cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using SOAP Adapter to make HTTps connection

Go to solution
Former Member

on ‎12-10-2010 4:45 PM

0 Kudos

Hi All,

I have a requirement where i am using Soap Adapter to make an https connection. I looked at sdn and found below link at last comment saying that its possible. Can some one provide me some guidance how to configure these modules.

[|]

I tried configuring the soap adapter but communication channel throws error saying

"Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier"

While there is no certictae provided to us.

Can some one please guide or suggest me the steps.

Thanks

-Kulwant

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

henrique_pinto
Active Contributor
‎12-10-2010 5:27 PM
0 Kudos

Kulwant,

PI is complaining about the certificate from the https server.

If you try to open the URL you have configured in the comm channel through your browser, it'll probably show some kind of "bad certificate" message.

On your browser, it's possible to get the server certificate from the lock icon on the status bar. Open the server certificate, go to the certificate chain (last tab) and go to the uppermost certificate in the chain. That is the root CA certificate that is not trusted by PI. Open that root CA Certificate and save the file locally (should be a .cer file, if asked, chosse Base64 format).

Then load the .cer file into the TrustedCAs view of the Key Store service in the Visual Administrator of PI.

Now the IAIK should stop complaining about this certificate.

Best regards,

Henrique.

Show replies
Show replies
Former Member
‎12-10-2010 7:19 PM
0 Kudos

Hi Henrique,

We got it uploaded but still its is the same error. I asked BASIS to upload it under Trusted CA's. He uploaded that. Is there any thing else that we need to do?

Thanks

-Kulwant

henrique_pinto
Active Contributor
‎12-10-2010 7:37 PM
0 Kudos

Is the server's certificate still valid (i.e. it wasn't revoked nor has expired)?

Try to save all the certs in the server certificate chain (including the end user certificate, the actual server one) as .cer and load them in the TrustedCAs view.

BR,

Henrique.

Former Member
‎12-10-2010 7:41 PM
0 Kudos

Hi Henrique,

yes its valid. it says Valid till 2036. But i don't see any lock sign in IE. in Mozilla i Do, I clicked on that and exported certificate. I don't know how to download the chain of certificates. I don't see them

markangelo_dihiansan
Active Contributor
‎12-14-2010 3:43 AM
0 Kudos

Hello,

You only need to download the chain of certificates when you have an end certificate that has a chain of two or three certs

e.g when you double-click the end certificate and go to the certification path


Verisign Class 3 Primary CA (Root CA)
    \----> Verisign Class 3 Secure Server CA (Intermediate CA)
     \ ----> domain.com (end certificate)

you will see that there are three certs, now, to complete the chain, you also need to extract the intermediate and root ca.

example: to extract the intermediate CA

1. Go to certification path

2. Click the intermediate CA

3. Click view certificate

4. Go to details

5. And click copy to file (make sure that there are in the same exported format as your end certificate)

Hope this helps,

Mark

Answers (0)

Ask a Question