$(function () { pageContext.i18n.modTalk = 'moderation talk'; pageContext.i18n.replyToComment = 'Reply'; pageContext.i18n.modTalkEmpty = 'moderation talk is empty'; pageContext.url.getModTalk = "/comments/%25ID%25/listModTalk.json"; pageContext.url.possibleCommentRecipients = "/comments/%ID%/possibleRecipients.json"; pageContext.url.commentEdit = '/comments/%25ID%25/edit.html'; pageContext.url.commentView = '/comments/%ID%/view.html'; pageContext.i18n.commentVisibility = { 'full': 'Viewable by all users', 'op': 'Viewable by the original poster', 'mod': 'Viewable by moderators', 'opAndMod': 'Viewable by moderators and the original poster', 'other': 'Advanced visibility', 'dialogTitle': 'Comment visibility', 'selectGroups': 'Visible to groups', 'selectOther': 'Other recipients', 'selectOriginalPoster': 'Original poster', 'selectModerators': 'Moderators', 'selectAssignees': 'Asked to answer users' }; pageContext.i18n.commentMenuLabels = { 'comment-edit': 'comments.menu.edit', 'comment-delete': 'comments.menu.delete', 'comment-convert': 'comments.menu.convert' };pageContext.i18n.answer= { bestAnswer: 'Best Answer', controlBar : { accept: 'Accept', unaccept: 'Unaccept', acceptCommand: 'Accept this answer as correct', cancelAcceptedCommand: 'Remove this answers accepted status' } }; window.croles = { u: false, op: false, m: false, og: false, as: false, ag: false, dc: false, doc: false, eo: false, ea: false }; tools.init({ q: { e: false, ew: false, eo: false, r: false, ro: false, d: false, dow: false, fv: false, c: false, co: false, p: false, tm: false , ms: false, mos: false }, n: { f: false, vf: false, vfo: false, vr: false, vro: false, c: false, co: false, vu: false, vd: false, w: false, wo: false, l: false }, c: { e: false, eo: false, d: false, dow: false, ta: false, tao: false, l: false }, a: { e: false, ew: false, eo: false, d: false, dow: false, a: false, aoq: false, ao: false, tc: false, tco: false, p: false, tm: false }, pc: croles }, { tc: true, nsc: true }); commandUtils.initializeLabels(); }); Skip to Content

SOAP Receiver SSL certificate - SSLCertificateException: Peer certificate rejected by ChainVerifier

Hi

i'm working on a soap receiver interface which is configured for the given location "https://www.xxxxxxx" but when i run the interface i'm receiving the following error:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

I assume we needed a certificate and hence obtained from the service providers and installed it:

My config is:

certificate details:

please any help to validate if my config are okay and how to resolve the issue?

keystore.jpg (214.7 kB)
soap-recv.jpg (81.6 kB)
cert.jpg (31.9 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • Apr 19, 2017 at 03:27 AM

    Hi,

    Uncheck Configure Certificate Authentication and then place the Root Certificate (Fabxxxxx) in the TrustedCAs keystore (the red one in your screenshot).

    Regards,

    Mark

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 17, 2017 at 05:13 AM
    Add comment
    10|10000 characters needed characters exceeded

  • May 09, 2017 at 03:52 AM

    Hi,

    The error you are getting is for SSL while you configure the certificate as authentication medium. As Mark said in the earlier reply, you need to configure the certificate for SSL and upload this in TrustedCA (both root and URL certificate).

    regards,

    Harish

    Add comment
    10|10000 characters needed characters exceeded

  • May 09, 2017 at 02:28 AM

    Hi Prabhu,

    Usually SSL without client authentication should be enough. The best way to test client authentication is executing the external webservice via SOAP UI. If you did not do any additional configuration, then it is ssl without client authentication. Otherwise, you would have to do these steps:

    http://geekswithblogs.net/gvdmaaden/archive/2011/02/24/how-to-configure-soapui-with-client-certificate-authentication.aspx

    Regards,

    Mark

    Add comment
    10|10000 characters needed characters exceeded

  • May 11, 2017 at 10:56 AM

    Hello Prabhu,

    There are two types of security features which are involved when you use certificates. One for the connection between the two systems which is your PI system and the third party and this is usually done using the SSL connection setup. In this case the connection is setup only if the SSL handshake happens. For this case you need to deploy the certificates from 3rd party in TrustedCAs and also send PI system certificates to the 3rd party and ensures SSL handshake takes place.

    But in your case currently you are securing on the data end, so here you securing your file with the pfx certificate and the 3rd party will be able to see the data only if he has the another pair of certificate/key which he has shared to you. As Mark has suggested for this case you need to create a separate keystore view just like the TicketKeyStore or some other keystore view which has been shown in your screenshot and deploy the pfx certificate and private key there and use this keystore view name in your Channel.

    As the link is HTTPs, you would need a SSL certificate from your 3rd party and you need to deploy this in TrustedCAs keystore view.

    Regards,

    Nitin Deshpande

    Add comment
    10|10000 characters needed characters exceeded