Skip to Content
avatar image
Former Member

problem with ssl certificate

Hello everyone!

I have a scenario wherein I am trying to connect SRM to a marketsite through XI.

SRM (Purchase Order) ---> XI (marketplace adapter) ---> Marketsite

The URL of the marketsite is of the type HTTPS so I am using certificate logon as the method for authentication.

Please tell me whether this is the right thing to do:

1. Create a self-signed certificate in the "Key Storage" of the visual administrator.

2. Export the certificate and have it installed in the marketsite.

3. Configure the marketplace com. channel in the integration directory to use the private key I used to generate the certificate I sent to the marketsite.

Having done that, I am get a "server rejected by chain verifier" error in the message monitoring tool.

Here are some other questions:

1. Should I create a new View for the certificate and private key, or should I create the certificate in the existing "service_ssl" and rename the new certificate "ssl-credentials-cert" and the private key "ssl_credentials"

2. Will a self-signed certificate work or do I need to get it signed by a CA before importing the response.

3. If a self-signed certificate will work, do I need to add another certificate in the "TrustedCAs" view?

4. If I should import a certificate response from a CA, where can I get the certificate of the CA?

I know these are a lot of questions, but I'd really appreciate all the help I can get from you guys. Please avoid posting links to other threads as I have pretty much read all of them.. 😊

Warm regards,

Glenn

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Jun 29, 2007 at 02:57 AM

    follow-up question,

    If I'm trying to connect to the marketsite, what should the Common Name (CN) be, the hostname of marketsite, or of the XI server?

    warm regards,

    glenn

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Glenn,

      Let me explain the scenario without client certificate Logon (User and password) first .

      When you want to communicate with marketsite in secure manner, get the certificate of the CA (Certifying Authority) who has signed market site Cert. and add it to Trusted CAs view in Visual Admin of XI. Sometimes it may be a CA certificate chain.

      If that certificate is self-signed, add the market site certificate itself in to Trusted CAS of Vis.Admin of XI.

      Certificate Logon:

      This is for ur (XI servers) Identity to Marketsite.

      In Visual Admin KeyStorage create a view or in any of existing views create a Private Key and Public key (Certificate) pair representing XI Server (CN should be hostname of XI server). Get the public Key signed by CA and import the Certificate in Visual Admin.

      Now in Configuration select view and the Private Key just created for XI's Identity.

      PS: There may be some steps in Marketsite too in case of Certificate logon like Adding XI certificate to something like Trusted CAS of Marketsite.You can get better picture from guys administrating the Marketsite..

      Try these options and post the results in forum.

      Good Luck.

      Regards,

      Sudharshan N A