Skip to Content
0

unable to find valid certification path to requested target

Mar 06, 2017 at 09:17 AM

1.5k

avatar image

hi,all.

It's an interface between ECC and external system with json dataformat.I used a REST adapter in PI and completed the configuration. But when i send message from ECC,error occured.Error message in monitor was below:

use connection SOAP_http://sap.com/xi/XI/System transfer message error,because:com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

The external system server provided a PKCS#12 Key Pair certificate and i imported it to the trustCAS:NWA->configuration->security->certificate and keys->TrustedCAS.I try the test again,but still failed with the same error message.Should i restart the PI server or is there any other configuration i have missed?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Mario De Felipe Mar 06, 2017 at 11:29 AM
0

Hello Zhu, you did well, and a restart might help, or at least restart the communication channels.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Restart didn't work.Are there any other reasons that can lead this?

0

Hello Zhu

It might be the case that you got a client certificate and not a CA certificate

In this case, you need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.

Only CA certificates goes in TrustedCA view. You can create a new view ICM_SSL_xxx or put the certificate under any existing ICM_SSL_xxx view.

Please follow the steps described here;

https://help.sap.com/saphelp_nw73/helpdata/en/4a/0142abaee3088ce10000000a421937/content.htm

I suggest if possible that you install the certificate in your browser and try to login to the HTTPS web page and see if the certificate is correct.

0
chuhao zhu Apr 19, 2017 at 04:11 AM
0

Problem has been solved.I just open the webservice URL in brower,export the certifate and import to the TrustedCAS as above,then it worked.Seems certificates are different between server and the specific webservice.

Share
10 |10000 characters needed characters left characters exceeded