Skip to Content
avatar image
Former Member

SSL in Soap receiver communication channel

Hi,

I have a webservices that works fine in Soap UI. The webservice provider uses the SSL, but works like a web browser, doesn´t need to install a certificate before access the webservice.

But when i try to use SAP PI using the soap receiver communication channel, the soap adater return the follow message:

"Peer certificate rejected by ChainVerifier"

I read some thing about using axis to solve this problem but I can´t find anything to configure this scenario.

If someone had this problem and solved it, i will apreciate the help.

Thanks

Fabricio

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

5 Answers

  • avatar image
    Former Member
    Jun 26, 2010 at 04:38 PM
    The webservice provider uses the SSL, but works like a web browser, doesn´t need to install a certificate before access the webservice

    But the error messages seems the webserver is expecting the certificate autentication. Ideally Peer certificate rejected by ChainVerifier" means , you need to install all your client certificate( Root Certifivate, Leaf certificate) in your client. Here it is your PI java stack.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 27, 2010 at 05:14 AM

    Can you Please Check if it helps..

    Enabling SSL and Client Certificates on the SAP J2EE Engine

    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16

    check the note 694290 if it helps

    Regards,

    Srinivas

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 29, 2010 at 12:22 AM

    Fabricio,

    But when i try to use SAP PI using the soap receiver communication channel, the soap adater return the follow message:

    "Peer certificate rejected by ChainVerifier"

    What all configuration you have done in PI for SSL settings? You don't need axis to resolve this issue. I feel that you have missed some configuration step in PI.

    Give the details so that some one can help you.

    Regards,

    Neetesh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Jun 29, 2010 at 02:35 AM

    I Have 2 communication channel:

    1) This works fine

    Adapter Type: SOAP

    Receiver

    Transport Protocol: HTTP

    Message Protocol: SOAP 1.1

    Adapter Engine: Integration Server

    Target URL: https://gw-homologa.serasa.com.br/wsacheixml/wsacheixml.asmx

    SOAP Action: https://sitenet05.serasa.com.br/WSAcheiXML/WSAcheiXML/ConsultaAchei

    2) This doesn´t work

    Adapter Type: SOAP

    Receiver

    Transport Protocol: HTTP

    Message Protocol: SOAP 1.1

    Adapter Engine: Integration Server

    Authentication: Basic

    User/Password

    Target URL: https://treina.spc.org.br/spc/remoting/ws/consulta/consultaWebService

    SOAP Action: blank

    Both are https and the certificate is sent at communication time (There isn´t a certificate to install in the Key Store in Visual Administrator)

    I read that Axis manage this kind of integration with webservices, because the certificate must be installed at the moment of sending http request.

    I don´t know why the first interface works fine an the another doesn´t work, then I´m trying with Axis.

    In the SOAP UI both interfaces work fine.

    Thanks

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Aug 10, 2010 at 03:53 PM

    Hi Fabricio,

    Did you resolve your problem?

    I accessed both the URLs and I noted some differences betweeen the two sites/ certificates.

    1) Serasa is its own CA for its SSL/ HTTPS certificate. The other is GlobalSign

    2) Serasa uses cryptographic keys with 128 bits. The other uses 256 bits

    3) Serasa does not requires user and password to connect to its UDDI. The other site requires additional authentication with user/ password.

    I´m looking for some solution for a similar problem. I didn´t identify yet where the problem is into my PI system. I imported the entire chain (that forms the certificate) individually for the site both on DEFAULT and TrustedCAs views on Key Storage, without results.

    Regards,

    Rodrigo Aoki

    Add comment
    10|10000 characters needed characters exceeded