Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected

Similar Messages

• Iaik.security.ssl.SSLCertificateException - the mother of all errors

  Hi,
  We're experiencing this error:
  Error occurred while connecting to the FTP server "whatever:whichever": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  when connecting to the FTPS server.
  What was done by the teams:
  1) Every single certification was checked, there is pretty much no way this is a certificate problem
  2) Nothing was changed in the systems, this is an overnight error than kept persisting
  3) We restarted both involved servers, this keeps on bugging us
  4) No relevant traces are in SMICM, ST11, ST22, SM21, anywhere
  5) NOTHING was changed on any of the two servers.
  6) In addition, also the development PI server tries to connect to the same FTPS server and the same error appears.
  This is an overnight problem that just didn't disappear whatever we did.
  From my experience with this precise error which I can say it is now of more than a year is that it kept popping up in our system and it was triggered from causes as vast as some FTPs processes hanging on the FTPS server requiring restart, to filling the space on the server, not updated DNS cache on the PI server, you name it.
  I'm really amazed the amount of times this error pops up in the CC monitor and the cause is everything else BUT a certification issue.
  Do you have any idea worth sharing on why this might happen out of the blue?
  Best regards,
  George

  Hi George,
  I have a similar issue here and have tried out all the possible options.
  1) Imported certificate into Trusted CA's from a server where the connectivity is working fine.
  2)Restarted the Java stack.
  You Mentioned about FTPS server. Can you please confirm where else do  we need to import the certificate?

• File Adapter FTPS: Error - iaik.security.ssl.SSLException

  I'm trying to use FTPS to communicate from XI ( SP 15 ) .  FTPS system Admin provided CA Certificate and we installed same in key Storage as trusted CAs.
  However when I try to send file It was throwing message " Error: Message processing failed: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: illegal parameter "  In the Adapter Monitoring .
  However same Certificates installed on recent versions of XI ( PI 7.0) works just fine.
  Any ideas will be appreciated.

  Hi S T,
  Check these..
  Details for 'Is Web service security available?'
  HTTPS Error
  All the best!
  cheers,
  Prashanth
  P.S Please mark helpful answers

• SAP PI 7.3 Peer certificate rejected by ChainVerifier

  Hi
      We upgraded the PI systems(Dev and Quality) from 7.0 to v7.3 Before the upgrade https scenario was working fine. Important thing is we were not using any certificates to transfer files to our vendor.  All the SOAP receiver adapter with HTTPS url is working fine in production. The production is still with PI 7.0
      After basis upgrade the PI system to v7.3  when I send a messaage to the below url with SOAP receiver adapter i see the below error. This is not a webservice interface.
  https://staging.napa-ibiz.com/..........
  The error is:
  SOAP: error occured: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Delivering the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.
  The strange part is, after the upgrade it is working fine with one vendor. The SOAP receiver adapter configuration is no different from other scenerios.
  We even restarted  the JAVA engine still no luck.
  I didn't get answer for my below questions:
  1. When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
  2. If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration.
  3. Why only after the upgrade i see this error?
  Can you please throw some lights on this?
  Thanks,

  >When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
  The URL shows that you are using https transport communication. So you might be sharing the certificate or anonymous ssl with different vendors.  PLease go to STRUST and see whether  you have certificates in the keystore for the different vendors. As you production environment behaves different from pre production in terms of security.
  >If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration
  You might share certificate correctly for one vendor and keystore might not have for the other vendors.  This is nothing related to soap receiver channel configuration. Certificates can be maintained either java stack level or abap stack.
  >Why only after the upgrade i see this error?
  PI 7.1 and above are 64 bit OS products. There are plenty of changes in the installation and security standards.  Talk to BASIS,

• Error PI 7.31 RFC-SOAP Certificate Rejected

  Hi Experts,
  I'm facing an error last days.
  The scenario is, an interface was working fine in DEV, but in QAS stopped.
  DEV and QAS has the same configuration, same endpoint, user, etc....
  In QAS the error in PI 7.31 was:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  So, I saw the certificate and it was expired. The server updated the certified.
  And now DEV and QAS stopped working, and both return the message above in PI.
  The certificate is a auto-signed, and according to the documentation there was no certificate installation in development.
  The communication is an RFC to SOAP synchronous.
  Using Proxy, and authentication.
  The communication channel was not changed, and they don't have certificate authentication.
  I requested de basis team to install the certificate in NWA, but the view does not appeard in the configuration in PI.
  So... any idea what's my problem?
  Thanks.

  Hi,
  Thanks all for the answers.
  I already requested the installation of certificate, but they don't appear in configuration of channel communication on PI:
  the certificate installed:
  Any Ideia?

• FTPS error: Peer Certificate Rejected by Chain Verifier

  Hi,
  This scenario is a File to File - Outbound Async Interface. Receiver is configured FTPS with mostly the default parameters.
  However FTPS again haunted us with "Peer Certificate Rejected by Chain Verifier  " error.  We have configured one communication channel with FTPS and tested in DEV, QA clients and moved to production. The weird behavior is it works only certain time. Overall it works 50% of time ok and 50% of time failed with the above error.
  We kept opened all ports on the firewall for outgoing messages.
  We cannot understand the dual behavior. Appreciate any help to resolve this issue.
  Dharmasiri Amith

  Hi Amith,
  The main reasons for this error follows:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has
  to have certificate with CN equal to the requested site.  I mean if I
  request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in
  the ftp request. This can be the IP address or the full name of the
  host.
  Request the url with the IP of the SSL Server and the certificate to be
  with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio Cagnani

• ** SOAP - Receiver CC - Sync - Error - certificate rejected by ChainVerifie

  Hi Friends,
  In our interface BPM - SOAP call (Sync), in the receiver SOAP CC, we are getting the below error. 
  SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  In the SOAP CC, we use HTTP protocol.  In the target URL, it starts with https://...... and soapAction is mentioned.
  Previously, this channel was working fine. No issues.
  For testing, I copied and pasted the target URL in Internet Explorere, it did not ask any certificate, I am able to execute the wsdl. i.e call the soapAction - sent the request and got the response.
  Friends, could you tell me why the above error is coming now ?
  Kind regards,
  Jegathees P.

  Hi,
  https service is running?
  Check: SMICM -> Services
  Also check  with the named SAP note inside.
  Cheers,
  André
  Edited by: André Schillack on Apr 28, 2010 5:37 PM

• ELM send SOAP distributor - SSLCertificateException: certificate rejected

  Hi,
  I try to configure the Swiss income tax scenario ELM via our PI 7.11. The sending step produces the failure: SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVeri-fier
  Usually I have to install the certificates from the https page, but I have already installed the them (from the https side of the distributor: https://distributor.swissdec.ch/services/elm-pucs-puns/SalaryDeclaration/20051002 ). I still get this error.
  Is anybody else using transferring the ELM via PI and facing the same problem?
  Thanks a lot,
  Thomas

  Hello,
  The main reasons for why you are receiving this error can be checked below:
  1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bb487e28674be10000000a421937/frameset.htm
  2. The server certificate chain contains expired certificate. Check for it (that was the cause for other customers as well) and if it's the case renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Please generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again. Please take this third steps as the principal one.
  4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period. (This certificate is the one which is sent to Server for Client authentication)
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site.  I mean if I request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
  Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
  In any other case the SSL communication will not work.
  Hope that is useful for your case too!
  Regards,
  Caio Cagnani

• Server certificate rejected by ChainVerifier

  Hi,
  I have written a java program for connecting to an HTTPS URL and get the response from the site.
  The HTTPS URL works well when I typed the URL in browser. But the same URL is failing while connecting using my program. I am getting the following exception while connecting to my HTTPS page "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"
  I am attaching the code below for your reference.
          String s = new String();
          s = "MyRequest=" + s;
          IAIK.addAsJDK14Provider(true);
          IAIK.addAsJDK14Provider();
          KeyStore keystore = Utils.getJavaDefaultKeystore();
          /* Giving "SUN version 1.5" as a provider */
          System.out.println("keystore provider:"+keystore.getProvider());
             FileInputStream fis = new FileInputStream("mycertificatefile");
             BufferedInputStream bis = new BufferedInputStream(fis);
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             Certificate cert = null;
             while (bis.available() > 0) {
                 cert = cf.generateCertificate(bis);
             keystore.setCertificateEntry("service_ssl",cert);
          SecureConnectionFactory secureconnectionfactory = new SecureConnectionFactory(keystore);
          secureconnectionfactory.setIgnoreServerCertificate(false);
          HttpURLConnection httpurlconnection = secureconnectionfactory.createURLConnection(url);
          httpurlconnection.setRequestMethod("POST");
          BufferedWriter bufferedwriter = new BufferedWriter(new OutputStreamWriter(httpurlconnection.getOutputStream()));
          bufferedwriter.write(s, 0, s.length());
          bufferedwriter.close();
          Utils.setBasicAuthenticationHeader(httpurlconnection, user, password);
          try
              httpurlconnection.connect();
          catch(ConnectException connectexception)
              error("Connection timeout");
              System.exit(1);
          catch(Exception exception)
              exception.printStackTrace();
              error("Connection exception");
              System.exit(1);
          int i = httpurlconnection.getResponseCode();
          System.out.println("http Response Code = " + i);
  If I pass the setIgnoreServerCertificate(true), then I am getting the following exception
  java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
  Thanks & Regards,
  Santhosh.C

  VS,
  I am not sure, how far this will solve my problem. Let me try this. BTW, I have solved the issue on my own.
  I generated keystore and truststore from the generated certificates and supplied the certificate as input to my program.
  Here is the program for your reference.
             HttpClient client = new HttpClient();
             client.getParams().setAuthenticationPreemptive(true);
             Credentials defaultcreds = new UsernamePasswordCredentials(USER, PASSWORD);
             client.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), defaultcreds);
           Protocol authhttps = new Protocol("HTTPS",
                  (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(
                          urlkeystore, PASSWORD,
                          urltruststore, PASSWORD), TARGET_HTTPS_PORT);
           Protocol.registerProtocol("https", authhttps);
            PostMethod filePost = new PostMethod(FINAL_URL);
           STATUS = client.executeMethod(filePost);
            String responseString = filePost.getResponseBodyAsString();
            if (responseString != null && responseString.length() > 0)
                 System.out.println("Response String : " + responseString);
  Thanks & Regards,
  Santhosh.C

• ERROR :IAIK REJECTED BY CERTICATE

  Hi,
  secnario rfc>soap(Digitally sign and encrypt)
  error: IAIK REJECTED BY CERTICATE
  we are trying to test signing and encryption using soap1.1 in pi7.11 system
  we created test interface ,we checked mapping it is ok
  i created private certificate and generated CA using service.sap.com/tcs and copied and pasted the response to same txt file which pem and renamed it as crt
  now,i loaded the crt file to default Q in NWA as x.509 certificate
  I have selected only sign option in reciver agreement ,activated and tested with triggering rfc ,error iaik peer certificate rejected
  Tried all possible ways:
  1)tried with custom view and default view/no go
  2)tried by putting the x509 certificate in trusted CA,as it is a test certificate generated from service,sap.com/tcs,no orginal CA
  3)Restarted java engine,icm,checked all settings like rfc etc
  4)Followed all the instructions by forums,blogs,wikis
  Need step by step advise and help,by an sr Expert in Forum

  Hi All,
  We are having same issue with the FTPS in our SAP PI systems. On the Target FTP server side we are using the Proftpd software for the FTPS installed and configuration on port 990 and generated Certificate on FTP Server using Proftpd software.
  In SAP PI server Communication Channel Configuration we use below FTP configuration.
  FTP Connection Parameters.
  Server : xxxxx
  Port   :990
  Data Connection : Passive
  Connection Security : FTPS (FTP Using SSL/TLS) for Control Connection
  Command Order :  AUTH TLS,USER,PASS,PBSZ,PROT
  We are not using any  [ ] X.509 Certificate for Clinet Authentication
  The above Parameter settings for FTPS working fine without any issues, CC  Polling process successfully finishing for every 60 seconds as defined.
  ISSUE
  When we change the Connection Security : FTPS(FTP Using SSL/TLS) for Control and Data connection
  and start the CC its geting errors  "........ Certificate rejected by Chain Verifier".
  We tried with couple of options on the Proftpd FTP client configuration file
  with TLSRequired <on> <auth+data> but getting same error, but its working fine with the option
  TLSRequired ctrl.
  Please let us know your suggestions whether we can continue withe the Control Connection option or any solution if we use Control and Data Connection.
  Thanks in advance
  Gary.

• SOAP Receiver via https - Error:  Invalid SSL message, peer seems to be tal

  Hi,
  I have a SOAP Adapter that send a message to a HTTPS WebService.
  I'm having the following error:
  Message processing failed. Cause: com.sap.aii.af.ra.ms.api.RecoverableException: Invalid SSL message, peer seems to be talking plain!: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  If I check the URL via Internet Explorer it showme a confirmation dialog with a security Alert, and ask me if I want to continue, then, I can reach the WS with any problem (from de IE).
  I checked the steps of this PDF:
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/content.htm
  and all seems to be right.
  Any bode can help me with this problem?
  Thanks
  Martin

  Hello,
  finally you run your request from your ERP System about your ICF.
  To establish a SSL Connection to the Web Service target system about an SAP WebAS and ICF, it is necessary to create a certificate on client site about Internet explorer using target URL and importing it on STRUST. Take the junction "SSL-Client (Anonym)" to include your certificate for your system.
  Take a reboot of ICM Monitor.
  Then create a HTTP Connection to rhe external server via SM59 (Typ G).
  Don't forget to configure the following points:
  Under the menu tab Registration&Security:
  - Registration Process: No Registration
  - status of security protocols: activ and ANONYM SSL-Client (Anonym)
  In most cases, you don't need to edit your user data.
  Mostly only then one can usually connect about SAP XI or PI to some servers with SSL method.

• Error "Invalid SSL message, peer seems to be talking plain" receiver SOAP

  Hello All,
  I have configured the AXIS as the receiver adapter, and sending an invoice over HTTPS protocol. The Call is a synchronous process where I get a response back from the service provider.
  Getting the error message as below, the authentication is a simple user ID and password authentication. The same URL works well in Test environment but having this problem on deploying to production.
  - <SAP:Error SOAP:mustUnderstand="1" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
    <SAP:Category>XIAdapterFramework</SAP:Category>
    <SAP:Code area="MESSAGE">GENERAL</SAP:Code>
    <SAP:P1 />
    <SAP:P2 />
    <SAP:P3 />
    <SAP:P4 />
    <SAP:AdditionalText>com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!</SAP:AdditionalText>
    <SAP:Stack />
    <SAP:Retry>M</SAP:Retry>
    </SAP:Error>
  Any suggestions where I should be checking the configuration.
  Prashanth

  Hi Glenn,
  My scenario is a File-to-SOAP scenario, the receiver communication channel is an synchronous external webservice call over SOAP adapter.
  Screen shots of the communication channel config are as below
  [CC Parameters|http://yfrog.com/h0bx67j]
  [CC Modules|http://yfrog.com/h025s5j]
  --Prashanth

• SOAP: Invalid SSL message, peer seems to be talking plain!

  Hi All,
  we have configured an SOAP Receiver Adapter to send the message to external thrid system from PI 7.11.
  In the configuration we have imported the thrid party system certificate into NWA.
  In the receiver agreement we have sleected the adpater specific Parameters.
  after executing the scenario we are getting the following error in Runtime Workbench.
  *SOAP: call failed: iaik.security.ssl.SSLException: Invalid SSL message,
  peer seems to be talking plain!*
  please let us know if we have missed any configuration.
  thanks,
  Lalitkumar.

  Hi Rahul,
  Actually the path provided by the third party is some what like this;
  https://xyz.abc.com:443/TRSimpleAgent.Process:receive
  let me rephrase the scenario
  IDOC -> PI -> Soap.
  The data which is flowing in IDOC have to be mapped and XML file has to be posted to url which i have mentioned above.
  The data has to be posted outside the landscape of the SAP Systems.
  As if now we are able to get the file as a o/p of receiver mail adapter. now to post this file we have to ping the third party system using the soap receiver adapter. In the meanwhile we have configured the certificate which we got from them in out PI java stack.
  When we execute the scenario we are getting the following error
  Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  SOAP: call failed: iaik.security.ssl.SSLException: Invalid SSL message, peer seems to be talking plain!
  please help us in the following to resolve the issue.
  Thanks in Advance.
  Lalitkumar.

• 2-way SSL when WL7 is client; get "Required peer certificates not supplied by peer"

  Background: WL7 is properly configured to use 2-way SSL, and works fine whenever
  its acting as the Server; i.e., I have 2-way SSL working between a Web Browser
  and WL7, or between Tomcat and WL7. However, when trying to get 2-way SSL (mutual
  authentication) working between a WL7 server acting as a client and another server
  such as Tomcat, acting as the server, I get a "Required peer certificates not
  supplied by peer" error. The initial ServerHello handshake is fine; the problem
  arises when the Tomcat server, for example, then requests WL7 to serve up its
  client certificate. It's as if WL7 does not know where to locate its "client"
  certificate.
  I had the same problem with Tomcat initially, where it would also not know how
  to locate its "client" certificte. I resolved the problem by setting the following
  system properties:
  javax.net.ssl.keyStore=...
  javax.net.ssl.keyStorePassword=...
  javax.net.ssl.trustStore=...
  javax.net.ssl.trustStorePassword=...
  Are their analogous system properties I need to set on the WL7 side of things,
  as I noticed that WL7 seems to use its own proprietary version of JSSE API's?
  How do I configure WL7 to locate its "client" certificate?
  Thanks! Your help is greatly appreciated.
  -Dan

  Weblogic uses Certicom SSL implementation which has classes that conflict with
  JSSE classes. As a result opening SSL connection from WLS over JSSE or API like
  SOAPConnection that uses JSSE does not work as expected. The javax.net.ssl properties
  are not supported and there is no replacement for the default identity keystore
  property.
  The best workaround I can think of in this case is to pass as the second parameter
  to SOAPConnection.call() method a URL instance created with a custom URLStreamHandler
  extending the weblogic.net.http.Handler. This handler can override the Handler.openConnection(URL)
  method and use the HttpsURLConnection.loadLocalIdentity method to initialize identity
  of the returned connection. For example:
  public class MyHandler extends weblogic.net.http.Handler {
  protected URLConnection openConnection(URL u) throws IOException {
  URLConnection c = super.openConnection();
  if (c instanceof weblogic.net.http.HttpsURLConnection) {
  // initialize ssl identity
  ((weblogic.net.http.HttpsURLConnection) c).loadLocalIdentity(certChain,
  privateKey);
  return c;
  URL someHTTPSUrlEndpoint = new URL("https", "localhost", 7002, "myfile", new MyHandler());
  replyMessage = con.call(someSOAPMessageInstance, someHTTPSUrlEndpoint);
  Pavel.
  "ddumitru" <[email protected]> wrote:
  >
  Thanks, Pavel, for replying,
  I've been reading and re-reading that page for quite a while now. Unfortunately,
  the examples given are for when WL7 is acting as the "server" and not
  the "client";
  i.e., when some other server, such as Tomcat, WebSphere, or Oracle 9IAS,
  reaches
  out to the WL7 instance first, or when one WL7 instance talks to another
  WL7 instance
  via JNDI.
  In my case, my WL7 instance needs to initiate a Web Service call; i.e.,
  needs
  to reach out to another server via a SAAJ (SOAP with Attachments) API
  call. My
  sending servlet uses the SAAJ (SOAP with attachments) API to make a Web
  Service
  call to another server, as follows:
  SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance();
  SOAPConnection con = scf.createConnection();
  SOAPMessage replyMessage = con.call( someSOAPMessageInstance, someHTTPSUrlEndpoint
  With the SAAJ API, as illustrated above, I don't see a direct way of
  configuring
  (using URLConnection, SSLContext, SSLSocketFactory, etc.) the SSL connection
  prior
  to making a call, as suggested in the link you mentioned. Also, the
  receiving
  server may implement its Web Services using a non-BEA application server
  that
  may not even use the J2EE platorm. As such, I don't believe I can use
  the JNDI
  solution provided in that same link.
  Again, I was able to make 2-way SSL (Mutual Authentication) connections
  between
  Tomcat and WL7 instances using the SAAJ API's when Tomcat was the client
  initiating
  the SAAJ call. In this scenario, Tomcat requested WL7 for its certificate,
  WL7
  served it up, and Tomcat then verified it. Then, in turn, WL7 asked
  Tomcat for
  its certificate, Tomcat presented it, and WL7 was able to verify Tomcat's
  certificate.
  I suppose I was able to make it all work under this scenario because
  I was able
  to configure Tomcat, which is using native JSSE API's, to locate its
  "client"
  certificate by setting the following system properties, as mentioned
  previously:
  javax.net.ssl.keyStore=...
  javax.net.ssl.keyStorePassword=...
  javax.net.ssl.trustStore=...
  javax.net.ssl.trustStorePassword=...
  Based upon your feedback, I now understand that WL7 cannot be configured
  in a
  similar manner because WL7 uses its own version of the JSSE API's. Any
  ideas
  on what I might try next?
  Thanks!
  -Dan
  "Pavel" <[email protected]> wrote:
  WLS SSL API does not support any system properties for SSL identity.
  The client's
  identity has to be configured via methods of SSL API. The trust configuration
  of SSL client running on WL server and using WLS SSL API will be the
  same as of
  the WL server.
  See http://e-docs.bea.com/wls/docs70/security/SSL_client.html#1019570
  for more information on this. "Writing Applications that Use SSL" contains
  code
  examples that use different SSL APIs to connect over two-way SSL.
  Pavel.
  "ddumitru" <[email protected]> wrote:
  Background: WL7 is properly configured to use 2-way SSL, and worksfine
  whenever
  its acting as the Server; i.e., I have 2-way SSL working between a
  Web
  Browser
  and WL7, or between Tomcat and WL7. However, when trying to get 2-way
  SSL (mutual
  authentication) working between a WL7 server acting as a client andanother
  server
  such as Tomcat, acting as the server, I get a "Required peer certificates
  not
  supplied by peer" error. The initial ServerHello handshake is fine;
  the problem
  arises when the Tomcat server, for example, then requests WL7 to serve
  up its
  client certificate. It's as if WL7 does not know where to locate its
  "client"
  certificate.
  I had the same problem with Tomcat initially, where it would also not
  know how
  to locate its "client" certificte. I resolved the problem by setting
  the following
  system properties:
  javax.net.ssl.keyStore=...
  javax.net.ssl.keyStorePassword=...
  javax.net.ssl.trustStore=...
  javax.net.ssl.trustStorePassword=...
  Are their analogous system properties I need to set on the WL7 sideof
  things,
  as I noticed that WL7 seems to use its own proprietary version of JSSE
  API's?
  How do I configure WL7 to locate its "client" certificate?
  Thanks! Your help is greatly appreciated.
  -Dan

• Unexpected Exception Error :Netbeans remote project on dev using secure SSL

  I created the remote project for the Dev envirnment to debug the workflow activity,
  I can set the identity manager external instance for this dev envirnment even while doing that
  need to click the check box for secure connection other wise will get the error for connection,
  Now when connection is set, and I tried to start the debuger on dev, I am getting the unexpected exception error,
  Is this error is because of Dev envirnment is secure SSL, Can I still run the debugger on this dev envirment.
  Thanks,

  Don't multipost and don't use the browser's back button to edit your posts as that creates multiple postings. I've removed the other thread you started with the same questio.
  Also, don't post to long dead threads. I've blocked your post and locked the thread you resurrected.
  db