Skip to Content
0

Reg certificate error in REST adapter

Jun 03 at 09:22 AM

49

avatar image

Hi,

I have RFC synchronous to REST synchronous scenario. The REST adapter is https and I have used client certificates. The client certificates have all the three certificates root,intermediate and leaf which I have imported into NWA keystore.

Now when we process a message from ECC to third Party we are facing issue and message log in PI as well as XPI inspector shows the below error message:


PI REST channel ping: error retrieving certificates

Message login PI:

Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException:

com.sap.aii.adapter.rest.ejb.security.SSLException: SSL-enabled call failed.

General error in SSL connection Cannot store non-PrivateKeys

XPI inspector:

Private Key View/Entry: TrustedCAs/netlock_gold ERROR: NOT A KEY-PAIR

Exception occurred: Unable to recover the key: java.security.KeyStoreException: Not a certificate entry at com.sap.engine.services.keystore.impl.KeyStoreEntry.getKey(KeyStoreEntry.java:222) at com.sap.xi.tools.inspector.checks.SignatureCheck.checkEntry(SignatureCheck.java:792) at com

Can anyone let me know is there anything we need to check at PI end with respect to certificates?

Thanks & Regards,

Neehtu

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Mate Moricz
Jun 04 at 11:55 AM
0

Hi Neehtu,

the error you get is usually thrown when client certificate authentication is used without an actual client certificate. Are you sure you need client certificate authentication? If you only have the certificate chain of the receiver endpoint then that should be used for the connection establishment but not for authentication. In this case (this is the usual case) you should just put the certificates in the TrustedCA keystore, uncheck the "Client Certificate Authentication" in the REST receiver channel.

Best regards,
Mate

Show 4 Share
10 |10000 characters needed characters left characters exceeded

Hi Mate,

I have unchecked client certificate authentication in REST receiver and getting the below error while sending data from ECC via RFC:

Transmitting the message using connection RFC_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: com.sap.aii.adapter.rest.ejb.common.exception.HttpCallException: HTTP POST call to https://........ not successful. Bad Request

Also when I ping the channel I am getting the below error:

Testing HTTP options 400 Bad Request

Thanks & Regards,

Neethu

0

Hi Neethu,

the new error proves that the connection establishment is now successful, so the initial problem is at least solved. There is no easy way to tell you how to fix a HTTP 400 Bad request error, it's usually caused by incorrect configuration in the receiver channel. Try to collect an XPI Inspector trace with Example 50 - XI Channel and collect additionally HTTP client traces too (not the HTTP provider traces). That can help you identify what's wrong.

Best regards,
Mate

0

Hi Mate,

The third party is a government website where we dont have to change anything and hence I have done simple one to one mapping in PI and just passing the request to the receiver. Hence the configuration of the REST adapter is simple where I have not used any Pattern variable replacement.

Regards,

Neethu

0

Hi All,

I am able to send message now to the third party. It was an issue with the prefix ns1 which was not acceptable in the xml at the client side. Now I am getting the successful response.

I need a clarification on error response. We have two different structures for successful response and error response. They have values in the payload when anyone of the xml is sent to PI from third party. I am able to achieve sending the successful response back to ECC. But I am stuck with how to send the response of exception to ECC.

Can anyone let me know how to achieve this?

Thanks and Regards,

Neethu

0