Dear All,
I am trying to set up a HTTP destination (type G, HTTP connections to external server). The target external server demands client authentication when i send data/ping from SAP XI to it.
1. I imported the public certificate from the external party under SSL client (standard), through transaction STRUST.
2. Exported the SAP XI server certificate, got it signed by our local CA and provided the same to the external party. They have confirmed that the certificates have been imported on their server.
3. I imported the CA certificate that was used to sign our server certificate under SSL server.
When i try to test the connection from sm59 -> connection test, i get error ICM_HTTP_SSL_ERROR.
In smicm ->trace file, i see the following
********************************************************************************************************************
ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
session uses PSE file "/usr/sap/FXD/DVEBMGS22/sec/SAPSSLC.pse"
SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
Begin of Secude-SSL Errorstack
WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
End of Secude-SSL Errorstack
SSL_get_state() returned 0x000021d0 "SSLv3 read finished A"
SSL NI-sock: local=172.19.129.32:60517 peer=160.83.52.59:443
ERROR: SapSSLSessionStart(sssl_hdl=0x6000000000843e80)==SSSLERR_SSL_CONNECT
ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
********************************************************************************************************************
Could you please give me any pointers on the cause of this error and its possible solutions?
Kind Regards,
Thomas.