Question:
(also posted to SAP Portals)
Hi.
We are running SAP Business Connector 3.5.2 with SAP 3.1i.
One of our customers just sent us new ssl certificates to replace the expiring ones.
We imported the certificates into the BC (Access --> Client Certificates).
Now our customer is receiving the error "bad certificate" when he tries the test url.
"com.wm.app.b2b.server.ServiceException: java.io.IOException:iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: bad certificte"
Any ideas what else we can (should) do?
Thanks
Answer:
Make sure you install both your partners certificate, and the certificate of the signing authority (eg verisign). It need to verify every step in the chain before the cert is accepted. SAP BC is not clever enough to extract the whole chain out of the one cert, so you need to manually extract the signing authority cert from the DER/CER file and load it separately.
Also, see the WMUSERS forum for more info (http://www.wmusers.com/) This is for webmethods, but all the issues are the same as with Business Connector.
Answer:
Thanks Matt.
We did receive the CA file (cacert.der) from the customer, but I did extract manually just to be on the safe side.
We finally ended up rebooting the server. I also asked the customer to clear out any cache/reboot on his side. The reboot seemed to work. Not supposed to be required, but worth noting.
Also, thanks for the WMUSERS forum... very useful.
Answer:
Hi,
Yes, I forgot to mention that you need to restart SAP Bus conn after installing certs for them to take effect. So much for high availability!