Professional Documents
Culture Documents
Symptom
The Certificates Authority provided by the server have expired or have changed and you need to import the
new ones in PI system for the server authentication.
In XPI_Inspector debug trace tool, in the result.html file, if you click in the Communication channel name, you
can see a warning that the certificate authority is not trusted in "Is Remote SSL Server Certificate Trusted"
section:
Environment
PI Release Independent
SAP NetWeaver
SAP Process Integration
SAP NFE
4. Click on the Communication Channel link or scroll down to the relevant section
https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 1/4
24.03.2023 09:54 2056672 - How to import server certificates in PI system
Resolution
For NetWeaver PI 7.0x releases:
1. Go to the Visual Administrator -> Cluster tab -> <SID> -> Server * -> Services -> Key Storage ->
Runtime tab -> TrustedCAs.
2. Select the TrustedCAs view and click Load button.
3. Import the certificates provided by the server.
1. Go to Netweaver Administrator -> Configuration tab -> Security -> Certificates and Keys -> Key
Storage tab -> TrustedCAs.
2. Select the TrustedCAs view and click Import Entry button.
3. Import the three certificates provided by the server.
https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 2/4
24.03.2023 09:54 2056672 - How to import server certificates in PI system
It is possible to get the missing certificates directly from the XPI_Inspector tool. The certificates will be
saved in the "certs" folder.
You can download the certificates by clicking in the link Certificate: #x:
It is also possible to get the certificates directly with the server provider or by accessing the webservice
via browser and getting the certificates collected by the browser.
Note: Once the Keystore has been updated with the certificates, you will need to restart the channel to reflect
the changes.
Keywords
How to import server certificates in PI system, expired, Nfe, certs, certificate, nota fiscal eletronica, peer
certificate reject by chain verifier, connection reset, certificate authority, CA, NF-e, trustedca, trustedcas,
certificates, bad certificate, SEFAZ, AFIP, Process Integration 7.0, PI 7.0, PI 7.01, PI 7.02, Process Integration
7.10, PI 7.10, Process Integration 7.11, PI 7.11, Process Integration 7.30, PI 7.30, Process Integration 7.31, PI
7.31, Process Orchestration 7.40, PI 7.40, PO 7.40, Process Orchestration 7.50, PI 7.50, PO 7.50, NetWeaver,
XI, keystore
Attributes
Key Value
https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 3/4
24.03.2023 09:54 2056672 - How to import server certificates in PI system
Products
Products
3057117 Peer certificate rejected by ChainVerifier - EC signed SHA256withRSA server certificate server
certificate not capable for ECDHE_ECDSA key exchange algorithm!
(/sap/support/notes/3057117 )
2509971 FAQs on the impact of Successfactors Certificate Renewal if you use APIs (SFAPI/OData
API/adHoc API) (/sap/support/notes/2509971 )
2626189 Unable to establish HTTP connection error occur when performing Directory objects CPA
cache update in HTTPS mode (/sap/support/notes/2626189 )
https://userapps.support.sap.com/sap/support/sfm/notes/print/0002056672?language=E&token=E68CC8CC876FA3C5E12FB6BDD54A00C6 4/4