on 08-05-2008 4:38 AM
Hi,
We have a scenario where we need to connect to external FTPS server, pull the files from there and process them and send them to XI. And I getting the Server certificate rejected by ChainVerifier Error.
I went through some forums and also SAP NOTE: 821267, according to the note I download the root certificate for VeriSign and put it into the XI server's Trusted CA Store under Key Storage, and still we get the same error.
This is the certificate from VeriSign:
CERTIFICATE
[ creationDate ]: Mon Aug 04 16:35:11 GMT 2008
[ DN ]: OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
[ issuerDN ]: OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
[ validNotBefore ]: Mon Jan 29 00:00:00 GMT 1996
[ validNotAfter ]: Tue Aug 01 23:59:59 GMT 2028
[ signAlgorithm ]: md2WithRSAEncryption (1.2.840.113549.1.1.2)
[ fingerprint ]: 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
[ subjectKeyIdentifier ]: <none>
[ publicKey ]:
[ algorithm ]: RSA
[ format ]: X.509
In the Communication Channel I'm using this parameters:
Connection Security FTPS (FTP over SSL/TLS) for Control and Data Connection
Command Order AUTH TLS, USER, PASS, PBSZ, PROT
Unchecked Use X.509 Certificate for Client Authentication
Any Idea?
Kind regards,
Luis Diego
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The problem is occurred at ChainVerifier, therefore u ll have to make sure that u have loaded all the certificates in ur J2EE keystore Trusred CA's.
Regards,
Prateek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
1. Is the certificate used by your FTPS server signed by verisign or is it a self signed certificate? If it is a self signed certificate, then make sure you import the Certificate in the TrustedCA's.
2. Everytime you import a certficate in the TrustedCA's make sure you restart the Keystore service in the VA, Not sure if this is a bug or by design but we found this the hard way after days of sweating.
3. Make sure that the hostname used in the FTP channel matches the common name used in the Certificate of the FTPS server.
4. If still no luck, import the certificate of the FTPS ( if signed by a CA ) into the keystore and give this a shot.
I had the same error, until I stumbled on this thread this morning,
Regards,
Bhavesh
User | Count |
---|---|
84 | |
10 | |
9 | |
8 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.