HTTPS API calls throw tcp connection reset hosted on APIM from SAP PO

Sumit Gaur 245 Reputation points
2024-01-11T15:56:03.45+00:00

Hi, we are currently doing an integration where SAP PI is calling our APIM which is running in internal mode to access a backend service, the SAP PI is hosted in our on-prem environment which is connected with azure over express route. to make the https call the SAP PI needs the SSL signed certificate of the APIM which they have gotten from the browsing an apim endpoint and have installed it on their system, but we are getting a TCP connection reset whenever they make the call to the https endpoint and connection failed over a SSL handshake. The windows VM on which SAP PI is running is able to make the call to one of our GET endpoint while the application itself is not able to make the call. the setting on SAP PO application has been checked and no issue has been found so far on the SAP Side. the call works fine over http since it does not use any certificate. anyone has faced this issue with SAP applications, and could it be due to the certificate, how we can generate a certificate for a apim which runs on default/managed gateway?

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,290 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. JananiRamesh-MSFT 29,211 Reputation points
    2024-01-12T05:52:42.28+00:00

    @Sumit Gaur Thanks for reaching out. Based on the information you provided, it seems that the issue is related to SSL certificate validation when SAP PI is trying to make a call to your APIM endpoint.

    You had obtained the SSL certificate for your APIM endpoint and installed the certificate in your system. However, when you try to make a call to the endpoint over HTTPS, you are getting a TCP connection reset error and the connection is failing over an SSL handshake, correct me if I am wrong here.

    To establish a secure connection between SAP PI and your APIM endpoint over HTTPS, the SAP PI system needs to trust the SSL certificate presented by your APIM endpoint. You can obtain the SSL certificate for your APIM endpoint by browsing the endpoint and installing the certificate on your SAP PI system. This will allow the SAP PI system to trust the certificate and establish a secure connection with your APIM endpoint or It's also possible that there is a firewall or network security group (NSG) setting that is blocking the connection.

    You can browse to APIM endpoint using Chrome and once there, click the icon next to the url -- Connection is secure -- Certificate is valid -- Details tab -- Export button. qna azure-api.net certificate download

    do let me know incase of further queries, I would be happy to assist you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.