Dear Experts ,
As a background to the problem , we are migrating our SAP PI system version 7.30 from Solaris to IBM AIX version 7.1
where we are facing two major issues with PI system connectivity to third party servers.
1. FTPS /SSL Certificate Issue - In which the certificates which are already working on our Solaris Platform are not helping us to connect third party system and for each connection attempt we face the error "peer certificate rejected by chain verifier".
Note : It is a cross domain connection within same firewall network. still we have maintained the Unix Host file entries already .
Also, Connection types is set as passive for port 21.
strict hostName checking Parameter is set as "false" in advanced configuration .
Certificate Common name property matches with the host name of the Original Destination server .
Certificate is X.509 base 64 one.
During XPI Traces it validates the SSL handshake completely .and result shows a trusted connection.
Though , During Certificate Chain validation analysis I notice a Singed authority requirement as the log says "CN=Anglian Water PP Issuing CA1,DC=preprodinfra,DC=net} appears to be signed by {CN=Anglian Water X Root CA}, however, the signing certificate was not provided in the chain"
So , Here my question is "Do we have any specific requirement for this SSL Certificate to connect PI system on AIX platform or Am I missing something else to take care ? "
2. SFTP Public key fingerprint mismatch at third party systems - for the same AIX system , We are using SSH based authentication for some of the interfaces where we have issue with our Public key fingerprint while the same scenario is working well in our live system which is one Solaris platform.
procedure - basis team generates the SFTP Private key using NWA and provide the same to our AIX team to generate the RSA Public key by using this private key .
We share this Public key along with the Public key fingerprint (Generated in details of Private key in NWA) tothe third party systems where they are receiving a completely different fingerprint when they import this Public key in their secure area.
Kindly suggest .
Appreciate your valuable suggestion in advance.
Regards
Deepanshu