cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Unable to replace(import) a certificate(.pfx file) in SAP PI NWA via PKCS#12 Key Pair menu

Go to solution
Sankar
Explorer

on ‎02-04-2024 9:22 PM

0 Kudos

Hi Experts,

We are trying to replace the certificate that got expired in our non-production environment for an urgent testing of a critical change and doing the import (.pfx file) through “Import Entry” option in SAP PI NWA.

Path: NWA -> Configuration -> Certificates and Keys -> Key Storage
Key Storage View: TrustedCAs

And then follow the way as below:

View Entries -> Import Entry
Select entry type: PKCS#12 Key Pair

We have a .pfx file and a password available to enter and do the import thereafter.

Once we do the import, we are getting below error:

Sankar_0-1707080868173.png

ERROR:  -> ID21108: [Liaik.asn1.ASN1Object; (loaded by com.sap.engine.boot.loader.ResourceMultiParentClassLoader@0x00000007f0069ed8) cannot be cast to [B

Note: None of our other non-production systems were able to import the certificate. We tried to revert the kernel version from 1200 to 1117 (as recommended in the post Solved: Import P12 keypair in java instance fails - SAP Community), but still, it didn't work.

Any help to resolve this issue would be highly appreciated (since the interface is very critical which is related to bank file) as the production certificate expiry is nearing and needs to be replaced soon (within next 7 days).

Thank you.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Sankar
Explorer
‎02-05-2024 11:20 PM
0 Kudos

We followed the workaround mentioned in the note 3243600 - Importing PKCS#12 certificate in NWA fails - ID21108: Invalid PBE algorithm parameters - S... and the issue is resolved.

Show replies
Show replies

Answers (1)

Answers (1)

Sriram2009
Active Contributor
‎02-05-2024 4:43 AM
0 Kudos

Hi Sankar

Check this SAP note 2780699 it may help you.

Regards

SS

Show replies
Show replies
Sankar
Explorer
‎02-05-2024 5:17 AM
0 Kudos

Hi Sriram,

Thank you for the response.

Checked this already and the error we are getting is not the same as mentioned in the note 2780699 - ClassCastException when importing CSR response to AS Java - SAP for Me. Still, we followed the resolution steps to create .p7b file and tried doing the import, but it wasn't working. The .pfx file that was provided to us by the third party contained 1 private key and 2 certificates (main and root). So, we need to import either .pfx or .p12 file which will contain these 3 entries (1 private key and 2 certs).

Also we referred other SAP notes 2631536 - Certificate can not be imported - Certificate KeyStoreException - Index out of range - SAP... and 2301662 - Upload of PKCS12 entries fail in the Key Storage or SSL Configuration on NWA - SAP for Me where the suggestion is to remove the problematic keystore view and recreate. This seems to be risky for us since we have several other certificates in our TrustedCAs.

Kindly help us in case you have any other information related to this issue.

Ask a Question