cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

unable to find valid certification path to requested target

former_member377357
Explorer

on ‎03-06-2017 9:17 AM

0 Kudos

hi,all.

It's an interface between ECC and external system with json dataformat.I used a REST adapter in PI and completed the configuration. But when i send message from ECC,error occured.Error message in monitor was below:

use connection SOAP_http://sap.com/xi/XI/System transfer message error,because:com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.

The external system server provided a PKCS#12 Key Pair certificate and i imported it to the trustCAS:NWA->configuration->security->certificate and keys->TrustedCAS.I try the test again,but still failed with the same error message.Should i restart the PI server or is there any other configuration i have missed?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member377357
Explorer
‎04-19-2017 5:11 AM
0 Kudos

Problem has been solved.I just open the webservice URL in brower,export the certifate and import to the TrustedCAS as above,then it worked.Seems certificates are different between server and the specific webservice.

Show replies
Show replies
MarioDeFelipe
Contributor
‎03-06-2017 11:29 AM
0 Kudos

Hello Zhu, you did well, and a restart might help, or at least restart the communication channels.

Show replies
Show replies
former_member377357
Explorer
‎03-07-2017 7:16 AM
0 Kudos

Restart didn't work.Are there any other reasons that can lead this?

MarioDeFelipe
Contributor
‎03-07-2017 6:21 PM
0 Kudos

Hello Zhu

It might be the case that you got a client certificate and not a CA certificate

In this case, you need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.

Only CA certificates goes in TrustedCA view. You can create a new view ICM_SSL_xxx or put the certificate under any existing ICM_SSL_xxx view.

Please follow the steps described here;

https://help.sap.com/saphelp_nw73/helpdata/en/4a/0142abaee3088ce10000000a421937/content.htm

I suggest if possible that you install the certificate in your browser and try to login to the HTTPS web page and see if the certificate is correct.

Ask a Question