Skip to Content
0

No client certificate available, sending empty certificate message

Mar 16, 2017 at 07:46 AM

106

avatar image

Hi PI Gurus,

I see that this certificate issue has been asked a couple of times. It even has its own SAP Note 2385969.

I have tried all of those though, but we're still getting this error in xpi inspector. The patches are all updated. The client certificate used in the SOAP receiver channel which was issued by the CAs listed in the xpi inspector is trusted by the target server.

We also tried using soapUI and used PI's private client certificate key and the connection was established successfully. It's only failing when we test using xpi inspector and when we're doing the end to end test.

This is the steps we took:

1. Firewalls opened in Target server
2. Target server has provided the public key certificate chain to PI.
3. Basis deployed the whole certificate chain in NWA TrustedCAs
a. This seems to be working already based on the XPI_inspector logs
4. PI generated own certificate chain and it’s in TrustedCAs
a. PI provided the public key to target already
b. also tried using a different view but it still fails
c. Target deployed the certificate already on their side
5. Used the PI's private key in the SOAP channel
6. The SSL Provider service was restarted already

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Andrzej Filusz Mar 16, 2017 at 08:40 AM
1

Hi,

I'm sorry for a such childish question, but have you restarted your communication channel?

Regards,

Andrzej

Show 3 Share
10 |10000 characters needed characters left characters exceeded

Yes Andrzej :) We have also restarted the SSL provider.

0

Are you pretty sure that certificate chain was imported successfully into Trusted CAs on the target side?

Have you restarted SSL service on your all dispatchers?

Regards,

Andrzej

0

Yes the contact from the target said they are sure.

By the way I noticed in the XPI inspector logs for

Verify Local SSL Client Key Pair:

that there is only one certificate even though we have an intermediary and root certs.

Private Key View/Entry: TrustedCAs/cert
Algorithm: RSA
Format: PKCS#8
Found Certificate chain with 1 elements:
Certificate: #0Certificate: #0
SubjectDN: CN:test

IssuerDN: CN=test

0