on 10-11-2013 10:21 AM
Hi All, I am trying the connection test for HMRC RFC destination and I am getting the ICM_HTTP_SSL error. The icm trace shows
Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
Thr 2314] session uses PSE file "/usr/sap/PIP/DVEBMGS00/sec/SAPSSLA.pse"
Thr 2314] SecudeSSL_SessionStart: SSL_connect() failedThr 2314] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"Thr 2314] >> Begin of Secude-SSL Errorstack >>
Thr 2314] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
Thr 2314] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "CN=VeriSign Class 3 Public Primary Ce
Thr 2314] ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
Thr 2314] << End of Secude-SSL Errorstack
Thr 2314] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
Thr 2314] SSL NI-sock: local=149.170.135.6:49916 peer=157.203.50.169:443
Thr 2314] <<- ERROR: SapSSLSessionStart(sssl_hdl=116d39bd0)==SSSLERR_SSL_CONNECT
Thr 2314] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00085b12} [icxxconn_mt.c 1957]
I understand the certificate chain is not valid, but I dont know how to get this fixed.
I followed this post and looks similar to issue I am facing. ICM_HTTP_SSL_ERROR when calling web service
Thanks,
Bharath
Hi,
"the verification of the server's certificate chain failed"
This means that client or server's certificate or your client's public certificate for that server is not ok. This is a double and asimetric key system, Server has a key pair(public and private) and client has only the public key of each server.
You should:
1-Regenerate server's certificate or be sure of certificate is properly generated. May be that it's not lapsed but internally is bad generated
2-In tr strust of server export public key of this certificate
3-In tr strust of client, import exported public key
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Jorge,
Thanks for your reply.
But my issue is similar to the one posted in http://scn.sap.com/thread/1808758 .
Now my question is..our http rfc destination is from PI server to the HMRC department and in this case which one is considered as the server ? the one at HMRC or our SAP PI server ?
Hoping for a quick reply.
Regards,
Bharath
Hi Bharath,
Did you refer the SAP note 1693957. it is related to certificate issue. install the certificates as per the note.
Refer the last reply in this thread http://scn.sap.com/thread/1808758
did you try it?
Regards
Bhargava krishna
Hi,
the server is always connection destiny, for example. If you have 2 hosts A and B. And there are connections between them:
1.Connection A to B -> B is server because it receives a petition.
B should have two pair key certificate and A should have the public key of that certificate
2.Connection B to A-> A is server because it receives a petition.
A should have two pair key certificate and B should have the public key of that certificate
3. Connection in two ways-> Point 1 and 2 must be done because both are servers or clients depending of who starts the connection.
The most important is understand that the public key is what any host uses to connect to a server, so that a host can be server now and,client after depending of who starts connection,
regards
Hi All
just for cosmetic stuff
Note 1925708 - New Government Gateway Security Certificates for eFiling
Enjoy your HMRC
a
Hi all,
Thanks for your replies.
I dont know why but I had to re import the Veri sign certificates in strust transaction and now the RFC destination is working fine.
Thanks,
Bharath
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Bharath,
Did you configure STRUST properly?
Regrads
Gagan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.