3191267 - PI is doing SSL handshake with the Proxy instead of Target Server

Below error is observed in Process Orchestration message monitor or XPI Inspector trace, during SOAP Receiver Channel processing:

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
SOAP: Call failed: iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
Failed to call the endpoint: Error in call over HTTP: HTTP 0 null

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure Reason: Without SNI the request may be rejected with handshake error by target system even before sending the certificate. 

or

IOException while handshaking: Connection closed by remote host.

or

Invalid SSL message, peer seems to be talking plain 

Here SOAP Receiver channel is configured with Proxy, towards HTTPS endpoint.

AND when you check the XPI Inspector (example 50) trace, you may find:

• In Channel, SSL handshake succeeds. (In XPI trace, see Channel of XI Channels table)
• In Runtime, SSL handshake fails. (In XPI trace, see Records Count of corresponding Server Node)
  
  In Runtime, PI is doing SSL handshake *with* the Proxy, not *via* the Proxy,
  where the Proxy of course may not respond properly to the SSL Handshake request.
  • e.g.,

    "Sending v3 client_hello message to <proxy host & port>, requesting version 3.3..." (which is WRONG)

  • while it should have been:

    "Sending v3 client_hello message to <target host & port>, requesting version 3.3..." (whch is EXPECTED).

• SAP NetWeaver
• SAP Process Integration