on 07-25-2014 10:13 AM
Hi all,
B1if version: 1.19.3
I need to make a connection to a ssl webservice.
For this I use the Call HTTP atom, because then I can control the complete payload (header + body) of the soap message.
I imported the certificate in a truststore which I configured in the control center.
After running the call, I get following error:
<Payload Role="C" id="atom2" statusNo="HTTP" statusMsg="" reference="atom3" sysid="" payload="atom3" throwException="false">
<http.header />
<httaError xmlns="urn:com.sap.b1i.xcellerator:upltdoc" HTTPcode="" HTTPmsg="">
<exceptionMsg>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure</exceptionMsg>
<returnData />
</httaError>
</Payload>
My connection setup is as followed (left out sensitive info offcourse)
<connect>
<destProtocol>https</destProtocol>
<destHost>myenv.myhost.com</destHost>
<destPort>443</destPort>
<destPath>mypath/sub</destPath>
<query />
<proxyHost>myproxy.net</proxyHost>
<proxyPort>8080</proxyPort>
<method>post</method>
<authentification>none</authentification>
<user />
<password />
<user2query />
<password2query />
<trustStoreURI>com.sap.b1i.vplatform.directory/System/truststore.jks</trustStoreURI>
<keyStoreURI /> </connect>
The payload xml is very basic, just a request to logon to the webservice and get back a token
<payload>
- <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
- <s:Header>
<Action xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none" s:mustUnderstand="1">https://mycompleteurl.com</Action>
</s:Header>
- <s:Body xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <login xmlns="https://mycompleteurl.com">
<username xmlns="">USER</username>
<password xmlns="">*********</password>
</login>
</s:Body>
</s:Envelope>
</payload>
Can anyone help me with this?
In what direction should I look?
Thanks,
Joeri
Hi Joeri,
following description sets up a SSL handshake connection between Client and Server.
The client (B1iF) is identifying himself using the trustStoreURI and the server is defined by the keyStoreURI, where the certificate needs to be uploaded.
Did you already upload the file .keystore into B1if BizStore to use it as trustStore?
.keystore has a self-signed certificate of the B1i server and can be found in <B1i-Installation folder>\Tomcat\webapps\B1iXcellerator
To upload the file please use the B1i Control Center -> Maintenance -> BizStore Upload:
Press "Submit" and check the uploaded file via B1i Control Center -> Configuration -> Certificate Admin by selecting the chosen BizStore-URI.
The used alias is "tomcat". The password which is needed to see "Further details" can be found in <B1i-Installation folder>\Tomcat\conf\server.xml.
For your external certificate e.g. *.pfx please use the same method for upload with following Payload-Type Settings: bpm.pltype=pfx.
Now you can use both certificates as keyStore and trustStore by filling following parameters in your xslt payload:
<connect>
<!--the connect section is optional - you can also define a reference to the sld-->
<destProtocol>https</destProtocol>
<destHost>your host</destHost>
<destPort>443</destPort>
<destPath>your path</destPath>
<query></query>
<proxyHost>your webproxy</proxyHost>
<proxyPort>your web proxy port</proxyPort>
<method>POST</method>
<authentification>x509</authentification>
<user>user of your external certificate</user>
<password>password of your external certificate</password>
<user2query></user2query>
<password2query></password2query>
<trustStoreURI> /com.sap.b1i.vplatform.directory/Certificates/Tomcat.jks</trustStoreURI>
<keyStoreURI>/com.sap.b1i.vplatform.directory/Certificates/<externalCertificate>.pfx</keyStoreURI>
</connect>
Best regards
Bastian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
100 | |
11 | |
10 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.