SOAP Receiver over SSL - server certificate troubles

Similar Messages

• Step by Step : How to Create an SSL Server Certificate (Part 3)

  How to Create an SSL Server Certificate (Part 3)
  In the previous part you have completed step 10, now you are almost there.
  Step 11:
  This is another very important step.
  Leave the settings as is or tick more options if you know what you do.
  Step 12:
  Again leave as it is.
  Step 13:
  Another important step !
  In the DNS Name field enter the host name(s) separated by spaces (or commas), e.g.
  myserver.name.private myserver.dyndns.org
  You can enter your local IP if you wish.
  Step 14:
  Certificate Assistant now procedes to create your certificate. Within a few seconds you should see the new certificate in your Keychain.
  Switch to Server App (if at this stage Server App has crashed, don't worry , re-open Server App and proceed.
  Repeat step 2 described in Part 1 and select the new certificate from the drop-down menu of available certificates.
  You may want to use this certificate for all services (iChat, iCal, Mail, Web) or create different ones.
  If you use the same certificate for all services the name of the certificate is diplayed next to "SSL Certificate", if you don't you will see "Custom" instead.
  Addendum:
  1. Do not forget to open port 443 in your router to enable https connections.
  2. Enable SSL in your iCal account settings if you wish.
  Enjoy your server !

  Hi,
  Are you talking about the Mercedes leaderboard ad?  Because that look a lot more complicated than "fade in - fade out" images?
  Anyway... I am looking at the easiest way to create a banner ad with fade in - fade out images that I have created in illustrator.
  This tutorial helped me alot.
  http://www.youtube.com/watch?v=gFw-1D8yaMs&NR=1
  cheers

• Weblogic server 9.2 and SSL server certificate for the wrong site

  I turned on SSL service for a weblogic 9.2 server and later on changed the hostname of the machine that weblogic was running on. So the hostname that my SSL server certificate was issued to has now became an invalid hostname. But my weblogic server continues to run SSL service without any exception. I can still access my web applications thru the SSL port (except of course I get a warning for the server certificate every time that it is for the "wrong site"). My question is this: should weblogic 9.2 verify the hostname in the server certificate and stop SSL service if the certificate is for the wrong site? Or is verifying the certificate strictly the job of the browser? Just want to make sure there is nothing wrong with my SSL configuration. Thanks.

  So you are saying that something is wrong with my weblogic 9.2 ssl configuration? And that given a server certificate issued to a different hostname, my weblogic server should NOT be servicing ssl request and/or it should throw some sort of exception during startup? Thanks for clarifying.

• SSL Server Certificate

  Hi All,
  I am configuring Maintenance Optimizer in SAP Solution Manager 7.1 SP3.
  Is it mandatory to have SSL Server Certificate ?
  And if yes why SSL Server Certificate is needed?
  And if no can i proceed with the Configuration of Maintenance Optimizer?
  Kindly Suggest.
  Thanks
  Ishan

  Hi ishansangai1
  i) Is it mandatory to have SSL Server Certificate ?
  No, you dont required SSL for MOPZ ,
  SSL is different and MOPZ is different
  SSL - is for trusted certificate
  MOPZ- is used to approve support packages to download
  ii) And if no can i proceed with the Configuration of Maintenance Optimizer?
  yes proceed to configuration of MOPZ , find docs in service market place or SDN

• SOAP Receiver with HTTPS(without certificate)

  Hi experts
  Receiver system not using any certificate.  Without certificate How PI can send message through HTTPS using SOAP.
  How to choose HTTPS transport protocol. (Here Target Url have Https://.....)
  Here I am using PI7.1 EHP1.
  I configured Receiver SOAP CC as
  Transport protocol as HTTP
  Taget Url https://api-demo.e-xact.com/transaction
  It will work? if not how to enable Https in SOAP receiver
  but I am getting below error In adapter
  Adapter Framework caught exception: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  Thank you
  Srini

  Hi Srini,
  The main reasons for this error "Peer certificate rejected..." be appearing are the following:
  1. The correct server certificate could not be present in the TrustedCA keystore view of NWA. Please ensure you have done all the steps described in the URL below:
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/EN/ea/c91141e109ef6fe10000000a1550b0/frameset.htm
  2. The server certificate chain contains expired certificate. Check for it (that was the cause for other customers as well) and if it's the case renew it or extend the validation.
  3. Some other customers have reported similar problem and mainly the problem was that the certificate chain was not in correct
  order. Basically the server certificate chain should be in order Own->Intermedite->Root. To explain in detail, if your server certificate is A which is issued by an intermediate CA B and then B's certificate is issued by the C which is the root CA (having a self signed certificate).
  Then your certificate chain contains 3 elements A->B->C. So you need to have the right order of certificate in the chain. If the order is B first followed by A followed by C, then the IAIK library used by PI cannot verify the server as trusted. Please generate the certificate in the right order and then import this certificate in the TrustedCA keystore view and try again. Please take this third steps as the principal one.
  4. If the end point of the SOAP Call(Server) is configured to accept a client certificate(mandatory), then make sure that it is configured correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client authentication)
  As a resource, you may need to create a new SSL Server key.
  The requirement from SAP SSL client side is that the requested site has to have certificate with CN equal to the requested site.  I mean if I request URL X then the CN must be CN=X.
  In other words, the CN of the certificate has to be equal to the URL in the ftp request. This can be the IP address or the full name of the host.
  Request the url with the IP of the SSL Server and the certificate to be with CN = IP of the server.
  In any other case the SSL communication will not work.
  Regards,
  Caio

• Soap RECEIVER adapter ssl config

  we are consuming a web service in sap ECC system via XI using SSL. So I configured receiver soap adapter. Imported the certificate provided by web service provider to J2EE visual admin key store. However I am not able to see my ceritificates popluated in my communication channel selection list.
  Could you please provide steps to configure SSL in receiver soap adapter not for Sender adapter.
  Thanks.
  Bijay

  Okay, so this is a client certificate and not a CA certificate, right?
  In this case, you need to import the client certificate under ICM_SSL_xxx and you can find SSL_Provider if you scroll completly down. You need to import the private key of the client certificate under ICM_SSL_xxx.
  Only CA certificates goes in TrustedCA view. You can create a new view ICM_SSL_xxx or put the certificate under any existing ICM_SSL_xxx view, it doesn't matter.
  Do this step and let me know if it works. Might be, there is no requirement for private key at this point of time. It completely depends how the receiving system will accept and verify the call from PI server.
  Since it's a client certificate, they must be having public and private keys. But this certificate has to be signed by some one like VeriSign and they provide a different key to make it more secured. But anyways, you don't need to go in so much of details right now.
  Follow the steps that I mentioned above and hopefully, it should work.
  Regards,
  Neetesh

• How to Import Self-signed SSL server certificates in Adobe AIR applications

  Hi,
  I am using secure AMF endpoints for remote object communication from AIR client.
  since i am using a self signed SSL certificate on the server, i am getting a certificate warning message on the AIR client, when ever a remote call is done.
  Is there any mechanism to import the server certificate in AIR application..?
  Please provide suggestions.
  Thanks

  I have the same issue along with repeated prompts to accept cert when I am just trying to access the page internally on my network.. Any help here RIM????????

• SOAP Receiver Adapter problem (client certificate required)

  My Scenario is similar to described in https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3721. [original link is broken] [original link is broken] [original link is broken] I have two PI servers running on one machine. I am trying to post message HTTPS with Client authentication via SOAP adapter from one PI system to SOAP adapter of other PI server. I have done the following configuration.
  PI Server AXD - (Client) - Receiver SOAP adapter
  PI Server AXQ - (Server) - Sender SOAP Adapter.
  Steps in AXD
  1. I have created a certificate of AXD in the service_ssl view of key storage.
  2. I have imported the AXQ public certificate in to AXD in the TrustedCAs of Key storage
  Steps in AXQ
  1. I have created a certificate of AXQ in the service_ssl view of key storage.
  2. I have imported the AXD public certificate in to AXQ in the TrustedCAs of Key storage.
  3. I have created a user in AXQ and assigned the certificate of AXD under usermangement in Security provider to this user.
  4. I have added the AXD certificate under Client Authentication tab with require client certificate option checked in the SSL Provider.
  5. I have assigned the user created in AXQ in the step above to the Sender Agreement.
  Now when I post message from AXD with Configure Client Authentication checked (Here I have selected the certificate of AXD and view as service_ssl) I am getting the following error.
  Exception caught by adapter framework: SOAP: response message contains an error XIServer/UNKNOWN/ADAPTER.JAVA_EXCEPTION - java.security.AccessControlException: client certificate required at com.sap.aii.af.mp.soap.ejb.XISOAPAdapterBean.process(XISOAPAdapterBean.java:884) at com.sap.aii.af.mp.module.ModuleLocalLocalObjectImpl0_3
  Any pointer to solve this problem is highly appreciated.
  Thanks
  Abinash

  Hi Hemant,
  I have couple of questions. Why do we need to import certificate for SOAP WS-Security and from where I can get it?
  As far as my scenario goes I am not using message level security.
  Secondly what do you mean by TRUSTED/WebServiceSecurity? I don't see any such view inside the Key Storage.  I can see a view named just WebServiceSecuity though.
  Also I don't have a decentralized adapter installation rather I have two separate PI instances having their own central adapter engine.
  Abinash

• Soap request over ssl: certificate_unknown

  Hello everybody, I'm trying to call a webservice over an axis soap petition, it runs perfectly but it fails when I try to do the same over https, this is what I have done .
  First of all, I created a keystore with the certicicate provided by the webservice provider and the certificate ofthe CA (with -truscacerts ...), then I put the following lines on my code:
  System.setProperty("javax.net.ssl.trustStore", "MIB.keystore");
  System.setProperty("javax.net.ssl.keyStore", "MIB.keystore");
  System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
          java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
          System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
          System.setProperty("javax.net.ssl.trustStorePassword", "changeit");I got an SSLHandshakeException so I enabled all the debug lines, I don't understand what means everything in the log, so I hope anybody here can help me to understand it.
  It looks that it founds the certificates on the keystore but then it's not a trusted one, in the other hand when I try to acces to the service URL by a web browser, appears a dialog about security certificates, and then after pressing OK I can see the XML schema of the webservice.
  I put here a part of the log :
  2005-06-13 14:27:28,636 DEBUG org.apache.axis.i18n.ProjectResourceBundle  (ProjectResourceBundle.java:111) - org.apache.axis.i18n.resource::handleGetObject(enter00)
  2005-06-13 14:27:28,636 DEBUG org.apache.axis.transport.http.HTTPSender  (HTTPSender.java:103) - Enter:  HTTPSender::invoke
  keyStore is : MIB.keystore
  keyStore type is : jks
  init keystore
  init keymanager of type SunX509
  trustStore is: MIB.keystore
  trustStore type is : jks
  init truststore
  (my certs appears here as trusted certs)
  init context
  trigger seeding of SecureRandom
  done seeding SecureRandom
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie:  GMT: 1101888176 bytes = { 31, 177, 136, 125, 1, 123, 196, 9, 23, 166, 247, 114, 51, 130, 201, 150, 247, 201, 32, 9, 115, 104, 162, 93, 173, 33, 151, 42 }
  Session ID:  {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods:  { 0 }
  [write] MD5 and SHA1 hashes:  len = 73
  0000: 01 00 00 45 03 01 42 AD   7B B0 1F B1 88 7D 01 7B  ...E..B.........
  0010: C4 09 17 A6 F7 72 33 82   C9 96 F7 C9 20 09 73 68  .....r3..... .sh
  0020: A2 5D AD 21 97 2A 00 00   1E 00 04 00 05 00 2F 00  .].!.*......../.
  0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2.............
  0040: 03 00 08 00 14 00 11 01   00                       .........
  Thread-2, WRITE: TLSv1 Handshake, length = 73
  [write] MD5 and SHA1 hashes:  len = 98
  0000: 01 03 01 00 39 00 00 00   20 00 00 04 01 00 80 00  ....9... .......
  0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2.....
  0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@...
  0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................
  0040: 00 11 42 AD 7B B0 1F B1   88 7D 01 7B C4 09 17 A6  ..B.............
  0050: F7 72 33 82 C9 96 F7 C9   20 09 73 68 A2 5D AD 21  .r3..... .sh.].!
  0060: 97 2A                                              .*
  Thread-2, WRITE: SSLv2 client hello message, length = 98
  Thread-2, READ: TLSv1 Handshake, length = 762
  *** ServerHello, TLSv1
  RandomCookie:  GMT: 1101888564 bytes = { 255, 172, 207, 216, 41, 56, 251, 149, 241, 233, 23, 102, 238, 172, 120, 153, 109, 98, 211, 247, 133, 251, 203, 3, 19, 38, 121, 52 }
  Session ID:  {66, 173, 124, 52, 243, 42, 10, 40, 114, 249, 55, 203, 186, 233, 91, 175, 97, 179, 131, 231, 250, 176, 233, 172, 157, 52, 225, 54, 176, 89, 194, 248}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  [read] MD5 and SHA1 hashes:  len = 74
  0000: 02 00 00 46 03 01 42 AD   7C 34 FF AC CF D8 29 38  ...F..B..4....)8
  0010: FB 95 F1 E9 17 66 EE AC   78 99 6D 62 D3 F7 85 FB  .....f..x.mb....
  0020: CB 03 13 26 79 34 20 42   AD 7C 34 F3 2A 0A 28 72  ...&y4 B..4.*.(r
  0030: F9 37 CB BA E9 5B AF 61   B3 83 E7 FA B0 E9 AC 9D  .7...[.a........
  0040: 34 E1 36 B0 59 C2 F8 00   04 00                    4.6.Y.....
  *** Certificate chain
  chain [0] = [
    Version: V1
    Subject: ....
  (omitted for privacity reasons)
    Algorithm: [MD5withRSA]
    Signature:
  0000: 3B 02 E6 29 01 88 AA B9   4F 81 D0 91 A0 0B 39 F1  ;..)....O.....9.
  0010: 4B A7 D1 65 0F 6B 8A E5   08 AC 48 04 F4 8F 60 3A  K..e.k....H...`:
  0020: ED E5 73 59 D4 04 AA A2   22 F4 44 33 B5 7A FE AE  ..sY....".D3.z..
  0030: 2B B1 46 0F 12 58 ED 18   2B 3E B5 54 9C AE CA 50  +.F..X..+>.T...P
  0040: 37 94 D2 DB C8 37 85 96   14 42 67 F5 99 CC 19 7C  7....7...Bg.....
  0050: A6 6C 11 1F 64 5E 31 FE   6D 80 FC C9 A3 38 00 74  .l..d^1.m....8.t
  0060: 14 2C DE F9 FB A3 C1 5D   E6 F2 53 83 8B 6C 7F AF  .,.....]..S..l..
  0070: CC 53 71 66 EA C5 CB B7   C3 3E D8 69 83 91 4E 44  .Sqf.....>.i..ND
  Thread-2, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
  Thread-2, WRITE: TLSv1 Alert, length = 2
  Thread-2, called closeSocket()
  Thread-2, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
  2005-06-13 14:27:29,011 DEBUG org.apache.axis.transport.http.HTTPSender  (HTTPSender.java:130) - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate foundSorry for the message length, but I thought it was necessary.
  Thank you

  Got it,
  SAP Note : 791655
  HTTPS/SSL Properties
  Property Name = [default]
  messaging.ssl.httpsHandler=iaik.protocol.https.Handler
  messaging.ssl.securityProvider=iaik.security.provider.IAIK
  messaging.ssl.trustedCACerts.viewName=TrustedCAs
  messaging.ssl.serverNameCheck=false
  Description:
  The properties "httpsHandler" and "securityProvider" specify the class names of the HTTPS handler and Security provider used. The AF only supports IAIK. Never change these values! To activate HTTP/SSL, you must install the IAIK libraries on your J2EE Engine as described in the Installation Guide.
  The property "trustedCACerts.viewName" defines which J2EE keystore is used during the SSL Handshake for trusted CA certificates. You should never change this value either. With "serverNameCheck" you can specify whether the host name in outbound HTTPS requests should be checked against the host name in the certificate of the server.
  Regards,
  Bhavesh

• ** SOAP - Receiver CC - Sync - Error - certificate rejected by ChainVerifie

  Hi Friends,
  In our interface BPM - SOAP call (Sync), in the receiver SOAP CC, we are getting the below error. 
  SOAP: call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
  In the SOAP CC, we use HTTP protocol.  In the target URL, it starts with https://...... and soapAction is mentioned.
  Previously, this channel was working fine. No issues.
  For testing, I copied and pasted the target URL in Internet Explorere, it did not ask any certificate, I am able to execute the wsdl. i.e call the soapAction - sent the request and got the response.
  Friends, could you tell me why the above error is coming now ?
  Kind regards,
  Jegathees P.

  Hi,
  https service is running?
  Check: SMICM -> Services
  Also check  with the named SAP note inside.
  Cheers,
  André
  Edited by: André Schillack on Apr 28, 2010 5:37 PM

• Do you have to request a SSL server certificate using the iPlanet Java console?

  I have an SSL certificate that was signed by a CA. The original certificate
  request was made external to the iPlanet Directory server. I believe it was
  made using OpenSSL. Is there a way that I can take this signed certificate
  along with the private key (base64 encoded) and install it for use with
  iPlanet Directory server?
  Or, do I have to make the certificate request directly through the iPlanet
  Java Console application?
  Jon

  pls refer this site to enter your host name and your details they will provide free certificates for directory server and web server in 60 days trial.select Netscape commerce server its under dircetory server.
  http://freecerts.entrust.com
  once you get encripted code from CA then installing into your directory server.

• Using SSL in SOAP Receiver Adapter

  Hello,
  We need to execute a web service that requires using SSL connection. We have done following:
  1. Deployed SAP Java Cryptographic Toolkit
  2. Uploadted the Server certificates chain(Root, Intermediate, and the Server certficate itself)  in TrustedCAs view
  But I can't see the certificate from the Communication Channel screen.
  Could anybody who has done this before please let us know if we are missing anything. I appreciate if anybody can tell us the trouble points/pit falls in this process.
  Any help is greately appreciated.
  Regards
  Venu

  Hi,
  You need to setup SSL layer for HTTPS endpoint.
  Possible HTTP security levels are (in ascending order):
  HTTP without SSL
  HTTP with SSL (= HTTPS), but without client authentication
  HTTP with SSL (= HTTPS) and with client authentication
  HTTPS comes in two flavors, both ensuring the confidentiality of data sent over the network
  Please go through below link for referance (above information is from below link)
  SAP Network Blog: How to use Client Authentication with SOAP Adapter
  /people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter
  SSL useage
  Step by step guide for SSL security
  step by step guide to implement SSL
  http://help.sap.com/saphelp_nw04/helpdata/en/14/ef2940cbf2195de10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/ff/7932e4e9c51c4fa596c69e21151c7d/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/13/4a3ad42ae78e4ca256861e078b4160/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/3a/7cddde33ff05cae10000000a128c20/content.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/0a/0a2e0fef6211d3a6510000e835363f/content.htm
  General guide
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/a09f3d8e-d478-2910-9eb8-caa6516dd7d9
  Message level security
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Regarding message level you can encrypt the message using certificates.
  For both of this basis team has to deploy the releavant certificates in XI ABAP Stack or Java stack.
  Generally if the scenarios are intra company we dont use any transport level or message level security since the network is already secured.
  Check the following links.. you will get the information all about the securities...
  http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/content.htm
  Also read thru this link for message level security - https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/d024ca8e-e76e-2910-c183-8ea4ba681c51
  Also find soeminformation in these links
  http://help.sap.com/saphelp_nw2004s/helpdata/en/a8/882a40ce93185de10000000a1550b0/frameset.htm
  /people/aparna.chaganti2/blog/2007/01/23/how-xml-encryption-can-be-done-using-web-services-security-in-sap-netweaver-xi
  Thanks
  Swarup
  Edited by: Swarup Sawant on Apr 9, 2008 7:42 PM

• Connecting to a remote OpenLDAP server over SSL.

  I've been trying for several weeks now to get a remote OpenLDAP server up and running; configured in such a way that it only allows SSL and requires certificate validation.
  I've created a CA with a self-signed certificate.
  I used that CA to create a server and client certificate.
  The server certificate is in /etc/ssl/certs, has a link by the name of its hash.0 pointing to it; permissions are all correct and /etc/ssl/slapd.conf point to it and the CA certificate.
  The client certificate is on my MacBook Pro in /etc/ssl/certs along with the CA certificate; each of which also has its hash linked to it. /etc/ssl/ldap.conf is set up properly, the permissions are correct, and the following test command ran as my user produces a successful result:
  ldapsearch -v -x -H ldaps://ldap.foo.org -b "dc=foo,dc=org" -d -1
  Now the problem part. I open Directory Utility; go to Services with Advanced Settings enabled. After unlocking it, I click the LDAPv3 and the pencil icon.
  I hit New... in the window that pops up and use ldap.foo.org as servername, SSL box ticked. I hit Continue, and behold; nothing happens.
  It is to say; Directory Utility hangs for a while; after which it goes back to the box I clicked Continue in without any error or warning popping up; but obviously hasn't advanced.
  The server logs indicate my Mac had actually connected; received the server certificate; but didn't send a client certificate at which point the TLS connection got aborted for some reason and the session ended.
  My Mac Console shows something even more bizare, though:
  11/09/08 23:09:22 com.apple.DirectoryServices[97123] Assertion failed: (ld != NULL), function ldapsearchext, file search.c, line 76.
  My suspicion is that Directory Utility can't verify the server certificate and aborts the TLS connection. I expect it also uses /etc/openldap/ldap.conf? How can I diagnose the root of this problem?
  Thanks a lot for your assistance; I just can't figure this out and any hint or pointer would be greatly appreciated. It now just looks like OSX does not support a secure LDAP over SSL configuration.
  Though it currently isn't set up to be that way, I'd like to have my client also provide a certificate (CN=lhunath.foo.org) and have the server validate that. For now I've got the server set to:
  TLSVerifyClient never
  (And of course, the client:)
  TLS_REQCERT demand
  Message was edited by: lhunath

  By the way; about the assertion error I get in Console; here's the relevant source of ldap.c. Looks like ld is not set; probably something going wrong before that with setting up the TLS connection, perhaps? Or not?
  * ldapsearchext - initiate an ldap search operation.
  * Parameters:
  * ld LDAP descriptor
  int
  ldapsearchext(
  LDAP *ld,
  assert( ld != NULL );

• SSL in Soap receiver communication channel

  Hi,
  I have a webservices that works fine in Soap UI. The webservice provider uses the SSL, but works like a web browser, doesn´t need to install a certificate before access the webservice.
  But when i try to use SAP PI using the soap receiver communication channel, the soap adater return the follow message:
  "Peer certificate rejected by ChainVerifier"
  I read some thing about using axis to solve this problem but I can´t find anything to configure this scenario.
  If someone had this problem and solved it, i will apreciate the help.
  Thanks
  Fabricio

  I Have 2 communication channel:
  1) This works fine
  Adapter Type: SOAP
  Receiver
  Transport Protocol: HTTP
  Message Protocol: SOAP 1.1
  Adapter Engine: Integration Server
  Target URL: https://gw-homologa.serasa.com.br/wsacheixml/wsacheixml.asmx
  SOAP Action: https://sitenet05.serasa.com.br/WSAcheiXML/WSAcheiXML/ConsultaAchei
  2) This doesn´t work
  Adapter Type: SOAP
  Receiver
  Transport Protocol: HTTP
  Message Protocol: SOAP 1.1
  Adapter Engine: Integration Server
  Authentication: Basic
  User/Password
  Target URL: https://treina.spc.org.br/spc/remoting/ws/consulta/consultaWebService
  SOAP Action: blank
  Both are https and the certificate is sent at communication time (There isn´t a certificate to install in the Key Store in Visual Administrator)
  I read that Axis manage this kind of integration with webservices, because the certificate must be installed at the moment of sending http request.
  I don´t know why the first interface works fine an the another doesn´t work, then I´m trying with Axis.
  In the SOAP UI both interfaces work fine.
  Thanks

• SOAP RECEIVER SSL Problems

  Dear Community,
     I have configured a SOAP Receiver to an external web service (https://server:7002/service). I have use IE to get the certificate of the server and have imported it into the keystore of the j2ee (using VA). I have imported it to the all current views available. We have SAP PI 7.0 SP18. The problem is that the SSL handshaking is not performed correctly. I have placed a tcp gateway monitor tool to see the messages pass through. As soon as the first message is send to the above URL and a response is received, I get a XIAdapter/HTTP/ADAPTER.HTTP_EXCEPTION - HTTP 500 Internal Server Error. Also, in the default trace log I get a no private key found.... Do I need extra steps to configure SSL in the SOAP Receiver? The service does not required a Client authentication certificate and has a certificate with  o CA root certificate (since this is only a test system and has issued its own certificate). Any ideas? Any help will be appreciated.
  Regards,
  S.Socratous

  Hello,
  Generally it's a connectivity behaviour. Check if you have setup the connection to
  the receiver and also check the explanation regarding 500 Internal Server Errors:
  *Description: The server encountered an unexpected condition which prevented it from fulfilling the request.
  Possible Tips: Have a look into SAP Notes u2013 804124, 807000*
  It may be also a problem with the SSL certificate. So, check if it's not expired;
  The correct server certificate may be not present in the TrustedCA keystore view of NWA .
  Please ensure you have done all the steps described in these url (this is for 7.11):
  Security Configuration at Message Level
  http://help.sap.com/saphelp_nwpi711/helpdata/en/48/d1c7e690d75430e100000
  00a42189b/frameset.htm
  You may have not imported the certificate chain in the correct order (Own -> Intermediate -> Root);
  Last, if the end point of the SOAP Call(Server) is configured to accept
  a client certificate(mandatory), then make sure that it is configured
  correctly in the SOAP channel and it is also within validity period.
  (This certificate is the one which is sent to Server for Client
  authentication)
  Hope that helps.
  With regards,
  Caio Cagnani