cancel
Showing results for 
Search instead for 
Did you mean: 

javax.net.ssl.SSLException

Former Member
0 Kudos

Hi Guys,

I am testing soap-soap scenario and i have imported the target system certificate in Trusted CA's. I am getting the following error.

com.sap.engine.interfaces.messaging.api.exception.MessagingException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

any help would be appreciated

Thanks,

Srini

Edited by: srinivas kapu on Oct 9, 2008 3:15 PM

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
0 Kudos

Please see the above mentioned SAP note for the solution

hemant_chahal
Contributor
0 Kudos

Thanks for the info !!

hemant

ravi_raman2
Active Contributor
0 Kudos

Did applying that fix solve the issue..?

Regards

Ravi Raman

Former Member
0 Kudos

Hi Ravi,

we have not tested yet. we are facing lot of memory issues so we are upgrading the machine and later we will test. I will update the thread with the results.

Thanks,

Srini

hemant_chahal
Contributor
0 Kudos

Hi,

Check the system path in evironment variable, whther its directing to the correct directories.i.e. environment variable to point to the location of ticket and PSE files.

Also check whether you have installed SAP Cryptographic Library into SAP Web AS.

Former Member
0 Kudos

Hi Hemanth,

This is the bug in the new version of PI 7.1. please see the info below for details

Note 1251283 - SOAP (Axis) adapter may fail to establish SSL connections

Note Language: English Version: 1 Validity: Valid from 15.09.2008

Summary

Symptom

The SOAP (Axis) adapter may fail to establish an SSL connection. This

problem can be observed when such connection errors are reported as:

javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target

javax.net.ssl.SSLHandshakeException:

sun.security.validator.ValidatorException: PKIX path building failed:

sun.security.provider.certpath.SunCertPathBuilderException: unable to find

valid certification path to requested target

This problem is only relevant for 71x code lines.

Weitere Begriffe

Adapter Framework, SOAP, Axis, SSL

Ursache und Voraussetzungen

Program error.

The SOAP (Axis) adapter uses a class loader dependent SSL factory. There

was a problem in this mechanism that caused the adapter to pick the wrong

SSL factory in some cases.

This problem has been fixed with this patch.

Lösung

Please apply the corresponding patch listed below.

XI 7.10 SP06

XI ADAPTER FRAMEWORK 7.10

Support Package 06, Patch Level X(SAPXIAF06P_8.SCA)

XI 7.10 SP07

XI ADAPTER FRAMEWORK 7.10

Support Package 07, Patch Level X(SAPXIAF07P_X.SCA)

XI 7.11 SP01

XI ADAPTER FRAMEWORK 7.11

Support Package 01, Patch Level 0(SAPXIAF01P_0.SCA)

Thanks,

Srini

Former Member
0 Kudos

Hi

Check in Visual admin

The SSL certificate is not installed properly. it is not able to initiate the connection

Thanks

Gaurav

Former Member
0 Kudos

Hi Gaurav,

Thanks for the quick reply.

I am in PI 7.1 and i have imported to Trusted CA's list. I will reimport the certificate and test again.

Thanks,

Srini

Former Member
0 Kudos

Hi Gaurav,

I have imported even the CA certificates but still i am getting the same error.

any help would be appreciated.

Thanks,

Srini

Former Member
0 Kudos

hi,

this indicates:

Indicates that the client and server could not negotiate the desired level of security. The connection is no longer usable.

check this link:

Indicates that the client and server could not negotiate the desired level of security. The connection is no longer usable.

try to fix from that point of view.

regards.

Former Member
0 Kudos

Hi

Did you checked with the Java version??

Is any system in your landscape is using the certificate and able to connect. if not then even check with Firewall settings.

Thanks

Gaurav

Former Member
0 Kudos

Hi Gaurav,

I have checked the java version in PI 7.1 system and it is jre1.5.0_05. The same connection works fine from PI 7.0 system with out the server certificate in the Trusted CA's.

Do i need to install IAIK libraries ? I have checked for these and they already exist in the system.

Thanks,

Srini