cancel
Showing results for 
Search instead for 
Did you mean: 

SOAP HTTPS with certificate

Former Member
0 Kudos
77

Hello,

we are connecting to Datacash provider using SOAP with HTTPS from an SAP PI 7.31.

This is one scenario we are migrating from a XI 3.0 system where this interface currently works!!!!!!

The certificate and private key are added to the key store. Settings for the receiver channel are the same as in the old XI.

What astonishs su is that the certificate is already expired since years but works in XI!

The key store flags both in red.

Our issue:

We can get no connection. The error is

Communication over HTTPS: Unable to create a socket".

Network guys say the firewall does not block the traffic for the address.

So we are not sure if this is related to the certificate. Does PI 7.31 block communication because of the cert expired?

Regards

Dirk

Accepted Solutions (1)

Accepted Solutions (1)

iaki_vila
Active Contributor
0 Kudos

Hi Meinhard,

That error seems that the endpoint is blocking the your new IP associated with PI. Check with the endpoint ws assistance if they are blocking the connection because the certificate is expirated, may be the endpoint have cached your old XI.

Regards.

Former Member
0 Kudos

Hi,

ok, understood! That makes sense!

Now I got an address from the customer to check the cert provider site.

Found that they offer certificates as *.pem files and *.cer files and not in crt and p12 format

as we have them today!

Totally confused what to do now!

Regards

Dirk

Former Member
0 Kudos

Hello Dirk,

have you tried to import these new certificates to PI? .cer should be supported, I'm not sure about .pem. If you can, import them, change configuration and try again.

Do you maybe need to go via a proxy? Maybe settings there need to be done or maintained. In my experience a wrong certificate will hit you in a different way, either with an error message or with an http 404.

Regards,

Jörg

Answers (1)

Answers (1)

former_member184720
Active Contributor
0 Kudos

AFAIK - If your interface was working fine even after the certificatre has expired then there is no point of maintaing it right?

Ideally you should've recieved some kind of failure if that certificate is being used/validated.

Former Member
0 Kudos

Hi,

we are moving forward.

The issue with the new system was with the firewall, seemed to be tricky for the network team.

Now we have a new but clear error from the connect with the partner.

Certificates are not accepted any more.

So we need to go with new ones.

Regards

Dirk