cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reg certificate error in REST adapter

former_member333459
Participant

on ‎06-03-2018 10:22 AM

0 Kudos

Hi,

I have RFC synchronous to REST synchronous scenario. The REST adapter is https and I have used client certificates. The client certificates have all the three certificates root,intermediate and leaf which I have imported into NWA keystore.

Now when we process a message from ECC to third Party we are facing issue and message log in PI as well as XPI inspector shows the below error message:


PI REST channel ping: error retrieving certificates

Message login PI:

Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException:

com.sap.aii.adapter.rest.ejb.security.SSLException: SSL-enabled call failed.

General error in SSL connection Cannot store non-PrivateKeys

XPI inspector:

Private Key View/Entry: TrustedCAs/netlock_gold ERROR: NOT A KEY-PAIR

Exception occurred: Unable to recover the key: java.security.KeyStoreException: Not a certificate entry at com.sap.engine.services.keystore.impl.KeyStoreEntry.getKey(KeyStoreEntry.java:222) at com.sap.xi.tools.inspector.checks.SignatureCheck.checkEntry(SignatureCheck.java:792) at com

Can anyone let me know is there anything we need to check at PI end with respect to certificates?

Thanks & Regards,

Neehtu

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

mate_moricz
Advisor
Advisor
‎06-04-2018 12:55 PM

Hi Neehtu,

the error you get is usually thrown when client certificate authentication is used without an actual client certificate. Are you sure you need client certificate authentication? If you only have the certificate chain of the receiver endpoint then that should be used for the connection establishment but not for authentication. In this case (this is the usual case) you should just put the certificates in the TrustedCA keystore, uncheck the "Client Certificate Authentication" in the REST receiver channel.

Best regards,
Mate

Show replies
Show replies
former_member333459
Participant
‎06-04-2018 2:30 PM
0 Kudos

Hi Mate,

I have unchecked client certificate authentication in REST receiver and getting the below error while sending data from ECC via RFC:

Transmitting the message using connection RFC_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.adapter.rest.ejb.common.exception.HttpCallException: HTTP POST call to https://.. not successful. Bad Request

Also when I ping the channel I am getting the below error:

Testing HTTP options 400 Bad Request

Thanks & Regards,

Neethu

mate_moricz
Advisor
Advisor
‎06-04-2018 2:36 PM
0 Kudos

Hi Neethu,

the new error proves that the connection establishment is now successful, so the initial problem is at least solved. There is no easy way to tell you how to fix a HTTP 400 Bad request error, it's usually caused by incorrect configuration in the receiver channel. Try to collect an XPI Inspector trace with Example 50 - XI Channel and collect additionally HTTP client traces too (not the HTTP provider traces). That can help you identify what's wrong.

Best regards,
Mate

former_member333459
Participant
‎06-05-2018 3:27 AM
0 Kudos

Hi Mate,

The third party is a government website where we dont have to change anything and hence I have done simple one to one mapping in PI and just passing the request to the receiver. Hence the configuration of the REST adapter is simple where I have not used any Pattern variable replacement.

Regards,

Neethu

former_member333459
Participant
‎06-13-2018 6:36 PM
0 Kudos

Hi All,

I am able to send message now to the third party. It was an issue with the prefix ns1 which was not acceptable in the xml at the client side. Now I am getting the successful response.

I need a clarification on error response. We have two different structures for successful response and error response. They have values in the payload when anyone of the xml is sent to PI from third party. I am able to achieve sending the successful response back to ECC. But I am stuck with how to send the response of exception to ECC.

Can anyone let me know how to achieve this?

Thanks and Regards,

Neethu

Ask a Question