Skip to Content

Connecting SAP PO to salesforce

Hi,

I am trying to connect salesforce from SAP PO using soap adapter. While login (using UDF), I am getting below error. This is a fresh PO and salesforce setup.

Cause Exception: 'java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'

Let me know if we need to install any certificate in SAP PO or salesforce. I am able to connect via SOAPUI using the same details (just username and password).

Thanks,

Ashish

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

9 Answers

  • Best Answer
    Oct 30, 2017 at 08:02 PM

    Hi Ashish,

    Sometimes you need to import more than one certificate

    Try to find the root certificate, y the chain connection

    This sample you can find in the Zcaler Inermediate, other certificate,

    Zcaler Root, other certificate.

    Try to import all

    Regards

    Juan

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 31, 2017 at 06:31 PM

    Hello Ashish,
    Check what exact secure protocol and cipher suite is used during connection. I suspect that Elliptic-Curve Cryptography cipher suite is suggested by SF server. Such suites are not supported in default secure library configuration by PI. Please refer to SAP Note 2284059 and check the possible workaround. There are followings:

    • define custom list of supported cipher suits (e.g. cipherSuite=TLS_DHE_RSA_WITH_AES_128_CBC_SHA256). But be aware that in such case all the default ones will become rejected, hence you have to list them in SSLContext.properties file as well.
    • limit the highest possible secure protocol for particular endpoint host, i.e. protocolVersions=<SF_server_host>:<SF_port>(TLS10,TLS11). In such case you will limit the highest possible TLS protocol for communication with SF server host to 1.1 and avoid any compliant issues with cipher suits in TLS 1.2 version.

    Best regards,
    Vadym

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 28, 2017 at 07:51 PM

    Hi,

    Do you install the certificate on SAP PI system ? Are you using HTTPS + SSL ?

    I recommend you test via HTTP first, if works, it means that the HANDSHAKE for HTTP + SSL it´s missing the install of the certificate at SAP PI system.

    Regards,

    Viana.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 30, 2017 at 04:22 PM

    Thanks for the response.

    I installed self-signed certificate generated from Salesforce in PO , but still not working.
    Let me know what am I missing.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 30, 2017 at 04:26 PM

    Hello Ashsih,

    Did you add the certificates in the Trusted CAS of NWA?

    Try restarting the JAVA stack once else use XPI to track what is the exact cause.

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 30, 2017 at 06:46 PM

    Hi,

    Getting the below error.

    10/30/2017 11:19:42.254 AMInformationMP: processing local module localejbs/ sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean10/30/2017 11:19:42.258 AMInformationXISOAP: XI message received for processing10/30/2017 11:19:42.258 AMInformationXI packaging (bulk mode) is not enabled. Switching to normal processing....10/30/2017 11:19:42.258 AMInformationSOAP: Request message entering the adapter processing with user PIREPPOD10/30/2017 11:19:42.264 AMInformationSOAP: Target url: https://10/30/2017 11:19:42.402 AMErrorFailed to call the endpoint: Error in call over HTTP: HTTP 0 null10/30/2017 11:19:42.402 AMErrorSOAP: Call failed: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorSOAP: Error occurred: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorMP: exception caught with cause com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
    Add comment
    10|10000 characters needed characters exceeded

  • Oct 30, 2017 at 09:24 AM

    Hi Ashish,

    Are you using HTTPS enforced URL in the SOAPUI??

    If So you can able to see the certificate in the SOAPUI which can be exported as Keystore from browser and same can be used in SAP PI Truststore, I hope it will resolve your issue.

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 01, 2017 at 09:13 AM

    Hi Ashish,

    Is this to get session id from SFDC login API or this is a data call?

    FYI, SFDC expects one session id appended in the HTTP header for any data call.

    Thanks,

    Apu

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 06, 2017 at 12:18 PM

    Thanks for all the inputs. I am able to resolve it by extracting the certificate from the target URL through browser and import it in TrustedCAs.

    Add comment
    10|10000 characters needed characters exceeded