Skip to Content

SSL certificate error

Hi SCN,

Good day.

We have recently renewed our SSL certificate for SAP PI 7.1 system and asked our trading partners to update and install our new certificate.

After the update, everything seems to be fine with other partners which use HTTP as transport protocol. However, we are encountering the below error with one of our partner which use HTTPS.

Message could not be forwarded to the JCA adapter. Reason: Fatal exception: javax.resource.ResourceException: SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found # , SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found #

Previously, the connection seems to work using the old SSL certificate.

Some facts:

  1. Our old certificate is provided by Verisign and the new one is supplied by Entrust.
  2. Keysize of the old and new are 1024 and 2048, respectively.

Could you let us know what is causing the error?

Is it possible that the new SSL certificate from Entrust is not applicable for HTTPS connection?

Is there a specific certificate for HTTP and HTTPS connection?

Thank you,

Carlo

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • May 11, 2012 at 09:50 AM

    Hi All,

    Thank you for all your inputs.

    After weeks of troubleshooting this issue, we have finally solved it.

    Apparently the cause of the "SSL Handshake - Bad certificate error" is that the trading partner did not trust our public certificate.

    The partner is using Webmethods application and after placing our public certificate on their trustedCA the connection worked fine.

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 18, 2012 at 07:55 AM

    Hello,

    It looks like a transport level issue, were you able to install your renewed certificate into your PI system? The HTTP connections will work because a certificate is not required.

    Regards,

    Mark

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Apr 18, 2012 at 08:32 AM

    Hello,

    have you updated the cert in Java and ABAP stack properly?

    Have you replaced the old certificate everywhere and restarted the Java-stack? Maybe the connection still refers to the old cert and therefore cannot complete the SSL handshake to encrypt the HTTP connection (which makes it HTTPS).

    As HTTP isn't encrypted no SSL-certificate is required as already mentioned.

    Regards,

    Phillip

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Carlo Borja

      Is it possible that the certificate is in another format than before?

      Maybe in a format the receiver doesn't understand?

      Another idea to think of:

      Are you using mutual authentication?

      That means, that not only the server needs to authenticate via SSL-certificate (which is one-way-authentication and always needed to establish an SSL-connection) but also the client has to present its cert to the server with whom he's communicating.

      Therefore it has to be considered if the PI is on the server-side of the connection or on the client side. And the certificates for either situation has to be present.

  • avatar image
    Former Member
    Aug 06, 2013 at 06:47 PM

    Hello Clemente Carlo Borja,

    We are connecting to webmethods AS2  server. I am facing a similar issue and getting SEEBURGER AS2: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate #  too. In our case we are using client authentication additionally. Is is possible for you to recall more about what your partner did.

    My partner is telling me everything is correct on there so exact information would be helpful

    Add comment
    10|10000 characters needed characters exceeded