on 10-28-2017 1:45 PM
Hi,
I am trying to connect salesforce from SAP PO using soap adapter. While login (using UDF), I am getting below error. This is a fresh PO and salesforce setup.
Cause Exception: 'java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier'
Let me know if we need to install any certificate in SAP PO or salesforce. I am able to connect via SOAPUI using the same details (just username and password).
Thanks,
Ashish
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ashish,
Check what exact secure protocol and cipher suite is used during connection. I suspect that Elliptic-Curve Cryptography cipher suite is suggested by SF server. Such suites are not supported in default secure library configuration by PI. Please refer to SAP Note 2284059 and check the possible workaround. There are followings:
Best regards,
Vadym
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for all the inputs. I am able to resolve it by extracting the certificate from the target URL through browser and import it in TrustedCAs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashish,
Is this to get session id from SFDC login API or this is a data call?
FYI, SFDC expects one session id appended in the HTTP header for any data call.
Thanks,
Apu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Getting the below error.
10/30/2017 11:19:42.254 AMInformationMP: processing local module localejbs/ sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean10/30/2017 11:19:42.258 AMInformationXISOAP: XI message received for processing10/30/2017 11:19:42.258 AMInformationXI packaging (bulk mode) is not enabled. Switching to normal processing....10/30/2017 11:19:42.258 AMInformationSOAP: Request message entering the adapter processing with user PIREPPOD10/30/2017 11:19:42.264 AMInformationSOAP: Target url: https://10/30/2017 11:19:42.402 AMErrorFailed to call the endpoint: Error in call over HTTP: HTTP 0 null10/30/2017 11:19:42.402 AMErrorSOAP: Call failed: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorSOAP: Error occurred: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier10/30/2017 11:19:42.428 AMErrorMP: exception caught with cause com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifierYou must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Ashsih,
Did you add the certificates in the Trusted CAS of NWA?
Try restarting the JAVA stack once else use XPI to track what is the exact cause.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for the response.
I installed self-signed certificate generated from Salesforce in PO , but still not working.
Let me know what am I missing.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashish,
Are you using HTTPS enforced URL in the SOAPUI??
If So you can able to see the certificate in the SOAPUI which can be exported as Keystore from browser and same can be used in SAP PI Truststore, I hope it will resolve your issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ashish, check this great blog about how to import the certificate into SAP PI: https://blogs.sap.com/2013/06/17/adding-certificates-to-pi/
Be careful, because you have to import the whole certificate chain to make it valid (means client, intermediate and root one as juan.vasquez2 showed in his answer).
Best regards,
Vadym
Hi,
Do you install the certificate on SAP PI system ? Are you using HTTPS + SSL ?
I recommend you test via HTTP first, if works, it means that the HANDSHAKE for HTTP + SSL it´s missing the install of the certificate at SAP PI system.
Regards,
Viana.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
11 | |
10 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.