Skip to Content
0

SOAP Receiver Adapter – Failed to open the connection to the URL

Feb 22 at 06:06 PM

166

avatar image
Former Member

Hi, I can’t open the connection to a HTTPS Web Service, I already import the certificates into the TrustedCAs Keys, and also I check the WS into the subnet with SoapUI and works. Do I need another configuration in PI?

Thanks and Best Regards

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Harish Mistri Feb 23 at 03:17 AM
1

Hi Sebastian,

Did you check if the connection/firewall is open. It seems you are unable to reach the system. If the system is on internet and you have proxy server in the landscape, it is worth while configuring the proxy connection in received SOAP to test it.

regards,

Harish

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member Feb 24 at 09:06 PM
1

Hi,

If websevice hosted by PI, as of your case, PI Client certificate use for this communication.

Follow this blog : https://blogs.sap.com/2013/09/20/sender-soap-adapter-https-with-client-authentication/

Also, check whether you maintained .crt chain in correct keystore view or not as maintained under : http://<host>: port>/nwa/DestinationTemplates

Regards,

Anoop Rai

Show 1 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Hi Anoop, It is a receiver scenario, I having the problem consuming a 3rd party web service.

Best Regards

0
Sikander Narula
Feb 28 at 06:54 AM
1

Dear Sebastian

Please check if you can take the ICM trace from SAP PI, there you will be able to see which certificate has been rejected and you will be able to see the certificate as well

Take out the certificate, save it and add it to the Trusted CA

Also check the HTTPS webservice by directly calling it in the web browser and check all the chain of its certificates from the security button on the browser and compare them with the ones you have added in the PI

Thanks and Regards

Sikander

Show 2 Share
10 |10000 characters needed characters left characters exceeded
Former Member

Thank you Sikander, I check it (trx SMICM), even in level 3, and no tracks for the error (only the mentioned above).

Regards

0

Dear Sebastian

Please try to take the XPI inspector trace as below

Authentication - For SSL & PP Login, WSS, SSL, XI Principal Propagation issues

Thanks and Regards

Sikander

0
avatar image
Former Member Feb 23 at 02:39 PM
0

Hi Harish, the url is reachable by the PI server, the site uses TLS 1.2, so seems to load the certificates to the TrustedCAs is not enough.

the error message:

com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

Regards

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hello, check the connection by using XPI inspector tool, it should be very helpfull - https://wiki.scn.sap.com/wiki/display/XI/Tracing+PI+issues+with+XPI+Inspector+tool

Your error seems to be wrong SSL settings or problem with certificate.

1

Hi Sebastian,

Have you imported all the certificates (i.e, root,intermediate,main) certificates into trustedCA keystore.?

Regards

Pavan

2
Former Member

Jan, It seems something wrong with the certificate, I will check with the inspector to catch more info.

Pavan, I did, all the chain certificates are imported.

Thank yo both.

0

Check, whether your PI server supports SNI , it may be the cause, but it's difficult to say, since this problem can be caused by many reasons. There's a nice blog here: https://blogs.sap.com/2017/06/09/chronicles-of-a-tls-1.2-upgrade/

1