cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL server requires client certificate

Former Member

on ‎06-24-2011 8:07 AM

0 Kudos

Dear Experts,

I have a synchronous interface in which I am sending a xml file to the web server as a request via SFTP adapter and then we are getting the response via receiver SOAP adapter in which we have installed a certificate. We have accordingly made use of the certificate authentication in the soap receiver channel by selecting appropriate keystore entry and keystore view. We are getting a response but upon opening the payload in MONI, the message is coming as " SSL server requires client certificate, Error code 901.".

I asked my web service team. They are saying that the target url also demands an authorization from PI. It should be a mutual authorization.

Can anyone help me out please? What should be the solution for the above issue.

Please help me out..

Regards

Veeru

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member4985
Employee
Employee
‎06-24-2011 7:34 PM
0 Kudos

Hi Veeru,

It appears you did not import the certificates for the related SOAP scenario.

Yyou should import all the related certificates into the J2EE Keystore of the Java side.

For your reference, please check the following link:

Configuring the SSL Key Pair and Trusted X.509 Certificates

http://help.sap.com/saphelp_nwpi711/helpdata/en/c1/435a3e740be946e10000000a114084/frameset.htm

And ensure you have done all the steps described in the URL below

Security Configuration at Message Level

http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe10000000a1550b0/frameset.htm

Regards,

Caio Cagnani

Show replies
Show replies
Former Member
‎06-24-2011 7:53 PM
0 Kudos

Expert,

I have uploaded all the required certificates at the java stack of PI. also the required keystore view and keystore entry is selected from the drop down menu of the SOAP receiver channel.

Thanks

Veeru

former_member4985
Employee
Employee
‎06-24-2011 8:41 PM
0 Kudos

Hello,

If the end point of the SOAP Call(Server) is configured to accept a client certificate (mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period. (This certificate is the one which is sent to Server for Client authentication)

In case it does not work, would be good if you could add some more data about the error you receive.

Regards,

Caio Cagnani

Former Member
‎08-17-2011 5:29 AM
0 Kudos

problem solved by installing the certificate in .P12 format.

Thanks for everybody's help.

baskar_gopalakrishnan2
Active Contributor
‎06-24-2011 4:51 PM
0 Kudos

>I asked my web service team. They are saying that the target url also demands an authorization from PI. It should be a mutual authorization.Can anyone help me out please? What should be the solution for the above issue.

Your PI server using SOAP receiver adapter communicating to target system using https communication pipe. So target system does not authenticate the PI soap call. You have to import target system keys in the keystore. Similarly you have to share your PI certificate to the target system. The target system will import your keys in their keystore. Once they import the target system trust your call. Talk to Basis team. There are various ways of creating crytographic algorithm for certificate authentication like synchronous( just having public keys on both sides) , Asynchronous (having pair of keys public and private) and client authentication etc...

Show replies
Show replies
Former Member
‎06-24-2011 8:17 AM
0 Kudos

Check out this link ..

http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/frameset.htm

Show replies
Show replies
Former Member
‎06-24-2011 8:38 AM
0 Kudos

Experts,

Any other suggestion(s), Please.

Rgds

Veeru

Former Member
‎06-24-2011 9:06 AM
0 Kudos

You can follow this documents, to achieve your issue:

Client Authentication

/people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter

WAS Security - Demystified

/people/naresh.pai/blog/2005/03/14/was-security--demystified

Configuring Secure Integration

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd...

Ask a Question