cancel
Showing results for 
Search instead for 
Did you mean: 

Error calling external web service over HTTPS

Former Member
0 Kudos

Hi everyone

I'm trying to call an external web service over HTTPS, and continually get the following error:

com.sap.engine.services.webservices.espbase.wsdl.exceptions.WSDLException: Peer sent alert: Alert Fatal: handshake failure

I haven't tried doing this before, so not quite sure where to start. I have a client certificate that must be used to access the remote web service, and I think the problem is associating the client cert with the web service call.

Has anyone else tried this before? Any suggestions of where to look?

I've had a brief look at Key Storage in NWA, but it's not something I'm familiar with - so not sure if it's even the right place to be looking.

Some help on this would be great!

Thanks

Stuart

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi,

Can you deploy the tool which can be found in [SAP NOTE 1045019|https://service.sap.com/sap/support/notes/1045019], adding the following tracing locations in addition to the ws_security template:

"com.sap.security.core.server.https" and "com.sap.engine.services.webservices.jaxm.soap" and all of their successors.

Then press Start, reproduce the problem, press stop and attach the resulting zip file containing the traces. Currently all I can understand by this is that there is some problem establishing HTTPS connection - probably client certificate is not trusted or some cipher suite problem.

Best Regards,

Aleksandar

Former Member
0 Kudos

Thanks Aleksandar

Here's the output from the trace. Unfortunately the SAP forums don't allow attachments, so it may be difficult to read. Please let me know if you see anything that may help.

Thanks

Stuart

Time Severity User Thread Location Message

09:18:23:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:23:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@fa1b67

09:18:24:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:24:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@4c8af

09:18:24:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:24:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@b6981b

09:18:25:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:25:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1133227

09:18:25:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:25:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@12d4229

09:18:26:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:26:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@117ae38

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider [com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider] 'nonProxyHosts' are configured '10.|127.|192.168.*'.

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider [com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider] 'nonProxyHosts' default value is '10.|127.|192.168.*'.

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider Loadin mapping file from location :[c:/mapping.txt]

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider Additional file for CTS configuration can not be found [c:\mapping.txt (The system cannot find the file specified)].

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider >>>>>>>>> ERROR: Could not find mapping for service QName=vipSoapInterfaceService, class=class com.verisign._2006._08.vipservice.VipSoapInterfaceService

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider: Creating client instance with WSDL URL [https://pilot-vipservices-auth.verisign.com:443/prov/soap/val/soap] (vipSoapInterfaceService) <com.verisign._2006._08.vipservice.VipSoapInterfaceService>

09:18:26:203 Debug Administrator HTTP Worker [0] ~es.espbase.client.jaxws.cts.CTSProvider com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider: Using SAP JAX-WS Implemetation to create service delegate.

09:18:26:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:26:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@5586b0

09:18:26:687 Path Administrator HTTP Worker [0] ~s.espbase.wsdl.exceptions.WSDLException Exception : Peer sent alert: Alert Fatal: handshake failure

java.lang.Exception

at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1230)

at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:147)

at com.sap.exception.BaseException.<init>(BaseException.java:89)

at com.sap.engine.services.webservices.espbase.wsdl.exceptions.WSDLException.<init>(WSDLException.java:34)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.loadDOMDocument(WSDLLoader.java:140)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:91)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:80)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.loadWSDLDefinitions(SAPServiceDelegate.java:201)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.initWSDL(SAPServiceDelegate.java:159)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.<init>(SAPServiceDelegate.java:113)

at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createDelegate(CTSProvider.java:170)

at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createServiceDelegate(CTSProvider.java:151)

at javax.xml.ws.Service.<init>(Service.java:57)

at com.verisign._2006._08.vipservice.VipSoapInterfaceService.<init>(VipSoapInterfaceService.java:41)

at JEE_jsp_result_6740550_1225116575421_1225116585468._jspService(JEE_jsp_result_6740550_1225116575421_1225116585468.java:64)

at com.sap.engine.services.servlets_jsp.lib.jspruntime.JspBase.service(JspBase.java:102)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)

at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:433)

at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:240)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:32)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:431)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:289)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:376)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:85)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:160)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:67)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:309)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.run(Processor.java:222)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:152)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:247)

Caused by: org.w3c.www.protocol.http.HttpException: Peer sent alert: Alert Fatal: handshake failure

iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure

at iaik.security.ssl.r.f(Unknown Source)

at iaik.security.ssl.x.b(Unknown Source)

at iaik.security.ssl.x.a(Unknown Source)

at iaik.security.ssl.r.d(Unknown Source)

at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)

at iaik.security.ssl.SSLTransport.getOutputStream(Unknown Source)

at iaik.security.ssl.SSLSocket.getOutputStream(Unknown Source)

at org.w3c.www.protocol.http.g.markUsed(Unknown Source)

at org.w3c.www.protocol.http.HttpBasicServer.getConnection(Unknown Source)

at org.w3c.www.protocol.http.HttpBasicServer.runRequest(Unknown Source)

at org.w3c.www.protocol.http.HttpManager.runRequest(Unknown Source)

at org.w3c.www.protocol.http.HttpURLConnection.connect(Unknown Source)

at org.w3c.www.protocol.http.HttpURLConnection.a(Unknown Source)

at org.w3c.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at java.net.URL.openStream(URL.java:1007)

at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:201)

at com.sap.engine.lib.xml.parser.AbstractXMLParser.parse(AbstractXMLParser.java:263)

at com.sap.engine.lib.xml.parser.Parser.parse_DTDValidation(Parser.java:282)

at com.sap.engine.lib.xml.parser.Parser.parse(Parser.java:293)

at com.sap.engine.lib.xml.parser.DOMParser.parse(DOMParser.java:101)

at com.sap.engine.lib.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:127)

at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:146)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.loadDOMDocument(WSDLLoader.java:132)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:91)

at com.sap.engine.services.webservices.espbase.wsdl.WSDLLoader.load(WSDLLoader.java:80)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.loadWSDLDefinitions(SAPServiceDelegate.java:201)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.initWSDL(SAPServiceDelegate.java:159)

at com.sap.engine.services.webservices.espbase.client.jaxws.core.SAPServiceDelegate.<init>(SAPServiceDelegate.java:113)

at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createDelegate(CTSProvider.java:170)

at com.sap.engine.services.webservices.espbase.client.jaxws.cts.CTSProvider.createServiceDelegate(CTSProvider.java:151)

at javax.xml.ws.Service.<init>(Service.java:57)

at com.verisign._2006._08.vipservice.VipSoapInterfaceService.<init>(VipSoapInterfaceService.java:41)

at JEE_jsp_result_6740550_1225116575421_1225116585468._jspService(JEE_jsp_result_6740550_1225116575421_1225116585468.java:64)

at com.sap.engine.services.servlets_jsp.lib.jspruntime.JspBase.service(JspBase.java:102)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)

at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:433)

at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:240)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:66)

at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:32)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:431)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:289)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:376)

at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:85)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:160)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:67)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)

at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)

at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)

at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:71)

at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:309)

at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.run(Processor.java:222)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:152)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:247)

09:18:27:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:27:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@20ba3c

09:18:27:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:27:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@12e6a08

09:18:28:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:28:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@26e3bf

09:18:28:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:28:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1c5310d

09:18:29:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:29:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@f827f6

09:18:29:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:29:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@a8646a

09:18:30:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:30:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@175b961

09:18:30:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:30:687 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@c449f1

09:18:31:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out About to get connection from DS

09:18:31:187 Info caf_gp_svcuser Thread[Timer-8,5,ApplicationThreadGroup] System.out DS connection=com.sap.engine.services.dbpool.cci.CommonConnectionHandle@1feeea8

09:18:31:593 Info Administrator HTTP Worker [3] System.out SessionImpl::getContext():[ B E G I N ].timerId=15

09:18:31:593 Info Administrator HTTP Worker [3] System.out SessionImpl::getContext():[ E N D ].timerId=[id:#15, elapsed: 0 ms.]

Former Member
0 Kudos

Ok, I've made some progress in another area I think.

I've added the client certificate to a new KeyStore view in NWA, and have created a Destination that uses the client certificate for authentication - which is all working well.

Now, if I can use the Destination with a Web Service Proxy then I'm sure it'll work fine. Does anyone know of an example of how to do this?

I've been trying to generate a web service client within NWDS, but there's a bug that's preventing me from doing this. I've logged that as a message with SAP, but have had no response at all in 4 days. Not very impressed on that front.

Will update this thread if I find the solution. In the meantime, any help would be greatly appreciated!

Former Member
0 Kudos

Managed to sort this issue out by configuring the web service proxy in SOA Management in NWA.

Still having some problems, but the issue related to this thread has been resolved.

Former Member
0 Kudos

Hi Stuart,

I 'm quite new to Netweaver and am trying to get past a very similar issue. I have an independent Tomcat Java web server across the local network that hosts a web service secured via SSL (configured for one-way handshake i.e, no client auth). The WS consumer proxy executes on Netweaver AS Java. I have generated the web services client stub (deployable proxy contained in a dynamic web project wrapped and deployed as a EAR) using NWDS tooling (Web Services generator client wizard using JAX-WS).

I have used @WebServiceRef at the point of consumption of the proxy so that the automatic JNDI binding happens and the consumer proxy is visible via the SOA-->Single Service Administration-->Consumer Proxy listing. The client consumer proxy is visible and gets listed as expected.

Here is problem / specific concerns where I need inputs -

* The Web services consumer proxy port security configuration lists only a subset of NWA Keystore views. Where is the rationale here? Why are the other keystore views not visible? Where should I import the trust certificate for the consumer proxy to look up and how to configure it. I have tried importing the trust certs in all of these listed views but it does not like it. The handshake happens and the web service call executes only when I toggle the security config to not to check for server certs.

Appreciate if you could shed some light on this.

Answers (0)