Skip to Content

Reg certificate error in REST adapter

Hi,

I have RFC synchronous to REST synchronous scenario. The REST adapter is https and I have used client certificates. The client certificates have all the three certificates root,intermediate and leaf which I have imported into NWA keystore.

Now when we process a message from ECC to third Party we are facing issue and message log in PI as well as XPI inspector shows the below error message:


PI REST channel ping: error retrieving certificates

Message login PI:

Returning to application. Exception: com.sap.engine.interfaces.messaging.api.exception.MessagingException:

com.sap.aii.adapter.rest.ejb.security.SSLException: SSL-enabled call failed.

General error in SSL connection Cannot store non-PrivateKeys

XPI inspector:

Private Key View/Entry: TrustedCAs/netlock_gold ERROR: NOT A KEY-PAIR

Exception occurred: Unable to recover the key: java.security.KeyStoreException: Not a certificate entry at com.sap.engine.services.keystore.impl.KeyStoreEntry.getKey(KeyStoreEntry.java:222) at com.sap.xi.tools.inspector.checks.SignatureCheck.checkEntry(SignatureCheck.java:792) at com

Can anyone let me know is there anything we need to check at PI end with respect to certificates?

Thanks & Regards,

Neehtu

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jun 04 at 11:55 AM

    Hi Neehtu,

    the error you get is usually thrown when client certificate authentication is used without an actual client certificate. Are you sure you need client certificate authentication? If you only have the certificate chain of the receiver endpoint then that should be used for the connection establishment but not for authentication. In this case (this is the usual case) you should just put the certificates in the TrustedCA keystore, uncheck the "Client Certificate Authentication" in the REST receiver channel.

    Best regards,
    Mate

    Add comment
    10|10000 characters needed characters exceeded

    • Hi All,

      I am able to send message now to the third party. It was an issue with the prefix ns1 which was not acceptable in the xml at the client side. Now I am getting the successful response.

      I need a clarification on error response. We have two different structures for successful response and error response. They have values in the payload when anyone of the xml is sent to PI from third party. I am able to achieve sending the successful response back to ECC. But I am stuck with how to send the response of exception to ECC.

      Can anyone let me know how to achieve this?

      Thanks and Regards,

      Neethu