cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AS2 receiver communication channel error

Former Member

on ‎08-27-2013 5:28 PM

0 Kudos

Hi Experts ,

we are  facing the issue while sending the messages to EDI partner from PI system.below error we are getting..

ERROR:

Delivery of the message to the application using connection AS2_http://seeburger.com/xi failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: unexpected message # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: unexpected message # : javax.resource.ResourceException: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: unexpected message # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: unexpected message

if we are using trasport protocall as HTTPS we are getting above error..in communication channel also we have 2 more options below

1)server certificate (Key store)

2) Private key for client authendication

which certificate details we need to maintaine in communication channe ?

is this related Partner certificates or PI own signed certificates ?

if we are using HTTP then messages are processing sucessfully..

could you please help me here...

Regards,

Srinivas..

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎09-09-2013 4:49 AM
0 Kudos

Hi Pranil / Stefan ,

sorry for the delay i was in vacation..

our basis team has install AS2 certificate TRUSTED\AS2\XXXXXX this path ..

but they(basis) are new where can we install partner SSL certificate ?

what is the procedure to update SSL certificate?

we are using SAP PI 7.0 version..

Regards,

Srinivas.

Show replies
Show replies
S0003485845
Contributor
‎09-09-2013 11:25 AM
0 Kudos

Hi Srinivas,

in the Receiver-Channel, you have to do the following:

1. Select HTTPS as transport protocol

2. Then you will get the possibility to include the SSL Certificate/ Server Certificate

The SSL-Certificate needs to be imported to the KeyStore (any view) and then you can refer to it with the same naming convention like the AS2-certificate.

 TRUSTED\AS2\XXXXXX this path ..

Kind Regards

Stefan

Former Member
‎09-09-2013 2:24 PM
0 Kudos

yes you are correct Stefan but in some where we need to maintain or update the partner SSL certificate where we need to update...

Regards,

Srinivas.

Pranil1
Participant
‎09-10-2013 7:00 AM
0 Kudos

Hi Srinivas,

Check below blog by BASIS person.

http://scn.sap.com/docs/DOC-26145

Might be helpful.

Regards,

Pranil.

S0003485845
Contributor
‎09-11-2013 10:02 AM
0 Kudos

Hi Srinivas,

the Partner SSL-Certificate has to be stored in the Netweaver-KeyStore. If you like, you can also store it in the same VIEW that the partner AS2-Certificate.

Since the entry in the channel refers to the VIEW and the Certificate Name, like

TRUSTED\AS2\XXXXXX ..

(where AS2 is the view and XXXXX is the certificate name)

...you can import teh SSL-certificate to any view you like

But maybe it would be easiest to put it in the same view than the AS2-certificate so you donßt have to setup any additional authorizations.

Kind Regards

Stefan

Former Member
‎08-28-2013 8:04 AM
0 Kudos

HI Experts ,

could anyone help me here..

Regards,

Srinivas.

Show replies
Show replies
Pranil1
Participant
‎08-28-2013 8:23 AM
0 Kudos

Hi Srinivas,

Please check your SSL configuration.

For details, see below threads.

http://scn.sap.com/thread/957791

Link for "Certificate and Troubleshooting Guide for Seeburger - AS2 - Adapter".

http://scn.sap.com/community/pi-and-soa-middleware/blog/2013/03/19/certificate-and-troubleshooting--...

Regards,

Pranil.

former_member190624
Active Contributor
‎08-28-2013 10:12 AM
0 Kudos

Hi Srinivas,

Please cross check the certificates are properly placed in keystore and correct.

Regards

Hari.

Former Member
‎08-28-2013 12:21 PM
0 Kudos

HI Pranil/Hari ,

thanks for your responce ..

the certificates are installed correctly as Partner could able to send us the files..

we can also send the files with Transport protocol as HTTP .

when ever we used T.P. as HTTPS we could not able to send the files to partner..

with respect of AS2 receiver communication channel what below options described?

1)server certificate (Key store)

2) Private key for client authendication

which certificate details we need to maintaine in communication channe ?

is this related Partner certificates or PI own signed certificates ?

please clarify me as i am very new to EDI integration..

thanks in advance

Regards,

Srinivas..


Pranil1
Participant
‎08-28-2013 1:53 PM
0 Kudos

Hi Srinivas,

As mentioned in the 1st link that I provided,

Server Certificate (Keystore) is used to provide the Target System's Server SSL's public Certificate. 

Private Key for Client Authentication is used where PI provides its own Server SSL's private key for Mutual / Client Authentication.

When using certificate-based mutual authentication, the following actions occur:

  1.   A client requests access to a protected resource.
  2.   The server presents its certificate to the client.
  3.   The client verifies the server’s certificate.
  4.   If successful, the client sends its certificate to the server.
  5.   The server verifies the client’s credentials.
  6.   If successful, the server grants access to the protected resource requested by the client.

Regards,

Pranil.

mayank_yadav
Explorer
‎08-29-2013 10:43 AM
0 Kudos

This message was moderated.

Former Member
‎09-02-2013 9:08 PM
0 Kudos

HI Pranil ,

thanks for your explanation..

we have received the AS2 certificate from the partner and deployed in Visuval admin and partner also deployed our certificate..

still we are getting same error..

is partner SSL and AS2 are different certificates??

Regards,

Sinivas.

S0003485845
Contributor
‎09-03-2013 9:25 AM
0 Kudos

Hi Srinivas,

is partner SSL and AS2 are different certificates??

yes, in most cases these certificates are different. So I assume that you just have inserted a wrong certificate for the SSL connection.

This explains why you can use AS2 via http without problems and why your partner can send to you (since in both cases you do not have to use the SSL-certificate of your partner)

So you should either

- ask your partner for the proper SSL-certificate to be used

- or you can also try to reach the (https) URL via WebBrowser from the same system (to avoid firewall issues) and you should be able to take a look at the SSL-certificate in your Address-Bar and probably you are also able to download the SSL certificate from there.

Kind Regards

Stefan

Pranil1
Participant
‎09-04-2013 9:59 AM
0 Kudos

Yes Srinivas. The SSL and AS2 certificates are different in your case.

AS2 certificates are the message level security certificates. You might have given its details in receiver agreement.

And SSL are transprt layer security certificates, details of which needs to be given at the communication channel level.

Regards,

Pranil.

Ask a Question