on 2017 Jul 04 7:12 PM
Request clarification before answering.
Pablo,
Hope you have downloaded the latest Ariba certificates from : https://connect.ariba.com/ACgo/1,,169928,00.html?bypass=1
and Have downloaded in STRUST under SSL CLIENT (Anonymous) . After doing this go go SICM and restart you ICM and check once.
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Pablo,
I hope you have downloaded the completed chain certificate in strust ssl ; The root , intermediate and the leaf certificate.
And also please check if ICM parameter is enabled to support https. Please do ICM restart once u have imported the SSL chain cert. If you are still facing the issue please raise the trace level and provide the log.
Br,
Manoj
Manoj,
ICM Paramaters
STRUST - Anonymous
The log HTML
HTTP/1.0 500 Native SSL error..Date: Fri, 07 Jul 2017 16:40:12 GMT..Server: SAPNetWeaver Application Server..Connection: close..SAP-ICMCLNTERROR:407..SAP-ICMERRORDETAIL: SSL%20handshake%20with%20s1-eu.ariba.com%3a443%20failed%3a%20SSSLERR_CONN_CLOSED%20(-10)%0aRemote%20Peer%20has%20closed%20the%20network%20connection%0a%0aSapSSLSessionStartNB()%3d%3dSSSLERR_CONN_CLOSED%0a%0a..Content-Length: 1995 ..Content-Type: text/html... .<html> <head> <title>ApplicationServer Error</title>..<style type="text/css">..body { font-family: arial, sans-serif;}..</style>..</head>..<BODY text="#172972link="#808080" vlink="#808080"..alink="#8e236b"bgcolor=white leftmargin="0" topmargin="0"..marginheight="0" marginwidth="0">.. <table height="61" width="100%"border="0" cellspacing="0"..cellpadding="0"> <tr> <td background=".."..height="30"> <table> <tr> <td width=5/> <td width=20% nowrap> <font face=arial size="-1" color=white>SAP NetWeaver Application Server..</font> </td> <td width=75%align="right" nowrap> <font face=arial..size="-1" color="white"> <a href="http://help.sap.com/">Help..</font> </td> <td width=5% nowrap> </font> </td> </tr> </table>.. </td> <td rowspan=2 width=122 height=61 valign=top> <img src=..".." width=122 height=61 border=0alt="SAP"> </td>..</tr> <tr> <td background=".." height="31">.. </td> </tr>..</table>.. <br> <br>..<table width=800>..<tr> <td width=50 nowrap>..</td> <td>..<H2> <b>500 Native SSL error</b> </H2> <hr>..SSLhandshake with s1-eu.ariba.com:443 failed: SSSLERR_CONN_CLOSED (-10)<br> <br> <br> <pre>Remote Peer has closed thenetwork connection..SapSSLSessionStartNB()==SSSLERR_CONN_CLOSED..</pre>..<tableborder="0">..<tr> <td>Error:</td> <td>-14</td> </tr>..<tr> <td>Version:</td> <td>7450 </td> </tr>..<tr> <td>Component:</td> <td>ICM</td> </tr>..<tr> <td>Date/Time:</td> <td>Fri Jul 07 11:40:12 2017.</td> </tr>..<tr> <td>Module:</td> <td>icxxconn.c</td> </tr>..<tr> <td>Line:</td> <td>2272</td> </tr>..<tr> <td>Server:</td> <td>..</td> </tr>..<tr> <td>Error Tag: </td> <td>{0000009d}</td> </tr>..</table>..<p/>..</td> </tr> </table>..<table> <tr> <td width=50 nowrap/>..<tdnowrap> <FONT SIZE=-1> <a href="http://www.sap.com/">© 2001-2015, SAP AG</a> </FONT>..</td> </tr> </table>..</body> </html>..
SOA MANAGER LOG
Regards
It looks like all settings are fine not sure why you still have this error. And i believe you have already restarted ICM after importing certificate .i recently implemented SSL connection with s1.ariba.com with SHA2 certificate but that was through PI -mediated connectivity.
I believe you already have the correct certificate . But however SSL handshake error can occur due to certificate error or it may be due to mismatching SSL/TLS version . If i remeber correctly Ariba supports both TLS 1.1 and 1.2 currently. As they wont end the TLS 1.1 at end of this September.
Found these however:
s1-eu.ariba.com public certificate is there in : https://connect.ariba.com/AC_Content_Details_Page/1,,2_167947,00.html
Setting up SSL in ABAP engine : SAP note : 510007 - Setting up SSL on Application Server ABAP
Br,
Manoj
Pablo,
You are not supposed to use URL : https://s1-eu.ariba.com/Buyer/fileupload?realm=<xyz> via Browser as this uses PUT/GET operation to upload the file.
If you want to use it from browser you may use https://s1-eu.ariba.com/Buyer/Main?realm=<xyz>.
Additional check this link for your issue : https://connect.ariba.com/AC_Content_Details_Page/1,,161_171865,00.html
Br,
Manoj
Hi Pablo,
I personally have never tried to invoke these services via external tool like postman/soap ui but ideally it should work . but looking so far at your issue i still have a belief that this is something go to do with the SSL thing as you are able to hit the server .
Have you raised SR for Ariba support for this ? Any inputs from them ?
Br,
Manoj
Hi Pablo,
I remember Ariba is upgrading to TLS v 1.2 i.e but i had got some info from ariba team that they would continue to support TLS V1.1 till Sep 09 2017 .
But your error clearly says the handshake has failed and there are no hello messages exchanged . So if possible i would suggest you to upgrade your JCE library to support TLS V1.2 not sure how that is done at ECC end.
But before doing this it better to raise a service request to ariba support team to confirm on SSL/TLS version they currently support.
Br,
Manoj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.