Skip to Content

FIM cannot connect to BPC web service via https

Hi,

We use SAP FIM and BPC many times.

We setup http web service connection from guide -

SAP BusinessObjects Financial Information Management Supplement for SAP BusinessObjects Planning and Consolidation, version for SAP Netweaver,

our connection url -

http://BPCsrv:8000/sap/bc/srt/rfc/sap/ujo_ws_fim/120/ujo_ws_fim/ujo_ws_fim?sap-client=120

it works fine, but now our basis team want to disable http protocol for security reasons, and all must use only httpS protocol (44300).

I tried to modify web service url to https -

httpS://BPCsrv:44300/sap/bc/srt/rfc/sap/ujo_ws_fim/120/ujo_ws_fim/ujo_ws_fim?sap-client=120

but we getting error:

com.ctc.wstx.exc.WstxIOException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

Also I tried to modify FC, Intercompany web service, but when I add "S" to http url, I get error above.

Looks like FIM/Tomcat cannot use httpS. How can I resolve it?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Nov 09, 2017 at 12:17 PM

    Hi Daulet

    This is not really a FIM/Tomcat issue.

    The source/target (EPM) systems can all be configured with HTTPS. and the error you see is simply the fact that the URL FIM calls is not accepting the SSL.

    No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

    See for example: https://stackoverflow.com/questions/38205947/sslhandshakeexception-no-appropriate-protocol

    Marc

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Marc,

      Thanks for your reply.

      Now our basis team decided to use SAP Web Dispatcher between FIM and BPC network (like saprouter/firewall).

      WebDispatcher HTTPS ---> redirect to BPC http (SSL_ENCRYPTION=0).

      I began to setup connection through WebDispatcher, I had some problems at beginning. At first BPC datastore connection test (url through webdispatcher) I found that FIM uses SSL3 protocol, WebDispatcher uses TLS1.2, also I added lines in Tomcat --> Java configurations options

      -Djdk.tls.client.protocols=TLSv1.2
      -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1

      At second connection test I got new error -

      PKIX path building failed: unable to find valid certification path to requested target

      I also googled, and found that need to add webdispatcher ssl certificate to tomcat keystore, SO via keytool utility I added webdispatcher certificate to default keystore (cacerts). Then I added options to Tomcat --> Java:

      -Djavax.net.ssl.trustStore=C:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\sapjvm\jre\lib\security\cacerts
      -Djavax.net.ssl.trustStorePassword=changeit

      But now I got new error:

      com.ctc.wstx.exc.WstxIOException: java.security.cert.CertificateException: No X509TrustManager implementation available

      But then I can't find any information about that error, can you help me please?

      fim-err.jpg (74.4 kB)
  • Nov 13, 2017 at 05:17 PM

    Hi

    Have you checked these:

    https://wiki.scn.sap.com/wiki/display/CPM/Configuration+of+SAP+BW+system+for+BPC+10+NW+integration+with+FIM+10

    SAP notes:

    2337042 - SSL certificate upgrade - impact on SAP EPM applications

    2012668 - SSL error while creating a BPC NW datastore - FIM10.0

    Add comment
    10|10000 characters needed characters exceeded