Symptom
You have a File Sender/Receiver communication channel configured with an FTP transport protocol using SSL/TLS (FTPS).
The channel fails with the following error in the Communication Channel Monitoring:
Case1:
Error occurred while connecting to the FTP server "XXX": iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
If you colllect an XPI Inspector trace with Example 50 (XI Channel), according to SAP note #1514898 - "XPI Inspector for troubleshooting XI", you will see entries like the following:
ssl_debug(12): Received certificate handshake message with server certificate.
ssl_debug(12): Server sent a 2048 bit RSA certificate, chain has 2 elements.
ssl_debug(12): ChainVerifier: name mismatch: ABC != XYZ
ssl_debug(12): Sending alert: Alert Fatal: bad certificate
ssl_debug(12): Shutting down SSL layer...
ssl_debug(12): SSLException while handshaking: Peer certificate rejected by ChainVerifier
XYZ is the host name of FTP server. ABC is the Common Name (CN) field of the server certificate.
Case2:
In the following specific case, you will not see the above error, but only :
"Data connection TLS warning: SSL3 alert read: fatal: bad certificate"
Same solution will work for this only in case you have configured the Sender/Receiver File communication channel with passive mode. In the XPI Inspector trace you can see steps:
-Sending command 'PASV'
-with (227 Entering Passive Mode (IPaddress), 227)
-ftp server returns reply '227 Entering Passive Mode (IPaddress)'
Read more...
Environment
- PI Release Independent
- SAP NetWeaver
- SAP Process Integration
Product
Keywords
PI, PO, FTP, FTPS, SSL, Process Integration, Process Orchestration, bad_certificate, bad, certificate, mismatch, process integration, process orchestration, file adapter, server, Peer certificate rejected by ChainVerifier, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver, XI, strictHostnameChecking, Passive Mode, Sending command 'PASV', PASV , KBA , BC-XI-CON-FIL , File Adapter , BC-XI-CON , Connectivity , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.