cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOAP Receiver over SSL - server certificate troubles

Former Member

on ‎08-19-2008 4:21 PM

0 Kudos

Hello all,

I have a scenario with SOAP receiver communication channel with comunnication over SSL. In the URL there is a IP address for a reason I will not mention ... simply there must be IP address in URL and not a host name.

When I access the SOAP server with internet browser it gives me a server certificate with HOST NAME in CN. I placed this certificate to the "trusted container" in J2EEVisAdmin - Key Storage.

Now you might already suspect the trouble: the certificate CN doesn't match with URL. This is obvios error we got many times on the internet (even in e-banking sector .. but we are able to skip it with our internet browsers' possibilities.

Could I set up something in J2EE server as same as in internet browser ???

Thank you in advance.

Rgds

Tom

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

bhavesh_kantilal
Active Contributor
‎08-20-2008 4:13 PM
0 Kudos

I have seen a online SAP note or a link that states that the Hostname check can be turned of in the Visual Admin. It always is by default. Wil try to search for it.

Meanwhile this is a start you can search for as well.

Regards,

Bhavesh

Show replies
Show replies
bhavesh_kantilal
Active Contributor
‎08-20-2008 4:15 PM
0 Kudos

Got it,

SAP Note : 791655

HTTPS/SSL Properties

Property Name = [default]

messaging.ssl.httpsHandler=iaik.protocol.https.Handler

messaging.ssl.securityProvider=iaik.security.provider.IAIK

messaging.ssl.trustedCACerts.viewName=TrustedCAs

messaging.ssl.serverNameCheck=false

Description:

The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.

The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.

Regards,

Bhavesh

Former Member
‎10-09-2008 8:29 AM
0 Kudos

Hello,

yes .. this are relevant parameters.

Thank you

Rgds

Tom

former_member192295
Active Contributor
‎08-20-2008 2:01 PM
0 Kudos

HI,

Most of the time SAP communicate with internet through web dispatcher, find the below mention link i hope this will help you.

http://help.sap.com/saphelp_nw04/helpdata/en/82/5fcd8af02d07438148302ceb8b2500/content.htm

Show replies
Show replies
Former Member
‎08-20-2008 1:42 PM
0 Kudos

Hello again,

I got an idea, but need to get further hints.

Couldn't it be done in "module configuration" of sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean module in communication channel ? I mean to add some parameters for soap...

What do you think ?

Thx

Tom

Show replies
Show replies
Ask a Question