Hi,
we are struggling to set up the connection from C4C to ECC using a reverse proxy (apache).
Thank you for any help!
Best Regards
Florian
Our apache config is as follows:
<VirtualHost *:443> ServerName customer.reverseproxy.com SSLEngine On SSLProxyEngine On ErrorLog /var/www/customer/log/error.log Customlog /var/www/customer/log/access.log "common"
# TransferLog "<Apache_home>/logs/access.log"
# Offical SSL Certificate for customer.reverseproxy.com SSLCertificateFile "/etc/apache2/ssl/customer/customer_cert.pem" SSLCertificateKeyFile "/etc/apache2/ssl/customer/customer_key_np.pem" SSLCACertificateFile "/etc/apache2/ssl/customer/SSL123_CA_Bundle.pem"
# SSLCertificateChainFile "<Apache_home>/conf/proxy-server-ca.crt" # activate the client certificate authentication
#SSLCertificateChainFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# Signing CA's for SAP client certificate (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLCertificateChainFile "/etc/apache2/ssl/customer/SAPClientCA.pem"
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +ExportCertData +StdEnvVars
# CA's from SAP and customer for backend connections between Proxy and SAP system (Baltimore CyberTrust Root & Verizon Public SureServer CA G14-SHA2 + more)
SSLProxyCACertificateFile "/etc/apache2/ssl/customer/SAP-CA.crt"
# SSLProxyMachineCertificateFile <Apache_home>/conf/proxy-client.pem # initialize the special headers to a blank value to avoid http header forgeries RequestHeader set SSL_CLIENT_CERT "" <Location /> # add SSL_CLIENT_CERT header to forward real client certificate RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" ProxyPass https://sap.internal.com:8300/ ProxyPassReverse https://sap.internal.com:8300/ </Location> </VirtualHost>On the HCI we get the following error shown
Message Processing Log{ ContextName = com.sap.scenarios.cod2erp.customermaster.replicate IntermediateError = true MessageGuid = AFU2MVOblsS5yIwpSvYiCt7XnLaT Node = vsaxxxxxx.od.sap.biz OverallStatus = FAILED ReceiverId = Q47_ StartTime = Tue Apr 21 11:15:31 UTC 2015 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Invoked endpoint{ Cxf.EndpointAddress = https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION Error = Inbound processing in endpoint at https://HCI.intaas.hana.ondemand.com/cxf/COD/ERP/BP_MASTER_REPLICATION failed with message "Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.]", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target" StartTime = Tue Apr 21 11:15:31 UTC 2015 Status = FAILED StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Entering Camel route route52{ StartTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 created in Endpoint[cxf://bean:my308416_]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:encodingProcessor{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = process151 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in removeHeaders[*]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = removeHeaders52 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in setHeader[MessageId]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = setHeader76 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in sap-map-pi:COD_ERP_BusinessPartnerERPBulkReplicateRequest{ Sent To URI = sap-map-pi://COD_ERP_BusinessPartnerERPBulkReplicateRequest StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = CallActivity_1 StopTime = Tue Apr 21 11:15:31 UTC 2015 Time Taken = 11 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in ref:idocOutboundRequest{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = process152 StopTime = Tue Apr 21 11:15:31 UTC 2015 com.sap.sod.utils.idoc.soap.messageid= 00163E0CB1A01EE4BA82F713C72AD65B Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 in split[bean{idocPackageSplitter, method=split}]{ Error = org.apache.camel.CamelExchangeException: Sequential processing failed for number 0. Exchange[Message: [Body is not logged]]. Caused by: [org.apache.cxf.interceptor.Fault - Could not send Message.], cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = CallActivity_2 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Successor Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 created with reference to Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in setHeader[SapIDocContentType]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = setHeader77 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_cert]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = removeHeader197 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[ssl_client_user]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = removeHeader198 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationName]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = removeHeader199 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in removeHeader[operationNamespace]{ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = removeHeader200 StopTime = Tue Apr 21 11:15:31 UTC 2015 Children [ Processing exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 in cxf:bean:Q47_{ Error = org.apache.cxf.interceptor.Fault: Could not send Message., cause: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Sent To URI = cxf://bean:Q47_ StartTime = Tue Apr 21 11:15:31 UTC 2015 StepId = MessageFlow_2 StopTime = Tue Apr 21 11:15:31 UTC 2015 Time Taken = 123 Children [ Sent message to endpoint{ Cxf.EndpointAddress = https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310 Error = Outbound processing in endpoint at https://customer.reverseproxy.com:443/sap/bc/srt/idoc?sap-client=310 failed with message "Could not send Message.", caused by "SunCertPathBuilderException:unable to find valid certification path to requested target" StartTime = Tue Apr 21 11:15:31 UTC 2015 Status = FAILED StopTime = Tue Apr 21 11:15:31 UTC 2015 } Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-39 failed{ StartTime = Tue Apr 21 11:15:31 UTC 2015 Status = FAILED } ] } ] } ] } ] } ] } ] } ] } Exchange ID-vsaxxxxxx-od-sap-biz-40387-1427614280233-51-38 failed{ StartTime = Tue Apr 21 11:15:31 UTC 2015 Status = FAILED Children [ Exiting Camel route route52{ StartTime = Tue Apr 21 11:15:31 UTC 2015 } ] } ] } ] } ] } ] } ] } ] } ] } ] } ] } ] ReceiverIds [ Q47_
] }