Skip to Content

SOAP RECEIVER SSL Problems

Dear Community,

I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.

Regards,

S.Socratous

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • avatar image
    Former Member
    Jul 20, 2010 at 12:53 PM

    Hi Socratous,

    If the webserver is accepting only https requests, then we can configure the SOAP reciever to send the requests through SSL by using the installed certificates.

    While configuring the SOAP receiver channel, you need to check 'Configure certificate authentication' and select the appropriate keystore entry.

    See if you are able to send the request without error now.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      First, the CN = Full name of the host or IP address of the server.

      Second, to debug the SSL you may refer to note:

      #1019634 - Troubleshooting SSL problems

      And last check again if the certificate is a TrustedCA.

      If rejected, the cause could be that.

      Regards,

      Caio Cagnani

  • Jul 20, 2010 at 12:54 PM

    Hello,

    Generally it's a connectivity behaviour. Check if you have setup the connection to

    the receiver and also check the explanation regarding 500 Internal Server Errors:

    *Description: The server encountered an unexpected condition which prevented it from fulfilling the request.

    Possible Tips: Have a look into SAP Notes u2013 804124, 807000*

    It may be also a problem with the SSL certificate. So, check if it's not expired;

    The correct server certificate may be not present in the TrustedCA keystore view of NWA .

    Please ensure you have done all the steps described in these url (this is for 7.11):

    Security Configuration at Message Level

    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000

    00a42189b/frameset.htm

    You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);

    Last, if the end point of the SOAP Call(Server) is configured to accept

    a client certificate(mandatory), then make sure that it is configured

    correctly in the SOAP channel and it is also within validity period.

    (This certificate is the one which is sent to Server for Client

    authentication)

    Hope that helps.

    With regards,

    Caio Cagnani

    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      thanks for the answer. I have check the notes that you have mention and all relative setups. The steps I did were:

      • import the certificate of the server(web service) I am calling in the TrustedCA keystore View *Note: this is a test cetrificate *

      • check the ssl-credentials (not expired)

      What happens is that during SSL handshake as soon as the first response comes from the web service.. in SAP XI I get an HTTP 500 . I was able to put a tcpgateway in between, so I can see that i am reaching the web service is sending something back encrypted and in SAP XI I get HTTP 500????. The problem is that I can not see what exactly goes wrong during SSL handshake. Does the certificate of the web service must be a valid Certificate??? Or can SAP XI work with a certificate issue by the web service itself...(as long as I have imported it in the TrustedCA view)??

      Please advice.

  • Jul 22, 2010 at 06:53 AM

    I use the SOAP Module parameter XMBWS.NoSOAPIgnoreStatusCode = true in order to see the response. The SSL handshake was ok after importing the CA root certificate. Now the problem is internal to the web service. Thanks all for the advice.

    Add comment
    10|10000 characters needed characters exceeded