SAP Knowledge Base Article - Preview

1992392 - SSLException due to name mismatch in File Adapter

Symptom

You have a File Sender/Receiver communication channel configured with an FTP transport protocol using SSL/TLS (FTPS).
The channel fails with the following error in the Communication Channel Monitoring:

Case1:

Error occurred while connecting to the FTP server "XXX": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier

If you colllect an XPI Inspector trace with Example 50 (XI Channel), according to SAP note #1514898 - "XPI Inspector for troubleshooting XI", you will see entries like the following:

ssl_debug(12): Received certificate handshake message with server certificate.
ssl_debug(12): Server sent a 2048 bit RSA certificate, chain has 2 elements.
ssl_debug(12): ChainVerifier: name mismatch: ABC != XYZ
ssl_debug(12): Sending alert: Alert Fatal: bad certificate
ssl_debug(12): Shutting down SSL layer...
ssl_debug(12): SSLException while handshaking: Peer certificate rejected by ChainVerifier

XYZ is the host name of FTP serverABC is the Common Name (CN) field of the server certificate.

Case2:

In the following specific case, you will not see the above error, but only :

"Data connection TLS warning: SSL3 alert read: fatal: bad certificate"

Same solution will work for this only in case you have configured the Sender/Receiver File communication channel with passive mode. In the XPI Inspector trace you can see steps:

-Sending command 'PASV'
-with (227 Entering Passive Mode (IPaddress), 227)
-ftp server returns reply '227 Entering Passive Mode (IPaddress)'


Read more...

Environment

  • PI Release Independent
  • SAP NetWeaver
  • SAP Process Integration

Product

SAP Process Integration all versions

Keywords

PI, PO, FTP, FTPS, SSL, Process Integration, Process Orchestration, bad_certificate, bad, certificate, mismatch, process integration, process orchestration, file adapter, server, Peer certificate rejected by ChainVerifier, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, strictHostnameChecking, Passive Mode, Sending command 'PASV', PASV , KBA , BC-XI-CON-FIL , File Adapter , BC-XI-CON , Connectivity , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.