Destination looks like it's currently setup to use SSL client certificates for authentication. Is that how you are authenticating with the site? Likely not. I would assume that the site either doesn't require authentication or it requires a username and password.

1) If the site doesn't require authentication, change the Logon Procedure to 'No Logon'.

2) If the site requires a username and password, change the Logon Procedure to 'Basic Authentication' and then enter a username and password below.

Once you do either of these, the entry under SSL client certificate should change to ANONYM SSL Client(Anonymous)

Also, make sure the CN in trust manager (txn strust) is set to anonymous for the 'SSL Client(Anonymous)' PSE.

Thanks,

Jesse

Former Member
‎07-27-2005 10:23 PM
0 Kudos

Also adding on to Wolff's statement make SSL inactive in sm59...It should work.

-Teresa

Ask a Question