Hi folks,

We are trying to set up a scenario with an external partner where we are sending content via FTPS to their server. We will log on to their system using X.509 client certificates.

We are having issues in getting this to work properly. Our system has been SSL enabled, a server certificate is installed, etc ...

We have configured the channel to use X.509 certificates and filled in the keystore and certificate reference.

When we try to connect then we get an SSL error ... When we look at the trace then an exception is occuring on the following code:

com.sap.aii.security.lib.net.ssl.impl.IAIKSSLContextInternalImpl#sap.com/com.sap.aii.af.app#com.sap.aii.security.lib.net.ssl.impl.IAIKSSLContextInternalImpl.getClientCredentials(Principal[], byte[], PublicKey)

#/Applications/ExchangeInfrastructure/Security#Plain###Could not retrieve key and cert to use for X.509 client authentication. Trying anonymous SSL connection.#

It seems that XI is not able to get the configured certificate out of its store ... and then just doens't present a client certificate ?

We have a couple of questions:

a) Can we use the public key of our server certificate as client certificate ? ( This is done all the time with other software ) ... Or do we need to generate a specific client certificate ...

b) The description on the communication channel says: "X.509 Certificate and Private Key" - it sounds like you need to configure 2 values here but via the dropdown list only one can be selected ... I am just asking as we tried it obviously with only 1 value and that didn't work.

c) Do we need to use a specific key store and/or are special authorizations needed by any kind of internal XI user to access the store ? For the moment our server certificate is sitting in the store 'service_ssl'

Thanks,

Steven