SAP Knowledge Base Article - Preview

2385969 - Client certificate authentication is failing in SOAP receiver channel

Symptom

In PI you setup a SOAP receiver communication channel with client certificate authentication, but it is failing with this error message:

Message processing failed. Cause: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.io.IOException: Failed to get the input stream from socket: java.net.SocketException: Connection reset

Using the XPI Inspector tool ( Example 50 - communication channel trace ) you can see more details about the SSL communication, like this one:

 ssl_debug(86): Received certificate_request handshake message.
 ssl_debug(86): Accepted certificate types: RSA, DSA, Unknown (64)
 ssl_debug(86): Accepted certificate authorities:
 ssl_debug(86):   CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
 ssl_debug(86):   CN=Cybertrust Public SureServer SV CA,O=Cybertrust Inc
 ...
 ssl_debug(86): Received server_hello_done handshake message.
 ssl_debug(86): No client certificate available, sending empty certificate message...
 ssl_debug(86): Sending client_key_exchange handshake...
 ssl_debug(86): Sending change_cipher_spec message...
 ssl_debug(86): Sending finished message...
 ssl_debug(86): IOException while handshaking: Connection reset
 ssl_debug(86): Sending alert: Alert Fatal: handshake failure
 ssl_debug(86): Exception sending message: java.net.SocketException: Connection reset by peer: socket write error
 ssl_debug(86): Shutting down SSL layer...
 ssl_debug(86): Closing transport...


Read more...

Environment

  • SAP NetWeaver 7.0
  • SAP enhancement package 1 for SAP NetWeaver 7.0
  • SAP enhancement package 2 for SAP NetWeaver 7.0
  • SAP enhancement package 3 for SAP NetWeaver 7.0
  • SAP NetWeaver Process Integration 7.1
  • SAP enhancement package 1 for SAP NetWeaver Process Integration 7.1
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Process Integration 7.1 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 1 for SAP NetWeaver Process Integration 7.1 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SOAP receiver channel, client certificate authentication, certificate authority, CA, certificate chain, issued, trusted, MessagingException, SocketException, Connection reset, No client certificate available, sending empty certificate message, handshake failure, Connection reset by peer, socket write error, SSL, TLS, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration 7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI 7.31, Process Orchestration 7.4, PI 7.4, PO 7.4, Process Orchestration 7.5, PI 7.5, PO 7.5, XI, AEX , KBA , BC-XI-CON-SOP , SOAP Adapter , BC-XI-CON-AFW-SEC , Adapter Framework Security , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.