on 04-20-2006 10:32 PM
Each time I try to connect to SDN or SAP services web site I have this problem :
" The page requires a valid SSL client certificate....
HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not trusted by the Web server."
Do you have the same problem?
How to solve this issue?
Thierry
Welcome to SDN
Yes it comes to me and as well as so many people. You could just click on OK and move forward.
Hope this helps
Thnaks
Sat
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Sat,
Thanks for your answer but I have no buttom , nothing, just the message and I can't go forward it is the first page.
This problem append only from Yesterday (04/20/2006 12:00 GMT). Before I have no problem.
The only one solution to go to SDN or SAP marketplace is to download a Firefox or IE to go there... It not really helpfull...
Thierry
Hi,
Yes i try again, and the status is the following.
OK
and if i try to Apply for an SAP Passport, I didn't receive the identification popup but this message
"The page requires a valid client certificate. ...
HTTP 403.16 - Forbidden: Client certificate untrusted or invalid Internet Information Services"
KO
I receive the message "The page requires a valid SSL client certificate. ....
HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not trusted by the Web server."
My configuration is :
OS X 10.4.6
Safari Version 2.0.3 (417.9.2)
Thanks
Thierry
I expect that until Safari has a certificate installed (I've never seen how) you won't be able to proceed. However, I wonder if installing the correct SSO software will make Safari work crrectly. For now, I get around this by using firefox with my imported cert from my windows box. My Mac isn't set up for SSO.
I just installed the SAP passport in Safari (the certificate is offcourse installed in Keychain). It works perfect. I don't need to enter any passwords anymore for the sites in service.sap.com, sdn etc.
However, I had to press the reload button a couple times until I got in to the passport application site. The same procedure when hitting the submit button. But in the end, I got my SAP passport
BR
/Björn
First go to service.sap.com.
In the pottom of the page (a bit hidden) you will find a link called Benefit from Single Sign-On (the headline right above is vcalled "Questions Regarding Login".
Press the link and it will take you to a site explaining SAP Passport (Single Sign On). In the lower left of the page there is a button "Apply fo an SAP Passport". Press the button, a login popup will appear. Enter your userid and password and press the button to continue. In the next page your name and userid will be filled in by SAP and you have to enter your password again. Use the default key length (2048). Then press the button "Apply for SAP Passport". Now the certificate will be downloaded and you will get the question about saving it in Keychain.
During this process I had to press reload a number of times due to problems loading the different pages. But in the end, the SAP Passport was installed and now I can surf into thew sites of service.sap.com without manual logon.
Good luck
/Björn
That didn't work for me.
First, I can't go to service.sap.com with Safari because of some certificate issue. This is limited to Intel Macs, I believe. At least, I have the issue on my MBP, but not on my iMac G5.
Second, I used Firefox to follow your procedure, but even though I restarted the browser, I still need to log in manually.
The first issue is the most important to me. I don't mind logging in, but I really don't like having to use a different browser just for the SAP sites.
This is weird, and extremely annoying.
If I go to <https://web.mit.edu/consult/www/certificate/test.html>, Safari will complain about an invalid certificate, but if I click Continue, I'll get the same error:
Safari cant open the page https://web.mit.edu/consult/www/certificate/test.html. The error was: client certificate rejected (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message.
I've tried removing all the Verisign and RSA certificates from my keychains, but that doesn't seem to make any difference. I've already deleted all the invalid certificates.
The problem is covered in the following Web-kit bugzilla report:
http://www.opendarwin.org/pipermail/webkit-unassigned/2006-February/004930.html
I have a .mac account, so that may be me stumped until a fix is released.
JohnA
I got the same problem and got it solved running OS X 10.8 with Safari 6.0 and Firefox 14.0.1
(but should be working similar in OS X 10.7.x with Safari 5.x)
GETTING THE SAP PASSPORT USING FIREFOX
- Get Firefox 14.0.1 for Mac (unless you have it already installed) from getfirefox.com and install it
- Use Firefox to navigate to service.sap.com using your SAP account (user/pwd) credentials
- Apply for the SAP Passport
(You get there by clicking on the top right link saying "Benefit from Single-Sign-On"
- Install the certificate in Firefox
- Restart Firefox to make sure it worked
- Go to service.sap.com and make sure it is working
( it should offer the certificate that you just installed in the steps above )
If it is not working in Firefox start from scratch as describe here.
!! Continue reading only if your Firefox SAP Passport Logon works !!
DOWNLOADING THE SAP PASSPORT
- Go to Firefox -> Preferences
- Choose Advanced -> Encryption -> View Certificates
- In the tab "Your Certificates" select the one under "SAP Trust Community" and use the button "Backup..."
- Choose a destination (e.g. your desktop) and use a password to store the certificate backup safely
INSTALLING THE SAP PASSPORT IN MAC KEYCHAIN ACCESS APPLICATION
- Now open "Keychain access" application in OS X
- Drag and Drop the keychain file from the location before (e.g. Desktop) into the list of certificates offered
- Now you should be prompted for the password that you just used before and eventually your computers's admin password in addition
- If you see the certificate under "SAP Passport CA" in the list you should be all set
- Now open Safari and navigate to service.sap.com
- You should be able to choose the SAP Passport certificate and login
You can now safely delete the backed up certificate in your temporary location (e.g. desktop) or move it to a safe location like a pen drive.
Good luck!
Thanks,
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I cannot login into the SAP sites with Safari -
https://sap.mymeetingroom.com/
service.sap.com
I get the certificate error. - The page requires a valid SSL client certificate
Your client certificate is untrusted or invalid. A Secure Sockets Layer (SSL)client certificate is used for identifying you as a valid user of the resource.
Like someone else has said here - I dont really want to switch to a different browser to get into the SAP sites.
There should really be a way to add a certificate in safari?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Couple of additional questions for anyone out there:
a) did you import it into the login keychain or the system keychain?
b) also, if you right click on the certificate with the Keychain app, and say "Get Info", the certificate comes up with "This certificate was signed by an unknown authority". is this a problem? does this need to be verified somehow?
c) also, if you right click on the private key within the certificate,, and say "Get Info" and choose the "Access Control" tab, by default it says "Confirm before allowing access". Should the other option of "Allow all application to access this item" be chosen instead?
Frustrated along with everyone else, hate bringing up Firefox just to use sdn and marketplace.
Cheers,
Greg
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm replying from Safari 3.1 on OS X 10.4
You need an installed client certificate as mentioned above. That goes in your keychain under My Certificates. The authority for that certificate (mine is SSO_CA) must have an entry in the trusted certificates list. In Keychain access, import into your x509 anchors a certificate for the root certificate authority (I exported mine from an IE session in windows).
After these are in place, Safari should work with SDN.
My Air apps are also running correctly with this in place.
Hope this helps,
km
a) did you import it into the login keychain or the system keychain?
Login
b) also, if you right click on the certificate with the Keychain app, and say "Get Info", the certificate comes up with "This certificate was signed by an unknown authority". is this a problem? does this need to be verified somehow?
That is part two of my last post - you need to have the x509 cert installed to tell the browser you trust the certificate authority.
c) also, if you right click on the private key within the certificate,, and say "Get Info" and choose the "Access Control" tab, by default it says "Confirm before allowing access". Should the other option of "Allow all application to access this item" be chosen instead?
Mine is still set at Confirm.
Oddly enough, I never did get it to work.
But, here I am typing this on Safari. Always got so frustrated in brining up Firefox just for SDN, so once and a while I kept trying Safari just for the heck of it..... no luck until today. Have no idea what the difference is, I never changed anything since trying the keychain changes months ago.
Only thing that has happened has been Safari updates (3.1.1 build 5525.20) and Mac updates (10.5.3).
Anyways, something changed either on my Mac side or the SDN/Marketplace side, as all is well.
So, for those out there that might stumble across this thread, give your Safari another whirl!
Cheers,
Greg
Hi there, I had the same problem and initially installed Firefox to get a certificate. I then made a backup of the certificate in Firefox and put the file into the keyring. That was it, and now Safari works for me on all the SAP sites that ask for my logon.
Best regards,
Anders
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello John,
Firefox
Preferences...
Advanced
Encryption:
View certificates
Choose certificate from the list and press "Backup". This will save the certificate into a PKCS12 file which can be imported to the keyring.
After this Safari should ask to confirm the certificate when entering sdn.sap.com.
Regards, Michael
I tried this but I still got the same error.
What finally worked for me was rebuilding my Keychain using the 'Keychain Access' app.
1) Reset your keychain: Preferences -> Reset my Keychain
- This will create a new keychain and backup the old keychain.
2) Import old keychain entries: File -> Add Keychain
- Select the old keychain on the left.
- Copy entries from old login keychain to new keychain.
- I wouldn't copy any SAP entries since that's what was probably causing the issue
Good luck!
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.