Hi!

What happens if you test the Axis Adapter wirth the following URL:

http://<server in FQDN - e.g. http(s)://acme.com>:<port - e.g. 50000>/XIAxisAdapter/MessageServlet

Normally you should get a list of reuqired and optional component for Axis.

If it works with HTTP but not with HTTPS then HTTPS is not configured so far on your XI/PI machine.

Regards,

Volker

Hi Chopra,

Kindly refer the following SAP Notes for your issue:

Note-1303363-SOAP (Axis) Sender Adapter to Perform User Login in Handlers (SMP Login Required)

https://service.sap.com/sap/support/notes/1303363

Note-1028961-How to Prepare axisproviderlib.sda for Adapter Framework (SMP Login Required)

https://service.sap.com/sap/support/notes/1028961

Note-1039369-FAQ XI Axis Adapter

https://service.sap.com/sap/support/notes/1039369

Regards

Venkat Rao .G

Hi Volker,

Thanks for the reply.

Whenever i am checking through URL *http://port:host/XIAxisAdapter/MessageServlet * its showing the required/optional components list status OK.

However when i am checking through URL https://port:host/XIAxisAdapter/MessageServlet

its showing the page cannot be displayed.

Now my question is do i need to configure my PI machine for https?

If yes then could you please guide me the process and steps required to configure PI machine for https.

Moreover i am getting error while communication with third party and my end url is https://XYZ.

My scenario is ABAP ProxyXIWebservice(Third party) where my client wants AXIS framework in Receiver soap adapter with usernameToken security with PasswordDigest.

Please provide your inputs to solve the above issue.

Thanks in advance

Regards

Anku Chopra

Hi!

Fine. To configure your engine for HTTPS follow this link to "HTTP and SSL":

http://help.sap.com/saphelp_nwpi71/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm

Additionally - if between your PI and the partner is a proxy - you have to define the proxy data in your Plain HTTP adapter.

For details see here:

http://help.sap.com/saphelp_nwpi71/helpdata/en/43/64dbb0af9f30b4e10000000a11466f/content.htm

Hope this helps!

Regards,

Volker

Additional info. Please take this in mind:

SSL Administration in a Dual-Stack Installation

SSL communications are handled by the Internet Communication Manager (ICM) for both the AS Java and the AS ABAP servers in a dual-stack system. However, the administration tools and infrastructure for each stack are different and therefore, in a dual-stack installation, you should only perform the configuration and administration activities using one set of tools. Use either the trust manager on the AS ABAP for maintaining the SSL server PSEs, or use the Key Storage service on the AS Java for maintaining the SSL keystore entries. Note the following:

● If you create SSL server PSEs using the trust manager on the AS ABAP and later use the Key Storage service on the AS Java (or the other way around), you may get unexpected results due to conflicting PSEs.

● Configure SSL client functionality in each stack individually.

Edited by: Volker Kolberg on Aug 24, 2009 2:27 PM

HI Experts,

Thanks for the input.

Now instead of HTTPS we are using HTTP protocol to communicate with third party.

However Data is successfully sent to PI through ABAP Client Proxy but when PI is interacting with third party its giving error in RWB as

1) Success Axis: getting handler trp of java:com.sap.aii.adapter.axis.ra.transport.http.HTTPSender

2) Error Axis: error in invocation: java.net.SocketException: Connection timed out:could be due to invalid address

3)Error MP: Exception caught with cause java.net.SocketException: Connection timed out:could be due to invalid address

4)Error Exception caught by adapter framework: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address

5)Error Delivery of the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.aii.af.ra.ms.api.RecoverableException: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address: java.net.SocketException: Connection timed out:could be due to invalid address. Setting message to status failed.

6)Error The message status set to FAIL.

7)Error Returning synchronous error message to calling application: com.sap.aii.af.ra.ms.api.RecoverableException: ; nested exception is: java.net.SocketException: Connection timed out:could be due to invalid address: java.net.SocketException: Connection timed out:could be due to invalid address.

Please provide your valuable inputs on above issue.

Thanks in advance

Regards

Anku Chopra

Hi!

This indeed looks ike a network/security cause.

Again: If between your PI and the partner is a proxy you have to define the proxy data in your Plain HTTP adapter.

For details see here:

http://help.sap.com/saphelp_nwpi71/helpdata/en/43/64dbb0af9f30b4e10000000a11466f/content.htm

Additonally ask your network guys if comunication to partner using your partner url is not blocked by a reverse proxy or firewall.

You may also check this by logging in into the PI system and then use telnet for a connection test to partner system. If telnet fails you indeed have a network/security probem.

Next ask your partner if your system is registered as authenticated in his network and double-check the user userid and password to identify your PI in the partner's system.

Regards,

Volker

Hi Volker,

Thanks for the input.

Please dont take my understanding wrong.

My scenario is ABAP client proxy --> PI -->webservice (SOAP adapter with Axis Framework).(Synchrous scenario).

Please advice do i need of HTTP plain adapter here.

Thanks in advance.

Regards

Anku Chopra

Hi!

No. You may also use the SOAP Adapter - it's even the better way. Then maintain proxy here, if you have a proxy:

http://help.sap.com/saphelp_nwpi71/helpdata/en/29/5bd93f130f9215e10000000a155106/content.htm

And also you should check the other things I've mentioned before.

Good luck!

Regards,

Volker

Thanks Volker.

I am working on what you have suggested.Once done i will let you know

Regards

Anku Chopra

Hi Volker,

I am back.

We had some connectivity issues with HTTP and fortunately it got resolved.

Now as we are moving into HTTPS i am getting following error in SMICM

[Thr 2057] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"

[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL

[Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --

secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"

[Thr 2057] >> -

Begin of Secude-SSL Errorstack -

>>

[Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer

[Thr 2057] << -

End of Secude-SSL Errorstack -

[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb10)==SSSLERR_SSL_ACCEPT

[Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]

[Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH

[Thr 1286] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn

[[Thr 2828] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fb50)==SSSLERR_SERVER_CERT_MISMATCH

[Thr 2828] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn

[Thr 772] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f52770)==SSSLERR_SERVER_CERT_MISMATCH

[Thr 772] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn_

[Thr 2057] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"

[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL

[Thr 2057] SecudeSSL_SessionStart: SSL_accept() failed --

secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"

[Thr 2057] >> -

Begin of Secude-SSL Errorstack -

>>

[Thr 2057] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer

[Thr 2057] << -

End of Secude-SSL Errorstack -

[Thr 2057] SSL NI-sock: local=10.120.58.115:44300 peer=10.120.58.115:40671

[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x110f4fe70)==SSSLERR_SSL_ACCEPT

[Thr 2057] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]

Moreover do we need to create any RFC destination in sm59 for HTTP Connections to External Server to enable HTTPS.

Please provide your valuable inputs on this.

Thanks

Anku chopra

Hi!

I assume that you get the error in them ICM Dev Trace of your PI system, correct?

This sounds as if you are working with HTTPS with Certificate Authentication. And the - obviously installed - Secude SSL Software gets a bad or an invalid certificate. Please try to turn off certificate authentication and try it with HTTPS with userid and password. This is to ensure whether HTTPS work and is configured correctly in your PI system.

Regards,

Volker

Hi Volker,

I applied snote 804124 - HTTP communication with XI Adapter Engine fails and it works fine.

Thanks for all your valuable inputs on this issue.

Regard

Anku Chopra

Hi Anku!

Fine! And thank you for the points you gave to me!!!

So now enjoy your PI and have a nice weekend!

Regards,

Volker