cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL certificate error

former_member434498
Participant

on ‎04-18-2012 7:58 AM

0 Kudos

Hi SCN,

Good day.

We have recently renewed our SSL certificate for SAP PI 7.1 system and asked our trading partners to update and install our new certificate.

After the update, everything seems to be fine with other partners which use HTTP as transport protocol. However, we are encountering the below error with one of our partner which use HTTPS.

Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found #

Previously, the connection seems to work using the old SSL certificate.

Some facts:

  1. Our old certificate is provided by Verisign and the new one is supplied by Entrust.
  2. Keysize of the old and new are 1024 and 2048, respectively.

Could you let us know what is causing the error?

Is it possible that the new SSL certificate from Entrust is not applicable for HTTPS connection?

Is there a specific certificate for HTTP and HTTPS connection?

Thank you,

Carlo

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎08-06-2013 7:47 PM
0 Kudos

Hello Clemente Carlo Borja,

We are connecting to webmethods AS2  server. I am facing a similar issue and getting SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate #  too. In our case we are using client authentication additionally. Is is possible for you to recall more about what your partner did.

My partner is telling me everything is correct on there so exact information would be helpful

Show replies
Show replies
former_member434498
Participant
‎05-11-2012 10:50 AM
0 Kudos

Hi All,

Thank you for all your inputs.

After weeks of troubleshooting this issue, we have finally solved it.

Apparently the cause of the "SSL Handshake - Bad certificate error" is that the trading partner did not trust our public certificate.

The partner is using Webmethods application and after placing our public certificate on their trustedCA the connection worked fine.

Show replies
Show replies
Former Member
‎08-06-2013 7:46 PM
0 Kudos

This message was moderated.

Former Member
‎04-18-2012 9:32 AM
0 Kudos

Hello,

have you updated the cert in Java and ABAP stack properly?

Have you replaced the old certificate everywhere and restarted the Java-stack? Maybe the connection still refers to the old cert and therefore cannot complete the SSL handshake to encrypt the HTTP connection (which makes it HTTPS).

As HTTP isn't encrypted no SSL-certificate is required as already mentioned.

Regards,

Phillip

Show replies
Show replies
former_member434498
Participant
‎04-19-2012 10:22 AM
0 Kudos

We are using SAP PI 7.1 and all certificates (own and partner) are stored in NWA. All certificates are properly installed as we are able to use HTTP connection without problems.

I have learned that HTTPS connection over AS2 use encryption on the HTTP layer (through SSL) and on message layer (through SMIME).

Is there a different keystore for storing the certificate for the HTTP layer?

Does this error indicate that we have missing certificate for HTTP layer?

SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found #

former_member434498
Participant
‎04-20-2012 8:15 AM
0 Kudos

Hi All,

I was able to eliminate the error "No trusted certificate found" by pointing the SSL Certificate - Server Certificate (Keystore) found in the receiver comm. channel to the partners certificate.

However upon sending a test message, I get the error a bad certificate error.

SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate # .

Anyone know how to solve this issue?

Former Member
‎04-21-2012 4:16 PM
0 Kudos

Is it possible that the certificate is in another format than before?

Maybe in a format the receiver doesn't understand?

Another idea to think of:

Are you using mutual authentication?

That means, that not only the server needs to authenticate via SSL-certificate (which is one-way-authentication and always needed to establish an SSL-connection) but also the client has to present its cert to the server with whom he's communicating.

Therefore it has to be considered if the PI is on the server-side of the connection or on the client side. And the certificates for either situation has to be present.

markangelo_dihiansan
Active Contributor
‎04-18-2012 8:55 AM
0 Kudos

Hello,

It looks like a transport level issue, were you able to install your renewed certificate into your PI system? The HTTP connections will work because a certificate is not required.

Regards,

Mark

Show replies
Show replies
Ask a Question