on 12-10-2019 10:26 AM
I have been trying to set up Enterprise Messsaging service with on-premise folloing this blog from pspaolo here https://blogs.sap.com/2019/09/16/sap-enterprise-messaging-for-s4hana-on-premises/ .
I am trying this out in my SCP trial account. Competed following steps:
=> Created instance for Even Messagig service in CF
=> Generated Service Key and have got the client ID, Client secret and token endpoint.
=> Created role with Admin role templates and added to the backend user.
=>Uploaded certifictes in STRUST
=> Created RFC Destination and using the proxy details also to bypass firewall -
But connection test is failing.
When i do the test connection , a popup appears to pass on the credentials. I tried with my SCP credetials , but it fails with 401 unauthorized error.
Not ,sure whats wrong...Any clue??
=> Did the OAuth 2.0 Account setup as shown below (again maintained the proxy details here also)
=> Did the channel and paramers setup
When I am trying to activate the Channel it also fails with below error.
If anyone could please help me to resolve these issues .
Appreciate your help with this.
Thanks
Vijay
Hi Vijay,
as stated in the documentation: export ALL the certificates from the certificates path. There are 3 certificates in total that you need to import into STRUST. After importing and saving, please don't forget to restart the ICM.
Also please have a look which PSE file is bing used to do the SSL handshake, so we can check if the certificates have been imported in the correct PSE.
Regards,
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks a lot Tobias for your wonderfullsupport.
After Uploading all the 3 certificates it still didn't work, then i added the certificates to the Anonymous PSE also (were added to Satandard earlier) and now it worked. I am able to test Channel connection successfully.
Thanks again Tobias!
Viajy
Hi Vijay,
The 401 error when testing the RFC destination is normal. You can't logon with your SCP credentials as this needs an OAuth token. But with that you already know that the endpoint is reachable from your on-prem system.
Can you check in the ICM trace (TA: /nSMICM) if there are any errors listed when you trigger the communication check for the Channel? You might need to increase the log level.
Regards,
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Tobias for your respose.
So, i assume my RFC destination is all good..
For Channel Communication test, i looked at the ICM trace and i can see the STRUST certificate verification failiure error.
*** ERROR => SSL handshake with p376567trial.authentication.eu10.hana.ondemand.com:443 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)
I am not sure why as i have already uploaded the certificate in STRUST.
here is the Certificate i have uploaded in STRUST.
Thanks
Vijay
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.