![]() The Root CA certificate is displayed in another window and normally this is a self-signed certificate by the CA itself. Click View Certificate to view the CA’s certificate. The example shown below is using Google Chrome where we can view the certificate information by clicking on the padlock icon on the browser.Īfter the certificate is displayed, switch to the Certification Path tab, select the top most entry of the path as it represents the Root CA. This can be done by entering the HTTPS URL into a web browser and viewing the certificate details. In order to establish the SSL trust with the server, we need to retrieve the Root CA’s certificate and import it into NWA’s keystore.įirst of all, we need to retrieve the certificate. Step 4 – Retrieve the server’s Root CA certificate It means that there is no corresponding certificate for the CA in the TrustedCAs view in NWA’s keystore. The analysis shows that none of the certificates has a CA (Certificate Authority) that is trusted. In the Performed Checks > Is Remote SSL Server Certificate Trusted section, more details of the certificate and the chain are shown. In the example below, it shows that the chain verification failed because no trusted certificate was found. Under section Performed Checks > Verify Remote SSL Server Certificate, the SSL debug logs are shown. Once the scenario is completed, click Stop.Īfter XPI Inspector has gathered all the logs, it will present a results page. Once everything is ready for testing, click the Start button and then trigger the scenario for the iFlow/ICO in step 1. Populate the SSL Server URL and any proxy server if necessary. Select Example 11 for Authentication, SSL & PP. XPI Inspector can be accessed from the following URL of the PI system Step 2 – Launch XPI Inspector and start test Ensure that the iFlow/ICO is configured correctly and activated. Populate SCN’s URL into the SOAP receiver channel’s setting. For simplicity sake, we will use SCN as the target system (even though it is not a SOAP web server!). In this example, we will use a SOAP receiver channel with an HTTPS target URL. Michal’s PI tips: XPI inspector – help OSS and yourself To install and use it, please refer to the following SAP Note:-ġ514898 – XPI Inspector for troubleshooting XIįor more details about XPI Inspector, refer to the following blog:. XPI Inspector does not come pre-installed in the PI system. In this blog I will share an example of an SSL related error and how to utilize XPI Inspector to troubleshoot and resolve the issue. SAP’s troubleshooting tool, XPI Inspector is one of the most useful tool to troubleshoot SSL connections. : : PKIX path building failed: .SunCertPathBuilderException: unable to find valid certification path to requested target SOAP: Call failed: : Peer sent alert: Alert Fatal: handshake failure SOAP: Call failed: : Peer certificate rejected by ChainVerifier Below are some of the common errors that could occur when trying to establish an outbound SSL connection from PI. There have been quite a number of threads opened on SCN recently regarding SSL related errors. HTTPS (HTTP over SSL) connections are sometimes a bit tricky to establish. Added link to second part of the blog series on client authentication. Update : Added additional step to restart channel to refresh the cached certificate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |