Error: "RFC_COMMUNICATION_FAILURE- SSSLERR_PEER_CERT_UNTRUSTED" error occurs while connecting to IBP datastore via webRFC connection - SAP Cloud Integration for Data Services.
Cause
The IBP server certificate added to the PSE file is incorrect.
Resolution
Pull up Google Chrome web browser.
Open up the IBP tenant URL (https://myXXXXXX.scmibpX.ondemand.com).
Login to IBP with a user name and password.
Click on the padlock in front of the URL, and then on the arrow on the "Connection is secure" line.
On the next screen, click on the box at the end of "Certificate is valid".
On the next screen, click on the "Details" tab and select the root "DigiCert Global Root G2" certificate.
press "Export...":
In the export wizard choose Base-64.
Give it a name and save it.
Transfer that file to the agent server's file system.
Add the IBP server certificate to the PSE file by command:
<agent_installation_folder>\bin\sapgenpse maintain_pk -a <path>/<certificate>.cer -p <file.pse> -x <PIN>
Example:
sapgenpse maintain_pk -a C:\ProgramData\SAP\DataServicesAgent\ssl\sec\ZZZ.cer -p ibp_webrfc.pse -x Passw0rd!
Note: the IBP server certificate can be exported in any web browser. In this example we used Google Chrome for demonstration.