cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to enable trust between SCC and On-premise system?

Go to solution
Former Member

on ‎05-24-2016 10:51 AM

0 Kudos

Hi All,

I have a problem with certificate issue among SCC and On-premise system, my scenario is:

On-Premise: expose odata service

SAP cloud connector: reverse proxy

Hana cloud platform: application container

UI5: frontend

use destinations to connect to On-premise through cloud connector, because I need load destination dynamically, so I use Java and DestinationFactory API to proxy all HTTP(HTTPS) request, when fetech request from UI5, then post request through servlet, but during connect to SCC,

I refered the guide located https://help.hana.ondemand.com/help/frameset.htm?d0c4d5675d4f4bc78a5b7a7b8687c841.html, and https://help.hana.ondemand.com/help/frameset.htm?3f974eae3cba4dafa274ec59f69daba6.html, mean to use local CA,

but there was a certificate issue, could someone kindly help me out?

HTTP Status 500 - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

very appreciate that!

thanks and best regards,

Bryan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Ulrich_Schmidt
Product and Topic Expert
Product and Topic Expert
‎05-31-2016 11:53 AM
0 Kudos

Hi Bryan,

at which point exactly do you get this exception? If it is during the connection from SCC to the backend, then it would mean that the SCC does not trust the server certificate of the backend.

You should also check, which JVM is used for running the SCC, because older ones are missing important newer root certificates. (JVM used at runtime can be seen under "About".)

Best Regards, Ulrich

Show replies
Show replies
Former Member
‎05-31-2016 12:01 PM
0 Kudos

Hi Ulrich,

Thanks for your reply, I think this is a HttpURLConnection problem, which can't bring certificate from HCP to SCC, if I use HttpDestination and then create a new HttpClient, and pass the URL to the Get method, then this can consume the odata service, and I am sure this is not caused by version of JVM, if I use HttpDestination, this issue would be escape, thanks!

Best regards,

Bryan

Ulrich_Schmidt
Product and Topic Expert
Product and Topic Expert
‎05-31-2016 12:45 PM
0 Kudos

Hi Bryan,

yes, an "end-to-end" SSL connection from HCP to backend (through the SCC) is not possible. The SCC acts as a tunnel and terminates any connection (for access control reasons).

Regards, Ulrich

former_member585626
Participant
‎10-10-2019 6:54 AM
0 Kudos

Hi Ulrich Schmidt,

I have similar problem it is described in below link, Could you please help me.

https://answers.sap.com/questions/12885308/not-able-to-connect-on-premise-from-neo-cloud-thru.html

Thanks & Regards,

Mohan Ramu

Answers (0)

Ask a Question