cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Connecting SAP PO to salesforce

Go to solution
ashish_goel4
Active Participant

on ‎10-28-2017 1:45 PM

0 Kudos

Hi,

I am trying to connect salesforce from SAP PO using soap adapter. While login (using UDF), I am getting below error. This is a fresh PO and salesforce setup.

Cause Exception: 'java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'

Let me know if we need to install any certificate in SAP PO or salesforce. I am able to connect via SOAPUI using the same details (just username and password).

Thanks,

Ashish

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

juan_vasquez2
Active Participant
‎10-30-2017 8:02 PM
0 Kudos

Hi Ashish,

Sometimes you need to import more than one certificate

Try to find the root certificate, y the chain connection

This sample you can find in the Zcaler Inermediate, other certificate,

Zcaler Root, other certificate.

Try to import all

Regards

Juan

Show replies
Show replies

Answers (8)

Answers (8)

Former Member
‎10-31-2017 6:31 PM

Hello Ashish,
Check what exact secure protocol and cipher suite is used during connection. I suspect that Elliptic-Curve Cryptography cipher suite is suggested by SF server. Such suites are not supported in default secure library configuration by PI. Please refer to SAP Note 2284059 and check the possible workaround. There are followings:

  • define custom list of supported cipher suits (e.g. cipherSuite=TLS_DHE_RSA_WITH_AES_128_CBC_SHA256). But be aware that in such case all the default ones will become rejected, hence you have to list them in SSLContext.properties file as well.
  • limit the highest possible secure protocol for particular endpoint host, i.e. protocolVersions=<SF_server_host>:<SF_port>(TLS10,TLS11). In such case you will limit the highest possible TLS protocol for communication with SF server host to 1.1 and avoid any compliant issues with cipher suits in TLS 1.2 version.

Best regards,
Vadym

Show replies
Show replies
ashish_goel4
Active Participant
‎11-06-2017 12:18 PM
0 Kudos

Thanks for all the inputs. I am able to resolve it by extracting the certificate from the target URL through browser and import it in TrustedCAs.

Show replies
Show replies
apu_das2
Active Contributor
‎11-01-2017 9:13 AM
0 Kudos

Hi Ashish,

Is this to get session id from SFDC login API or this is a data call?

FYI, SFDC expects one session id appended in the HTTP header for any data call.

Thanks,

Apu

Show replies
Show replies
ashish_goel4
Active Participant
‎10-30-2017 6:46 PM
0 Kudos

Hi,

Getting the below error.

10/30/2017 11:19:42.254 AMInformationMP: processing local module localejbs/ sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean10/30/2017 11:19:42.258 AMInformationXISOAP: XI message received for processing10/30/2017 11:19:42.258 AMInformationXI packaging (bulk mode) is not enabled. Switching to normal processing....10/30/2017 11:19:42.258 AMInformationSOAP: Request message entering the adapter processing with user PIREPPOD10/30/2017 11:19:42.264 AMInformationSOAP: Target url: https://10/30/2017 11:19:42.402 AMErrorFailed to call the endpoint: Error in call over HTTP: HTTP 0 null10/30/2017 11:19:42.402 AMErrorSOAP: Call failed: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorSOAP: Error occurred: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorMP: exception caught with cause com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Show replies
Show replies
former_member186851
Active Contributor
‎10-31-2017 7:43 AM
0 Kudos

Import all certificates as Juan mentioned,If not using XPI inspector to find the exact cause.

former_member186851
Active Contributor
‎10-30-2017 4:26 PM
0 Kudos

Hello Ashsih,

Did you add the certificates in the Trusted CAS of NWA?

Try restarting the JAVA stack once else use XPI to track what is the exact cause.

Show replies
Show replies
ashish_goel4
Active Participant
‎10-30-2017 4:42 PM
0 Kudos

Yes added in Trusted CA of NWA and restarted java stack also. Still facing the same issue.

ashish_goel4
Active Participant
‎10-30-2017 4:22 PM
0 Kudos

Thanks for the response.

I installed self-signed certificate generated from Salesforce in PO , but still not working.
Let me know what am I missing.

Show replies
Show replies
former_member392441
Explorer
‎10-30-2017 9:24 AM
0 Kudos

Hi Ashish,

Are you using HTTPS enforced URL in the SOAPUI??

If So you can able to see the certificate in the SOAPUI which can be exported as Keystore from browser and same can be used in SAP PI Truststore, I hope it will resolve your issue.

Show replies
Show replies
ashish_goel4
Active Participant
‎10-30-2017 4:23 PM
0 Kudos

Thanks Rajesh, yes I am using HTTPS url.

How to export certificate from SOAPUI ?

Former Member
‎10-31-2017 6:34 PM
0 Kudos

Ashish, check this great blog about how to import the certificate into SAP PI: https://blogs.sap.com/2013/06/17/adding-certificates-to-pi/

Be careful, because you have to import the whole certificate chain to make it valid (means client, intermediate and root one as juan.vasquez2 showed in his answer).

Best regards,
Vadym

rhviana
Active Contributor
‎10-28-2017 8:51 PM
0 Kudos

Hi,

Do you install the certificate on SAP PI system ? Are you using HTTPS + SSL ?

I recommend you test via HTTP first, if works, it means that the HANDSHAKE for HTTP + SSL it´s missing the install of the certificate at SAP PI system.

Regards,

Viana.

Show replies
Show replies
Ask a Question