SAP Knowledge Base Article - Preview

3017074 - 401 error when connecting PI or PO to CPI


You are setting up a connection between PI or PO and CPI where Client Certificate Authentication is intended, and it fails with 401 Unauthorized. In PI/PO Receiver channel you are going to see errors similar to the one below:

Error while processing outbound message. HTTP POST call to https://<tenant-id>-iflmap.hcisbp.<host><endpoint> not successful.

The HTTP logs from CPI will show that no credentials were sent by PI/PO: ( - - [10/Dec/2020:18:30:59 +0000] GET /<endpoint> HTTP/1.1 401

In the XPI Inspectors traces collected from PI/PO, it is possible to see that incorrect or no client certificate was available, therefore the system sent an incorrect or empty certificate which explains the error in CPI:

Message processing failed. Cause: User is not authorized! HTTP 401
SOAP: Call failed: User is not authorized! HTTP 401
Failed to call the endpoint: Error in call over HTTP: HTTP 401

If empty certificate is sent, you will also see information in the trace:

ssl_debug(105): Received server_hello_done handshake message.
ssl_debug(105): No client certificate available, sending empty certificate message...

Client Certificate check might show error:

ERROR: The issuer of the certificate doesn't match the subject of certificate #1
ERROR: The issuer of the certificate #<X> doesn't match the subject of certificate #<Y>



  • SAP Integration Suite
  • SAP Cloud Integration
  • SAP Netweaver
  • SAP Process Integration


Cloud Integration all versions ; SAP NetWeaver all versions ; SAP Process Integration all versions


SAP HANA Cloud Integration, SAP HCI, SAP CPI, SCPI, tenant, iFlow, Integration Flow, SOAP receiver channel, REST receiver channel, client certificate authentication, certificate authority, CA, certificate chain, issued, trusted, MessagingException, SocketException, Connection reset, No client certificate available, sending empty certificate message, handshake failure, Connection reset by peer, socket write error, SSL, TLS, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.4, PI 7.4, PO 7.4, Process Orchestration 7.5, PI 7.5, PO 7.5, XI, AEX, soap adapter, rest adapter, rest, soap, SAP Cloud Integration, SAP Integration Suite, , KBA , LOD-HCI-PI-OPS , Cloud Operations , BC-XI-CON-AFW-SEC , Security , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.