Skip to Content
avatar image
Former Member

Howto use SSL-2 (https) and .pfx certificate in SOAP cc - padding error!

I'm working on a rfc to soap scenario in PI 7.1, and I must connect PI to some external web services through https.

We must use a two-sided SSL connection (SSL-2), we received a .pfx certificate to achieve this.

SAP Basis installed the certificate in the (java)nwa. In the SOAP communication channel i can choose the installed ceritifcate when i set the 'Configure Certificate Authentication'. Tried this, got the "error: iaik.security.ssl.SSLException: Padding length error: 106"

Other option tried is to set the 'Select security profile'and choose Web Services Security. Then in the receiver agreement i can set the certificate for the encryption and/or decryption. Various scenario's tried, not succesful. We've seen that the pfx certificate contains two certificates (private and public one). But in the receiver agreement there is no choice between those two, we can only select the .pfx

We also added a user with transaction EXTID_DN. Still got the same error.

Does somebody have a suggestion what to do? Must we split the .pfx certificate in two separate files/certificates? Do we use the incorrect DN/CN in the EXTID_DN?

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Oct 04, 2010 at 12:46 PM

    Hi,

    What is your requirement ? The "2-sides" concept of SSL, what is it exactly ? Or does it simply mean that you're going to connect to a SSL target providing a SSL client certificate ?

    Usually, you import the SSL target's CA chain (ie Verisign CAs, etc) into the NWA key store, provide the CA chain for your own SSL client cerificate to the target and configure channels accordingly

    Rgds

    Chris

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Ok, we've solved the problem. Because i've got a new job i cannot get to the pi data. So my answer is as good as i can reproduce it out of my head.

      We had to use two way ssl. The file (certificate?) we received contained two certificates. The file was imported as client certificate and as server certificate. Then in PI on the receiver determination and the receiver agreement i chose the appropriate certificate. And voila, worked like a charm!