https://community.sap.com/t5/application-development-and-automation-discussions/https-call-from-sap-soap-client-tool/m-p/2187400#M465952 <HTML><HEAD></HEAD><BODY><P>Hi Rene,</P><P>You need to include the full certificate chain in the p12 file. i.e. private cert and root CA cert. IE will not export the full certificate path with the private certificate unless it was imported into IE with this flag set. You could use Firefox to generate the pks12 file. It will include the full certificate path.</P><P>This private certificate (p12 file) should then be added to the truststore in XI.</P><P></P><P>Also, .p12 (pkcs#12) file format defines a file format commonly used to store private keys with accompanying public key certificates - not just private keys.</P><P></P><P>Hope this helps.</P><P>Bryan</P></BODY></HTML> Mon, 30 Jul 2007 15:12:29 GMT Former Member 2007-07-30T15:12:29Z https://community.sap.com/t5/application-development-and-automation-discussions/https-call-from-sap-soap-client-tool/m-p/2187399#M465951 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>in order to call a webservice via https using the SAP SOAP client tool, I've done the following:</P><P></P><P>1. The Client cert field filled with my personal certificate from IE (pcert.pfx)</P><P>2. The Trust store field left as it was (cacerts file of the jre).</P><P></P><P>When calling the service I am getting </P><P>javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found</P><P></P><P>Very likely this is caused by setting 2.</P><P></P><P>Could anybody advise how to get an X.509 certificate of trusted root CAs? Any chance to export from IE or would one have to get that from a CA? File types required are ppfx or p12, which is strange since these contain private keys.</P><P></P><P>Much appreciated.</P><P>Rene Funke</P></BODY></HTML> Thu, 10 May 2007 15:36:48 GMT https://community.sap.com/t5/application-development-and-automation-discussions/https-call-from-sap-soap-client-tool/m-p/2187399#M465951 Former Member 2007-05-10T15:36:48Z https://community.sap.com/t5/application-development-and-automation-discussions/https-call-from-sap-soap-client-tool/m-p/2187400#M465952 <HTML><HEAD></HEAD><BODY><P>Hi Rene,</P><P>You need to include the full certificate chain in the p12 file. i.e. private cert and root CA cert. IE will not export the full certificate path with the private certificate unless it was imported into IE with this flag set. You could use Firefox to generate the pks12 file. It will include the full certificate path.</P><P>This private certificate (p12 file) should then be added to the truststore in XI.</P><P></P><P>Also, .p12 (pkcs#12) file format defines a file format commonly used to store private keys with accompanying public key certificates - not just private keys.</P><P></P><P>Hope this helps.</P><P>Bryan</P></BODY></HTML> Mon, 30 Jul 2007 15:12:29 GMT https://community.sap.com/t5/application-development-and-automation-discussions/https-call-from-sap-soap-client-tool/m-p/2187400#M465952 Former Member 2007-07-30T15:12:29Z