cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AS Java HTTPs Error opening socket: javax.net.ssl.SSLHandshakeException

Go to solution
dastefl_muc
Explorer

on ‎06-15-2016 12:10 PM

0 Kudos

In order to encrypt the communication between IDM and AS Java during the Initial load or any other jobs, you may want to use HTTPs instead of HTTP for a JAVA server. However, if you choose the https protocol, you may get an error in Initial Load job. Error message looks like this

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


CERT have been imported -> jre/lib/security


someone has similar problems ?


many many thanks

Stefan

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

dastefl_muc
Explorer
‎06-29-2016 6:46 AM
0 Kudos

solution http://scn.sap.com/community/idm/blog/2014/06/20/as-java-initial-load-with-https 1) JRM Directories on the server /usr/sap/SID/sapjvm_6/jre/lib/security 2) Check Show which cacerts store certificates keytool -list -keystore cacerts You will be prompted to enter the password for the store. The default password is changeit http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html 3) Export certificate from the browser's Java system 4) Import the certificate with the help of the following command keytool -keystore cacerts -importcert -alias SID -file SID.cer 5) follow-up keytool -list -keystore cacerts best regards Stefan

Show replies
Show replies
jrondorf
Participant
‎06-29-2016 7:23 AM
0 Kudos

Yes, that's what I have written above already.

Answers (1)

Answers (1)

jrondorf
Participant
‎06-15-2016 3:40 PM
0 Kudos

You have to import the ssl certificate of the remote server into the JRE of the IdM runtime.

Show replies
Show replies
dastefl_muc
Explorer
‎06-16-2016 5:59 AM
0 Kudos

Hi Jannis, I hope the right have installed,, NWA -> Konfiguration -> Certificates and keys. by selection SSL: Configuration Best regards,

jrondorf
Participant
‎06-16-2016 7:39 AM
0 Kudos

Did you installed them into NWA or into the JRE? How to import a .cer certificate into a java keystore? - Stack Overflow

dastefl_muc
Explorer
‎06-16-2016 7:57 AM
0 Kudos

Installs in NWA and in keystore JRE please refer instructions.  http://scn.sap.com/community/idm/blog/2014/06/20/as-java-initial-load-with-https This is because the Java‘s server certificate is not trusted by your IDM java program.  All you need to do is to add server's (or root) certificate into JRE's default trust store. The JRE's trust store is located under jre/lib/security. The file name is cacerts without extension. Try command keytool -importcert -file RootCA.crt -keystore cacerts thank you

jrondorf
Participant
‎06-16-2016 8:21 AM
0 Kudos

Sorry, I cannot follow you.

Please post again if you continue having problems. Thanks.

dastefl_muc
Explorer
‎06-16-2016 8:46 AM
0 Kudos

where should the certificates be deposited

jrondorf
Participant
‎06-16-2016 9:23 AM
0 Kudos

OK, once again.

1. You want to connect to an AS Java Server via SSL.

2. You have to download SSL the certificates from AS Java via NWA.

3. You have to import these certificates via the java keytool command line program into the keystore (file) of the Java Runtime (JRE) the IdM runtime is using. The certificates are stored inside this JRE keystore file.

Ask a Question