Skip to Content
0

ICF Error when receiving the response: ICM_HTTP_SSL_ERROR

Nov 21, 2017 at 09:54 AM

825

avatar image

Hi

I am facing one issue with standard Accounts Outbound IDoc Integration of ByDesign with SAP ERP (S4HANA). I have created the Communication Arrangement and when I try to Test the connection I am getting the following error.

SOAP:1.023 SRT: Processing error in Internet Communication Framework: (“ICF Error when receiving the response: ICM_HTTP_SSL_ERROR”)

Clearly it looks like SSL certificate error. I have created the certificate in SAP ERP Web Dispatcher and uploaded ByDesign's "Edit Certificate Trust List" But looks like something is something is wrong with the certificates.

I have searched for the issues and found the following possible issues/solutions from SAP help:

https://help.sap.com/viewer/abfba1342cfb4832ab722fa041f6c4b7/1708/en-US/9e0026c1d94348a8bf78d61a9406cca8.html

SSL error. This error may occur for several reasons. Depending on the reason, proceed as follows:

  • Reason1:The configured port exists but is not an SSL port.

    Action: Correct the port number in the Communication Arrangement view.

  • Reason2: The SSL server certificate is signed by a Certificate Authority (CA) that is unknown or not included on the trust list.

    Action: Carefully check the certificate. If it is signed by the correct CA, add the certificate from the CA to the trust list using the Edit Certificate Trust List common task in the Application and User Management work center.

  • Reason3: The server certificate is not part of the certificate chain or is sent in the wrong sequence, or the chain contains superfluous certificates.

    Action: Check that the certificate chain that the server sends complies with RFC5246.

To me it looks like reason 2 is relevant in this case. Can somebody explian how to get the certificate signed by CA? Seems like its a paid feature. Is it possible to use any dummy certificate for testing purposes?

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Knut Heusermann
Nov 30, 2017 at 04:26 PM
0

Hi Akif,

there are 2 more possible root causes, which might be worth checking:

  • The communication arrangement uses another host name than the certificate is issues to (e.g. comm. arrangement uses target host name abc.123.de, but the server certificate is issued to xy.abc.123.de). Remark: service certificates can be issued using wild cards as well to use one certificate for multiple system, e.g. *.abc.123.de).
  • NATing in remote network forwards to an invalid IP address/port, e.g. ERP systems often have HTTPS ports other than 443, but externally visible port on the firewall is 443.

Best regards,
Knut

Share
10 |10000 characters needed characters left characters exceeded