cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Server certificate rejected by ChainVerifier - FTPS server

Former Member

on ‎08-05-2008 4:38 AM

0 Kudos

Hi,

We have a scenario where we need to connect to external FTPS server, pull the files from there and process them and send them to XI. And I getting the Server certificate rejected by ChainVerifier Error.

I went through some forums and also SAP NOTE: 821267, according to the note I download the root certificate for VeriSign and put it into the XI server's Trusted CA Store under Key Storage, and still we get the same error.

This is the certificate from VeriSign: 


CERTIFICATE
      [ creationDate ]: Mon Aug 04 16:35:11 GMT 2008
      [ DN ]: OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
      [ issuerDN ]: OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
      [ validNotBefore ]: Mon Jan 29 00:00:00 GMT 1996
      [ validNotAfter ]: Tue Aug 01 23:59:59 GMT 2028
      [ signAlgorithm ]: md2WithRSAEncryption (1.2.840.113549.1.1.2) 
      [ fingerprint ]: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
      [ subjectKeyIdentifier ]: <none>
      [ publicKey ]: 
            [ algorithm ]: RSA
            [ format ]: X.509

In the Communication Channel I'm using this parameters: 


Connection Security	FTPS (FTP over SSL/TLS) for Control and Data Connection
Command Order		AUTH TLS, USER, PASS, PBSZ, PROT
Unchecked		Use X.509 Certificate for Client Authentication

Any Idea?

Kind regards,

Luis Diego

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-06-2009 8:23 PM
0 Kudos

Thanks

Show replies
Show replies
prateek
Active Contributor
‎08-05-2008 6:21 AM
0 Kudos

The problem is occurred at ChainVerifier, therefore u ll have to make sure that u have loaded all the certificates in ur J2EE keystore Trusred CA's.

Regards,

Prateek

Show replies
Show replies
hemant_chahal
Contributor
‎08-05-2008 7:02 AM
0 Kudos

If you have loaded your certifictaes perfectly in abap and java stack, values should appear in the key store which you gave at the time of loading,check the option x.509 for client authentication. as the format of certificate in X.509.

Former Member
‎08-05-2008 3:09 PM
0 Kudos

Hi Prateek,

What do you mean about all the certificates ? I just download the root key from VeriSign as a .cer file and I imported into our J2EE Key Storage -> Trusted CA.

What am I doing wrong?

Regards,

Luis Diego

Former Member
‎08-06-2008 3:42 PM
0 Kudos

Any Idea ?

Regards,

Luis Diego

bhavesh_kantilal
Active Contributor
‎08-08-2008 3:18 AM
0 Kudos

Hi,

1. Is the certificate used by your FTPS server signed by verisign or is it a self signed certificate? If it is a self signed certificate, then make sure you import the Certificate in the TrustedCA's.

2. Everytime you import a certficate in the TrustedCA's make sure you restart the Keystore service in the VA, Not sure if this is a bug or by design but we found this the hard way after days of sweating.

3. Make sure that the hostname used in the FTP channel matches the common name used in the Certificate of the FTPS server.

4. If still no luck, import the certificate of the FTPS ( if signed by a CA ) into the keystore and give this a shot.

I had the same error, until I stumbled on this thread this morning,

Regards,

Bhavesh

Ask a Question