/scripts/ahub.form.attachments.js
0

Error during generate proxy class from WSDL

Dec 14, 2016 at 06:56 AM

246

avatar image

Hello Experts,

I am trying to create a service consumer for external service. In se80 i am started wizard and enter WSDL url, but getting error CX_PROXY_GEN_ERROR HTTP:404 Hostname Unknown. I saved WSDL in local file and trying again in wizard "from local file" - I get the same error. This happens for any file, even innocuous weather services, such http://www.webservicex.com/globalweather.asmx?WSDL.

In soapui i am successfully create soap project and send request to service, in visual studio - similarly. I also tried to remove information about the port from WSDL, but in this case i get error "Error in handler" without any information.

Please tell me - is somewhere in the settings to check needed. Version of system 7.4.

well - I do not know whether this value - we go out to the Internet through a corporate proxy server

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
Татьяна Мороз May 11, 2017 at 08:40 AM
0

Hi all. Thank you all for your answers, but the problem was elementary. It was necessary to make the import of certificates and from the basis - register the host in DNS

Errors arose from the fact that some namespaces were attempted to be imported from the server side

Share
10 |10000 characters needed characters left characters exceeded
Raghu Govindarajan Dec 14, 2016 at 05:24 PM
0

The last thing that you stated about the proxy server is probably the cause. When you set up a WSDL even from a file, the system tries to query the system you are trying to get data from. If you can't get the data, then you would get the error. Have you tried will an internal webservice that is on the local network? I bet that would work fine. If that does, then you would have to have the networking setup changed, so that SAP can actually communicate with these external systems.

Show 2 Share
10 |10000 characters needed characters left characters exceeded

After consultation with the system administrator, I learned that the connection to the portal are directly, bypassing the proxy

0

Based on your comment below, I think there is still a network issue that you were not able to resolve an IP address. This means you are not hitting your name server correctly. If the network was correct you should get the same SSSLERR_PEER_CERT_INTRUSTED error with either the IP or qualified name.

0
Tatyana Moroz Dec 14, 2016 at 05:48 PM
0

The problem became more clear when I entered ip address instead of the hostname. When performing RSSIDL_DESERIALIZE_DEMO I received an error SSSLERR_PEER_CERT_INTRUSTED. So we need to configure SSL on the application server - am I right?

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Check Google for SSSLERR_PEER_CERT_INTRUSTED... there are several discussions about it including this blog post. Troubleshooting Guide - How to troubleshoot the SSSLERR_PEER_CERT_UNTRUSTED (peer certificate (chain) is not trusted) issue - Security and Identity Management - SCN Wiki

0

Thanks for the answer, I followed the instructions and got a trace file that contains:

[Thr 17589128065424] *** ERROR during SecuSSL_SessionStart() from SSL_connnect()==SSL_ERROR_SSL
[Thr 17589128065424]    session uses PSE file "/usr/sap/DHD/DVEBMGS00/sec/SAPSSLC.pse"
[Thr 17589128065424] SecuSSL_SessionStart: SSL_connnect() failed  (536872221/0x2000051d)
[Thr 17589128065424]    => "Failed to verify peer certificate. Peer not trusted."[Thr 17589128065424] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 17589128065424] 0x2000051d | SAPCRYPTOLIB | SSL_connect
[Thr 17589128065424] SSL API error
[Thr 17589128065424] Failed to verify peer certificate. Peer not trusted.
[Thr 17589128065424] 0xa0600203 | SSL | ssl_verify_peer_certificates
[Thr 17589128065424] Peer not trusted
[Thr 17589128065424] 0xa0600297 | SSL | ssl_cert_checker_verify_certificates
[Thr 17589128065424] peer certificate (chain) is not trusted
[Thr 17589128065424] Certificate:
[Thr 17589128065424]   Certificate:
[Thr 17589128065424]       Subject     :CN=corporateportal.xxx.local
[Thr 17589128065424]       Issuer      :CN=iud-certsrv, DC=xxx, DC=local
[Thr 17589128065424]       Serial number:0x5f00002944d0de15fbb3a40661000000002944
[Thr 17589128065424]       Validity:
[Thr 17589128065424]         Not before  :Thu Jun  2 16:07:19 2016
[Thr 17589128065424]         Not after   :Sat Jun  2 16:07:19 2018
[Thr 17589128065424]       Key:
[Thr 17589128065424]         Key type    :rsaEncryption (1.2.840.113549.1.1.1)
[Thr 17589128065424]         Key size    :2048
[Thr 17589128065424]       PK_Fingerprint_MD5:29B8 E403 2D29 1405 2268 7E8E 00EE EA69
[Thr 17589128065424]       extensions:
[Thr 17589128065424]         AuthorityKeyId:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             Key identifier (size="20" ):B5A1C6C46DD7D933470345B8424DA573F2988230
[Thr 17589128065424]         SubjectKeyIdentifier:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value        (size="20" ):4601BBC456C35E0293977D4783E9B0CA42298FF3
[Thr 17589128065424]         Key usage:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             digitalSignature
[Thr 17589128065424]             keyEncipherment
[Thr 17589128065424]         Extended key usage:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             element#no="1":ServerAuthentication (1.3.6.1.5.5.7.3.1)
[Thr 17589128065424]             element#no="2":ClientAuthentication (1.3.6.1.5.5.7.3.2)
[Thr 17589128065424]         Alternative names:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             element#no="1":
[Thr 17589128065424]               GeneralName :GN-dNSName:corporateportal.xxx.local
[Thr 17589128065424]             element#no="2":
[Thr 17589128065424]               GeneralName :GN-dNSName:dmkdproject.xxx.com.ua
[Thr 17589128065424]             element#no="3":
[Thr 17589128065424]               GeneralName :GN-dNSName:secureportal.xxx.com.ua
[Thr 17589128065424]             element#no="4":
[Thr 17589128065424]               GeneralName :GN-dNSName:corporateportal.xxx.com.ua
[Thr 17589128065424]             element#no="5":
[Thr 17589128065424]               GeneralName :GN-dNSName:moving.xxx.local
[Thr 17589128065424]         CRL distribution points:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             element#no="1":
[Thr 17589128065424]               distribution point:
[Thr 17589128065424]                 full name:
[Thr 17589128065424]                   element#no="1":
[Thr 17589128065424]                     GeneralName :GN-uRI:ldap:///CN=iud-certsrv,CN=iud-certsrv,CN=CDP,CN=Public%20Key%20Services
[Thr 17589128065424]                   element#no="2":
[Thr 17589128065424]                     GeneralName :GN-uRI:http://www.isd.com.ua/cert/iud-certsrv.crl
[Thr 17589128065424]         Authority info access:
[Thr 17589128065424]           Significance:Non critical
[Thr 17589128065424]           Value:
[Thr 17589128065424]             element#no="1":
[Thr 17589128065424]               accessMethod:caIssuers (1.3.6.1.5.5.7.48.2)
[Thr 17589128065424]               accessLocation:
[Thr 17589128065424]                 GeneralName :GN-uRI:ldap:///CN=iud-certsrv,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Con
[Thr 17589128065424]             element#no="2":
[Thr 17589128065424]               accessMethod:caIssuers (1.3.6.1.5.5.7.48.2)
[Thr 17589128065424]               accessLocation:
[Thr 17589128065424]                 GeneralName :GN-uRI:http://www.isd.com.ua/cert/iud-certsrv.isd.local_iud-certsrv.crt
[Thr 17589128065424]         Non supported extension:
[Thr 17589128065424]           element#no="1":
[Thr 17589128065424]             Type        :ms-certificate-template (1.3.6.1.4.1.311.21.7)
[Thr 17589128065424]             Value:
[Thr 17589128065424]               SEQUENCE: None
[Thr 17589128065424]                 ObjId       :Unknown (1.3.6.1.4.1.311.21.8.3144231.324454.805045.9576173.11784182.144.11137009.
[Thr 17589128065424]                 Integer     :100
[Thr 17589128065424]                 Integer     :2
[Thr 17589128065424]           element#no="2":
[Thr 17589128065424]             Type        :ms-application-cert-policies (1.3.6.1.4.1.311.21.10)
[Thr 17589128065424]             Value:
[Thr 17589128065424]               SEQUENCE: None
[Thr 17589128065424]                 SEQUENCE: None
[Thr 17589128065424]                   ObjId       :ServerAuthentication (1.3.6.1.5.5.7.3.1)
[Thr 17589128065424]                 SEQUENCE: None
[Thr 17589128065424]                   ObjId       :ClientAuthentication (1.3.6.1.5.5.7.3.2)
[Thr 17589128065424]     Signature algorithm:sha1WithRsaEncryption (1.2.840.113549.1.1.5)
[Thr 17589128065424]     Fingerprint_MD5:61:64:0D:D8:1E:27:AA:23:DA:97:F7:84:EB:7A:9C:32
[Thr 17589128065424]     Fingerprint_SHA1:E86D B18E D0C3 DB33 0CCF 8F4D DBA4 D4E5 5650 F3BE
[Thr 17589128065424]   Verification result:
[Thr 17589128065424]     Status      :Not successful
[Thr 17589128065424]     Profile     :1.3.6.1.4.1.694.2.2.2.2
[Thr 17589128065424] << ---------- End of Secu-SSL Errorstack ----------
[Thr 17589128065424]   SSL_get_state()==0x2131 "SSLv3 read server certificate B"
[Thr 17589128065424]   No certificate request received from Server
[Thr 17589128065424] <<- ERROR: SapSSLSessionStart(sssl_hdl=fff44066600)==SSSLERR_PEER_CERT_UNTRUSTED
[Thr 17589128065424] *** ERROR => SSL handshake with 10.0.5.20:443 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)
[Thr 17589128065424] The peer's X.509 Certificate (chain) is untrusted
0
Raghu Govindarajan Dec 15, 2016 at 02:02 PM
0

Are you trying to connect to the internal server 10.0.5.20, or still testing with the external IP addresses? This is not my area of expertise, but to my untrained eye, it looks like you are trying to connect to an Internal IP address and there is an SSL certificate. The problem is that the certificate is a self signed one that it does not like.

While setting up the Logical port, can make sure that you are using the Basic Authentication with user name and password. This will bypass the SSL checks and as long as you are on your internal network, you should be fine for security.


Show 1 Share
10 |10000 characters needed characters left characters exceeded

I tried to create a new connection in sm59 because I can not create a proxy class. Trace file obtained as a result of the test this connection.

Also, I can not run SOAMANGER, while there are no messages - the transaction simply does not start

0
Skip to Content