Error PI 7.31 RFC-SOAP Certificate Rejected

Similar Messages

• Error:iaik.security.ssl.SSLCertificateException: Peer certificate rejected

  Hi,
  I am getting error com.sap.engine.interfaces.messaging.api.exception.MessagingException:
  iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  When i test for digital signing and encryption using soap receiver CC
  we passed all the values for soap CC
  Created key store view and in that view I have generated private certificate and generated CSR using SAP CA(test ssl for 8 weeks) for the private key and also imported public key for encryption given by reciver
  When i test i get the error message
  I check certificates validity dates
  I restarted java engine and ICM
  I added the public key in trusted CA in NWA
  I re created the view and added the certifcates
  still the same error
  how and where to check to check IAIK in NWA and how to deploy it in java engine using NWA, we are using PI7.11 (no VA)
  any suggestions?

  Hi,
  The main causes for this kind of problem are:
  1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for it and if it's the case renew it or extend the validation.
  3. The certificate chain was not in correct order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again.
  4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client authentication)
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site.  I mean if I request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
  Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio Cagnani

• ** SOAP - Receiver CC - Sync - Error - certificate rejected by ChainVerifie

  Hi Friends,
  In our interface BPM - SOAP call (Sync), in the receiver SOAP CC, we are getting the below error. 
  SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  In the SOAP CC, we use HTTP protocol.  In the target URL, it starts with https://...... and soapAction is mentioned.
  Previously, this channel was working fine. No issues.
  For testing, I copied and pasted the target URL in Internet Explorere, it did not ask any certificate, I am able to execute the wsdl. i.e call the soapAction - sent the request and got the response.
  Friends, could you tell me why the above error is coming now ?
  Kind regards,
  Jegathees P.

  Hi,
  https service is running?
  Check: SMICM -> Services
  Also check  with the named SAP note inside.
  Cheers,
  André
  Edited by: André Schillack on Apr 28, 2010 5:37 PM

• ELM send SOAP distributor - SSLCertificateException: certificate rejected

  Hi,
  I try to configure the Swiss income tax scenario ELM via our PI 7.11. The sending step produces the failure: SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVeri-fier
  Usually I have to install the certificates from the https page, but I have already installed the them (from the https side of the distributor: https://distributor.swissdec.ch/services/elm-pucs-puns/SalaryDeclaration/20051002 ). I still get this error.
  Is anybody else using transferring the ELM via PI and facing the same problem?
  Thanks a lot,
  Thomas

  Hello,
  The main reasons for why you are receiving this error can be checked below:
  1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bb487e28674be10000000a421937/frameset.htm
  2. The server certificate chain contains expired certificate. Check for it (that was the cause for other customers as well) and if it's the case renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Please generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again. Please take this third steps as the principal one.
  4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period. (This certificate is the one which is sent to Server for Client authentication)
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site.  I mean if I request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
  Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
  In any other case the SSL communication will not work.
  Hope that is useful for your case too!
  Regards,
  Caio Cagnani

• RFC -- SOAP Error

  Hello Everybody!
  I am implementing a scenario wherein:
  1) Data is passed from R/3 to xi and then to a web server.
  2) From webserver the updated data is sent back to xi.
  3) A particular field is boolean checked in XI, if true the data is sent back to webserver.
  4) and then again the updated data is sent back to r/3 via xi.
  R/3 ---> XI ---> Web Server ---> XI -(If condition true)-> Web Server ---> XI ---> R/3
  R/3 ---> XI ---> Web Server ---> XI -(If condition false)-> XI ---> R/3
  I am getting a error message when i run the Synchronous) RFC function Module using a report.
  <b>The error message is:</b>
  Runtime Errors         CALL_FUNCTION_REMOTE_ERROR
  Date and Time          29.09.2006 13:07:10
  <b>ShrtText</b>
       "call to messaging system failed: com.sap.aii.af.ra.ms.api.DeliveryExcepti
  <b>What happened?</b>
       Error in ABAP application program.
       The current ABAP program "Z_ALTINN_TEST" had to be terminated because one
        the
       statements could not be executed.
       This is probably due to an error in the ABAP program.
       The error occurred in an RFC call to another system.
       The target system has also written a short dump.
       Consult this short dump for more precise information about
       the cause of the error.
  <b>What can you do?</b>
       Print out the error message (using the "Print" function)
       and make a note of the actions and input that caused the
       error.
       To resolve the problem, contact your SAP system administrator.
       You can use transaction ST22 (ABAP Dump Analysis) to view and administer
        termination messages, especially those beyond their normal deletion
       date.
       is especially useful if you want to keep a particular message.
  <b>Error analysis</b>
      An error occurred when executing a REMOTE FUNCTION CALL.
      It was logged under the name "RFC_EXTERNAL_ABORT"
      on the called page.
  <b>How to correct the error</b>
      Please refer to the notes described in the
      short dump.
  <b>Internal notes</b>
      The termination occurred in the function "RfcExtendedRece
      Basis System, specifically in line 416 of the module
       "//bas/640_REL/src/krn/rfc/abrfcrcv.c#3".
      The internal operation just processed is "FUNC".
      The internal session was started at 20060929130708.
      Status of connection:
      RFC status: " "
      RFC error text: " "
      CPI-C error text: "call to messaging system failed:
       com.sap.aii.af.ra.ms.api.DeliveryException:
       XIAdapterFramework:GENERAL:com.sap.aii.af.ra.ms.api"
  <b>and the error message in the SXMB_MONI is :</b>
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Call Adapter
    -->
  - <SAP:Error xmlns:SAP="http://sap.com/xi/XI/Message/30"
  xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Category>XIAdapterFramework</SAP:Category>
    <SAP:Code area="MESSAGE">GENERAL</SAP:Code>
    <SAP:P1 />
    <SAP:P2 />
    <SAP:P3 />
    <SAP:P4 />
    <SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: java.io.IOException: invalid
  content type for SOAP: TEXT/HTML</SAP:AdditionalText>
    <SAP:ApplicationFaultMessage namespace="" />
    <SAP:Stack />
    <SAP:Retry>M</SAP:Retry>
    </SAP:Error>
  Can someone help me with this.
  Regards,
  Ashish

  Hi Ashish,
  To know what to do to close the posts as pointed out by Dirk,please go through this link.....
  /people/mark.finnern/blog/2004/08/10/spread-the-love
  <b><i>Runtime Errors CALL_FUNCTION_REMOTE_ERROR</i></b>
  Check if the RFC is remote enabled..
  Please go through this link to know more about the same...
  http://help.sap.com/saphelp_nw04/helpdata/en/f9/3f69fd11a80b4e93a5c9230bafc767/content.htm
  Also just see if you have used BAPI_TRANSACTION_COMMIT.
  And finally, Try checking the userid auth. for RFC destination,if it has remotes access.
  To check the same, you just have to do a remote logon from SM59 transaction.
  <b>
  <i>"call to messaging system failed: com.sap.aii.af.ra.ms.api.DeliveryExcepti</i></b>
  Try checking the userid auth for RFC destination wether it has remotes access.
  Just if you are able to do a remote logon in SM59.
  This error usually occurs when the RFC is not remote enabled so plz check that...
  Also go thru this link..
  http://help.sap.com/saphelp_nw04/helpdata/en/f9/3f69fd11a80b4e93a5c9230bafc767/content.htm
  Also go through this thread..
  "call to messaging system failed: com.sap.aii.af.ra.ms.api.DeliveryExceptio
  And for mapping check the incoming payload in sxmb_moni and see whether it conforms to Design>Msgmapping>Test(source XML).
  Regards,
  Abhy

• Error in Interface Sync RFC-XI-SOAP

  Hi,
  I have an interface RFC - XI - SOAP Sync.
  The error appears only in PRD environment and is intermittent error.
  Follow the message error in sxmb_moni:
  <SAP:AdditionalText>com.sap.aii.af.ra.ms.api.DeliveryException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Security.SecurityException: The event source ExceptionManagerInternalException does not exist and cannot be created with the current permissions. ---> System.Security.SecurityException: Requested registry access is not allowed. at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable) at System.Diagnostics.EventLog.CreateEventSource(String source, String logName, String machineName, Boolean useMutex) at System.Diagnostics.EventLog.CreateEventSource(String source, String logName, String machineName) at System.Diagnostics.EventLog.CreateEventSource(String source, String logName) at Microsoft.ApplicationBlocks.ExceptionManagement.DefaultPublisher.VerifyValidSource() --- End of inner exception stack trace --- at Microsoft.ApplicationBlocks.ExceptionManagement.DefaultPublisher.VerifyValidSource() at Microsoft.ApplicationBlocks.ExceptionManagement.DefaultPublisher.Publish(Exception exception, NameValueCollection additionalInfo, NameValueCollection configSettings) at Microsoft.ApplicationBlocks.ExceptionManagement.ExceptionManager.PublishInternalException(Exception exception, NameValueCollection additionalInfo) at Microsoft.ApplicationBlocks.ExceptionManagement.ExceptionManager.Publish(Exception exception, NameValueCollection additionalInfo) at Microsoft.ApplicationBlocks.ExceptionManagement.ExceptionManager.Publish(Exception exception) at mServices.WebServices.mServices.CancelServiceOrderList(OrderTypeCancelTO[] orders) --- End of inner exception stack trace ---</SAP:AdditionalText>
  Could you help me?
  Thank a lot.
  Maicon.

  > {quote:title=Rosa Maicon wrote:}
  > Hi,
  > I have an interface RFC - XI - SOAP Sync.
  > The error appears only in PRD environment and is intermittent error.
  > The event source ExceptionManagerInternalException does not exist and cannot be created with the current permissions.
  This looks like a permission error for the user role provided in production. try sending soap request from web client tool and see whether you get the same error.
  Check whether you have all the permissions required and also check whether there is WS security in the production environment.
  Regards,
  Pavan

• ERROR During call of SOAP with a SOAP- RFC- SOAP Synchronous scenario

  Hello Experts,
  I've recently created a SOAP->RFC->SOAP synchronous scenario but every time I'm invoking the SOAP via XMLSpy then i will hang and send a timeout error. Also a log in XI was generated as shown below.
  I hope you could help me on this one.
  Runtime Errors         DBIF_RSQL_SQL_ERROR
  Exception              CX_SY_OPEN_SQL_DB
  Date and Time          28.09.2010 09:31:23
  Short text
       SQL error in the database when accessing a table.
  What happened?
       The database system detected a deadlock and avoided it by rolling back
       your transaction.
  What can you do?
       If possible (and necessary), repeat the last database transaction in the
        hope that locking the object will not result in another deadlock.
       Note which actions and input led to the error.
       For further help in handling the problem, contact your SAP administrator
       You can use the ABAP dump analysis transaction ST22 to view and manage
       termination messages, in particular for long term reference.
       Note which actions and input led to the error.
       For further help in handling the problem, contact your SAP administrator
       You can use the ABAP dump analysis transaction ST22 to view and manage
       termination messages, in particular for long term reference.
  Error analysis
       An exception occurred that is explained in detail below.
       The exception, which is assigned to class 'CX_SY_OPEN_SQL_DB', was not caught
        in
       procedure "DELETE_LUW_PACKET" "(FORM)", nor was it propagated by a RAISING
        clause.
       Since the caller of the procedure could not have anticipated that the
       exception would occur, the current program is terminated.
       The reason for the exception is:
       The database system recognized that your last operation on the database
       would have led to a deadlock.
       Therefore, your transaction was rolled back
       to avoid this.
       ORACLE always terminates any transaction that would result in deadlock.
       The other transactions involved in this potential deadlock
       are not affected by the termination.
  Regards,
  Alfred

  Normally such an error comes when the DB of SAP PI is full.
  Contact your BASIS or ADMIN team and ask them to free the DB space.
  Regards,
  Abhishek.

• FTPS error: Peer Certificate Rejected by Chain Verifier

  Hi,
  This scenario is a File to File - Outbound Async Interface. Receiver is configured FTPS with mostly the default parameters.
  However FTPS again haunted us with "Peer Certificate Rejected by Chain Verifier  " error.  We have configured one communication channel with FTPS and tested in DEV, QA clients and moved to production. The weird behavior is it works only certain time. Overall it works 50% of time ok and 50% of time failed with the above error.
  We kept opened all ports on the firewall for outgoing messages.
  We cannot understand the dual behavior. Appreciate any help to resolve this issue.
  Dharmasiri Amith

  Hi Amith,
  The main reasons for this error follows:
  1. The correct server certificate could not be present in the TrustedCA
  keystore view of NWA. Please ensure you have done all the steps
  described in these two URLs:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/ea/c91141e109ef6fe1000000
  0a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for
  it (that was the cause for other customers as well) and if it's the case
  renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the
  problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order
  Own->Intermedite->Root. To explain in detail, if your server certificate
  is A which is issued by an intermediate CA B and then B's certificate is
  issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to
  have the right order of certificate in the chain. If the order is B
  first followed by A followed by C, then the IAIK library used by PI
  cannot verify the server as trusted. Please generate the certificate in
  the right order and then import this certificate in the TrustedCA
  keystore view and try again. Please take this third steps as the
  principal one.
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has
  to have certificate with CN equal to the requested site.  I mean if I
  request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in
  the ftp request. This can be the IP address or the full name of the
  host.
  Request the url with the IP of the SSL Server and the certificate to be
  with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio Cagnani

• SAP PI 7.3 Peer certificate rejected by ChainVerifier

  Hi
      We upgraded the PI systems(Dev and Quality) from 7.0 to v7.3 Before the upgrade https scenario was working fine. Important thing is we were not using any certificates to transfer files to our vendor.  All the SOAP receiver adapter with HTTPS url is working fine in production. The production is still with PI 7.0
      After basis upgrade the PI system to v7.3  when I send a messaage to the below url with SOAP receiver adapter i see the below error. This is not a webservice interface.
  https://staging.napa-ibiz.com/..........
  The error is:
  SOAP: error occured: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Delivering the message to the application using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier.
  The strange part is, after the upgrade it is working fine with one vendor. The SOAP receiver adapter configuration is no different from other scenerios.
  We even restarted  the JAVA engine still no luck.
  I didn't get answer for my below questions:
  1. When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
  2. If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration.
  3. Why only after the upgrade i see this error?
  Can you please throw some lights on this?
  Thanks,

  >When I'm not using any certificates to send files to my vendor, why/how I see the above certificates related error.
  The URL shows that you are using https transport communication. So you might be sharing the certificate or anonymous ssl with different vendors.  PLease go to STRUST and see whether  you have certificates in the keystore for the different vendors. As you production environment behaves different from pre production in terms of security.
  >If it is really a certificate related error, how i'm able to successfully send to one vendor with the similar SOAP receivier configuration
  You might share certificate correctly for one vendor and keystore might not have for the other vendors.  This is nothing related to soap receiver channel configuration. Certificates can be maintained either java stack level or abap stack.
  >Why only after the upgrade i see this error?
  PI 7.1 and above are 64 bit OS products. There are plenty of changes in the installation and security standards.  Talk to BASIS,

• Error while running the RFC on ECC 6.0 server

  Hello Champs,
        The problem I am facing while sending the data for validation and invalidation from RFC on ECC server to Pi server to be send to a webservice. This scenario was working perfectly fine when the RFC was run on R/3 4.7 server. On upgradation of R/3 server to ECC 6.0 server we found the folowing error while we run the RFC on ECC server.
  alternativeServiceIdentifier:party/service from channel configuration are not equal to party/service from lookup of alt ..
  I have also re-imported the RFC's from ECC server to PI server and activated it again to overcome this problem, but still I am getting this error. Also I have done the CPA cache refresh too. But the problem still persist.
  Some times when we keep on clicking on this error continously then we are able to get the desired results ie either valid or invalid. Is there something which needs to be done when we migrate the RFC from R/3 server to ECC server?  Pls let me know how to solve this problem... Any help on this on priority basis is highly appreciated.
  Thanking You in Advance.
  Regards
  S Joshi

  Dear Rajesh,
       I did the activity as suggested by you but still I am getting the same error while sending the order ID number from ECC 6.0 server. But when check the error in the Moni transaction I am getting the error as follow:
  com.sap.engine.interfaces.messaging.api.exception.MessagingException: SOAP: response message contains an error XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation.
  This indicates that there is a problem on the receiver side.. Pls guide me......
  Thanks
  With Best Regards
  S Joshi

• Error_: ACS10002: An error occurred while processing the SOAP body

  Hi all,
  We have problem to connect MSCRM online via SDK since yesterday.   All of our MSCRM Online organizations have this issue.  Anyone has the same issue?  
  Error : ACS10002: An error occurred while processing the SOAP body. ACS50000: There was an error issuing a token. ACS50005: Token encryption is required but no encrypting certificate is configured for the relying party.
  Gary

  This is a server side webcache from the OTN site. Not anything client-related. Its a bug that cannot be fixed at this time as OTN is on an EOL version of software. The good news is that most of OTN is moving to a new CMS on the 19th and these errors will disappear.
  In the meantime, if you add a parameter refresh to the URL you get the error on, most of the time, you can get the page back. Parameter refresh is done by adding ?a=b to the end of the URL. You can keep changing the combo too. (i.e. ?c=d)

• Test conn. SAPOSS error when opening an RFC connection SNC processing fail

  Dear all,
     I configured a Saprouter in DMZ with SNC connection type to establish connection from my company to SAP and vice-versa. Also I accept connection from external company to our SAP systems. During the test in SM59 SAPOSS connection I receive the following error:
  Logon     Errore di colleg.
  Dettagli err.     Error when opening an RFC connection
  Dettagli err.     ERROR: SNC processing failed: SncSessionInitiatorAK
  Dettagli err.     LOCAZ.: SAProuter 39.1 (SP3) on 'srvsaprouter1'
  Dettagli err.     DETT.: NiSncIInitHdlSecurity: sncrc=-4;0x9d9350
  Dettagli err.     COMPONENT: NI (network interface)
  Dettagli err.     CONTAT.: 209
  Dettagli err.     MODULE: nisnc.c
  Dettagli err.     RIGA: 1091
  Dettagli err.     VALORE RIT.: -104
  Dettagli err.     SUBRC: 0
  Dettagli err.     RELEASE: 710
  Dettagli err.     ORA: Fri Jul 17 11:01:22 2009
  Dettagli err.     VERS.: 39
  My saprouttab for SAP AG connection is the following:
  #SNC-connection from and to SAP
  #KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
  KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
  SNC-connection from SAP to local R/3-System for Support
  #KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.229 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.229 3201
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.211 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.211 3600
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.209 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.210 3201
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.231 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.231 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0s.calpeda.priv 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0sc.calpeda.priv 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.242 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.242 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0t.calpeda.priv 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0tc.calpeda.priv 50000
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.215 3200
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.101.111.215 50100
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0p.calpeda.priv 50100
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" epe0pc.calpeda.priv 50100
  SNC-connection from SAP to local R/3-System for NetMeeting, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 1503
  SNC-connection from SAP to local R/3-System for saptelnet, if it is needed
  KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23
  Access from the local Network to SAPNet - R/3 Frontend (OSS)
  #P <IP-addess of a local PC> 194.39.131.34 3299
  P * * *
  P * 194.39.131.34 3299
  D * * *
  Any suggestions?
  Thanks in advance.

  SNC processing failed could mean lots of things... did you installed the SAPcrypto library?.. did you created the certificates correctly?...
  Read SAP notes 812386 and 33135.
  Regards
  Juan

• Client Certificate Rejected, repeatedly +with great vigor

  Hi all --
  Perhaps you can give me a hand. I recently got a new Macbook Pro -- my first new CPU since the ole' clamshell back in 2001. Very happy with it as a whole but also finding that I am a bit behind the times in terms of my understanding of the software. Here is the problem: Yesterday I tried to access a page using Safari (2.0.3) from my history. I do not believe that it was a secure page as it was part of the dartmouth.edu website but it may have been. Anyway, a dialouge box popped up asking for my to use FileVaultMaster keychain. I did not know that I had such a thing but I typed in my master password. The page still did not open, but Safari displayed a text box saying that there was an error -- this particular error, in fact:
  <begin quote>
  The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message
  <end of quote>
  Now, when I try to access the basic Dartmouth homepage of http://www.dartmouth.edu, Safari converts it automatically to https://www.dartmouth.edu and asks for the keychain and then displays the error. I tried emptying the cache and resetting Safari (and even restarting the computer, although I understand that that is no longer necessairy with OS X) but to no avail. Can anyone clue me as to what is happening, and why?
  Thanks much in advance,
  -Sparco03
  MacBook Pro   Mac OS X (10.4.5)  

  I emailed [email protected] about this problem and here is the response. The solution of getting a valid Dartmouth certificate doesn't apply to non Dartmouth users, so I'm not sure what to do in that case.
  "You need to check your Keychain. The reason you are getting that error is because Safari is sending a Client Certificate back to the web server (which asked for it), but the web server can't verify that it's a good certificate. This usually happens when you have an expired certificate, or you have a non-Dartmouth certificate that Safari is likely sending because it can't find a Dartmouth one."
  "Whichever of these is the case, the solution is to get a valid Dartmouth certificate, which you can generate by going to https://collegeca.dartmouth.edu/ and following the directions on the web page. If you have an expired Dartmouth cert, you will need to delete that before you import your new, valid certificate."
  "The reason all of this is happening is specific to Intel Macs. The mechanism that Dartmouth has used, better than 7+ years, to authenticate browser users to web site (Kerberos) uses the SideCar helper application. This application doesn't run on Intel Macs, and it most likely never will. Fortunately, Dartmouth installed client certificates as an additional/alternate solution for web site authentication a few years ago. Since client certs work great on Intel Macs, we had to force Intel Macs to always use HTTPS when connecting to any site on www.dartmouth.edu. That way we can always be able to ask for your client cert, so that we don't break your ability to access protected sites that live on the www.dartmouth.edu server."

• Server certificate rejected by ChainVerifier

  Hi,
  I have written a java program for connecting to an HTTPS URL and get the response from the site.
  The HTTPS URL works well when I typed the URL in browser. But the same URL is failing while connecting using my program. I am getting the following exception while connecting to my HTTPS page "iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier"
  I am attaching the code below for your reference.
          String s = new String();
          s = "MyRequest=" + s;
          IAIK.addAsJDK14Provider(true);
          IAIK.addAsJDK14Provider();
          KeyStore keystore = Utils.getJavaDefaultKeystore();
          /* Giving "SUN version 1.5" as a provider */
          System.out.println("keystore provider:"+keystore.getProvider());
             FileInputStream fis = new FileInputStream("mycertificatefile");
             BufferedInputStream bis = new BufferedInputStream(fis);
             CertificateFactory cf = CertificateFactory.getInstance("X.509");
             Certificate cert = null;
             while (bis.available() > 0) {
                 cert = cf.generateCertificate(bis);
             keystore.setCertificateEntry("service_ssl",cert);
          SecureConnectionFactory secureconnectionfactory = new SecureConnectionFactory(keystore);
          secureconnectionfactory.setIgnoreServerCertificate(false);
          HttpURLConnection httpurlconnection = secureconnectionfactory.createURLConnection(url);
          httpurlconnection.setRequestMethod("POST");
          BufferedWriter bufferedwriter = new BufferedWriter(new OutputStreamWriter(httpurlconnection.getOutputStream()));
          bufferedwriter.write(s, 0, s.length());
          bufferedwriter.close();
          Utils.setBasicAuthenticationHeader(httpurlconnection, user, password);
          try
              httpurlconnection.connect();
          catch(ConnectException connectexception)
              error("Connection timeout");
              System.exit(1);
          catch(Exception exception)
              exception.printStackTrace();
              error("Connection exception");
              System.exit(1);
          int i = httpurlconnection.getResponseCode();
          System.out.println("http Response Code = " + i);
  If I pass the setIgnoreServerCertificate(true), then I am getting the following exception
  java.io.IOException: Fatal SSL handshake error: java.lang.RuntimeException: Unable to create cipher AES/CBC/NoPadding: java.security.InvalidKeyException: Illegal key size
  Thanks & Regards,
  Santhosh.C

  VS,
  I am not sure, how far this will solve my problem. Let me try this. BTW, I have solved the issue on my own.
  I generated keystore and truststore from the generated certificates and supplied the certificate as input to my program.
  Here is the program for your reference.
             HttpClient client = new HttpClient();
             client.getParams().setAuthenticationPreemptive(true);
             Credentials defaultcreds = new UsernamePasswordCredentials(USER, PASSWORD);
             client.getState().setCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT, AuthScope.ANY_REALM), defaultcreds);
           Protocol authhttps = new Protocol("HTTPS",
                  (ProtocolSocketFactory) new AuthSSLProtocolSocketFactory(
                          urlkeystore, PASSWORD,
                          urltruststore, PASSWORD), TARGET_HTTPS_PORT);
           Protocol.registerProtocol("https", authhttps);
            PostMethod filePost = new PostMethod(FINAL_URL);
           STATUS = client.executeMethod(filePost);
            String responseString = filePost.getResponseBodyAsString();
            if (responseString != null && responseString.length() > 0)
                 System.out.println("Response String : " + responseString);
  Thanks & Regards,
  Santhosh.C

• Error while calling webservice with SOAP Receiver

  Hi Experts,
  When we run the report on the ECC 6.0 server we call the web service which is configured as a receiver SOAP Adapter, we are getting the following error:
     XIAdapter/PARSING/ADAPTER.SOAP_EXCEPTION - soap fault: Not enough message parts were received for the operation
  Can somebody throw a light on this error and how to overcome it.
  Thanking You
  With Best Regards
  Suk4023

  >Can somebody throw a light on this error and how to overcome it.
  Import WSDL and Use soapui or xmlspy and try to send the request and see the response. Make sure your WSDL URL is valid one too. After testing update more informaton on this.