Skip to Content
author's profile photo Former Member
Former Member

Using SOAP Adapter to make HTTps connection

Hi All,

I have a requirement where i am using Soap Adapter to make an https connection. I looked at sdn and found below link at last comment saying that its possible. Can some one provide me some guidance how to configure these modules.

[using-soap-adapter-as-http-adapter|using-soap-adapter-as-http-adapter]

I tried configuring the soap adapter but communication channel throws error saying

"Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier"

While there is no certictae provided to us.

Can some one please guide or suggest me the steps.

Thanks

-Kulwant

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    Posted on Dec 10, 2010 at 05:27 PM

    Kulwant,

    PI is complaining about the certificate from the https server.

    If you try to open the URL you have configured in the comm channel through your browser, it'll probably show some kind of "bad certificate" message.

    On your browser, it's possible to get the server certificate from the lock icon on the status bar. Open the server certificate, go to the certificate chain (last tab) and go to the uppermost certificate in the chain. That is the root CA certificate that is not trusted by PI. Open that root CA Certificate and save the file locally (should be a .cer file, if asked, chosse Base64 format).

    Then load the .cer file into the TrustedCAs view of the Key Store service in the Visual Administrator of PI.

    Now the IAIK should stop complaining about this certificate.

    Best regards,

    Henrique.

    Add a comment
    10|10000 characters needed characters exceeded

    • Hello,

      You only need to download the chain of certificates when you have an end certificate that has a chain of two or three certs

      e.g when you double-click the end certificate and go to the certification path

      Verisign Class 3 Primary CA (Root CA)
          \----> Verisign Class 3 Secure Server CA (Intermediate CA)
           \ ----> domain.com (end certificate)
      

      you will see that there are three certs, now, to complete the chain, you also need to extract the intermediate and root ca.

      example: to extract the intermediate CA

      1. Go to certification path

      2. Click the intermediate CA

      3. Click view certificate

      4. Go to details

      5. And click copy to file (make sure that there are in the same exported format as your end certificate)

      Hope this helps,

      Mark

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.