Skip to Content

ICF Error when receiving the response: ICM_HTTP_SSL_ERROR


I am facing one issue with standard Accounts Outbound IDoc Integration of ByDesign with SAP ERP (S4HANA). I have created the Communication Arrangement and when I try to Test the connection I am getting the following error.

SOAP:1.023 SRT: Processing error in Internet Communication Framework: (“ICF Error when receiving the response: ICM_HTTP_SSL_ERROR”)

Clearly it looks like SSL certificate error. I have created the certificate in SAP ERP Web Dispatcher and uploaded ByDesign's "Edit Certificate Trust List" But looks like something is something is wrong with the certificates.

I have searched for the issues and found the following possible issues/solutions from SAP help:

SSL error. This error may occur for several reasons. Depending on the reason, proceed as follows:

  • Reason1:The configured port exists but is not an SSL port.

    Action: Correct the port number in the Communication Arrangement view.

  • Reason2: The SSL server certificate is signed by a Certificate Authority (CA) that is unknown or not included on the trust list.

    Action: Carefully check the certificate. If it is signed by the correct CA, add the certificate from the CA to the trust list using the Edit Certificate Trust List common task in the Application and User Management work center.

  • Reason3: The server certificate is not part of the certificate chain or is sent in the wrong sequence, or the chain contains superfluous certificates.

    Action: Check that the certificate chain that the server sends complies with RFC5246.

To me it looks like reason 2 is relevant in this case. Can somebody explian how to get the certificate signed by CA? Seems like its a paid feature. Is it possible to use any dummy certificate for testing purposes?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Nov 30, 2017 at 04:26 PM

    Hi Akif,

    there are 2 more possible root causes, which might be worth checking:

    • The communication arrangement uses another host name than the certificate is issues to (e.g. comm. arrangement uses target host name, but the server certificate is issued to Remark: service certificates can be issued using wild cards as well to use one certificate for multiple system, e.g. *
    • NATing in remote network forwards to an invalid IP address/port, e.g. ERP systems often have HTTPS ports other than 443, but externally visible port on the firewall is 443.

    Best regards,

    Add comment
    10|10000 characters needed characters exceeded