cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Safari OSX ans SAP service or SDN

Go to solution
Former Member

on ‎04-20-2006 10:32 PM

0 Kudos

Each time I try to connect to SDN or SAP services web site I have this problem :

" The page requires a valid SSL client certificate....

HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not trusted by the Web server."

Do you have the same problem?

How to solve this issue?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-21-2006 12:30 AM
0 Kudos

Thierry

Welcome to SDN

Yes it comes to me and as well as so many people. You could just click on OK and move forward.

Hope this helps

Thnaks

Sat

Show replies
Show replies
Former Member
‎04-21-2006 6:40 AM
0 Kudos

Sat,

Thanks for your answer but I have no buttom , nothing, just the message and I can't go forward it is the first page.

This problem append only from Yesterday (04/20/2006 12:00 GMT). Before I have no problem.

The only one solution to go to SDN or SAP marketplace is to download a Firefox or IE to go there... It not really helpfull...

Thierry

eddy_declercq
Active Contributor
‎04-21-2006 8:04 AM
0 Kudos

Hi,

service.sap.com works fine for me on Safari (on OS X 10.4.6)

There was yesterday a problem with the servers over there, since one couldn't retrieve any note.

Did you try it today again? Just tested it without problems.

PS IE for Mac does not longer exist.

Eddy

eddy_declercq
Active Contributor
‎04-24-2006 7:39 AM
0 Kudos

Hi,

Pls don't forget to reward points and close the question if you find the answers useful.

Eddy

Former Member
‎04-24-2006 8:23 AM
0 Kudos

Hi,

Yes i try again, and the status is the following.

OK

http://service.sap.com

and if i try to Apply for an SAP Passport, I didn't receive the identification popup but this message

"The page requires a valid client certificate. ...

HTTP 403.16 - Forbidden: Client certificate untrusted or invalid Internet Information Services"

KO

http://www.sdn.sap.com

http://service.sap.com/notes

I receive the message "The page requires a valid SSL client certificate. ....

HTTP Error 403.16 - Forbidden: Client certificate is ill-formed or is not trusted by the Web server."

My configuration is :

OS X 10.4.6

Safari Version 2.0.3 (417.9.2)

Thanks

Thierry

former_member278865
Explorer
‎09-26-2006 10:26 PM
0 Kudos

I expect that until Safari has a certificate installed (I've never seen how) you won't be able to proceed. However, I wonder if installing the correct SSO software will make Safari work crrectly. For now, I get around this by using firefox with my imported cert from my windows box. My Mac isn't set up for SSO.

Former Member
‎09-26-2006 11:05 PM
0 Kudos

I just installed the SAP passport in Safari (the certificate is offcourse installed in Keychain). It works perfect. I don't need to enter any passwords anymore for the sites in service.sap.com, sdn etc.

However, I had to press the reload button a couple times until I got in to the passport application site. The same procedure when hitting the submit button. But in the end, I got my SAP passport

BR

/Björn

Hans
Explorer
‎09-27-2006 3:12 AM
0 Kudos

SAP Passport? Que?

Former Member
‎09-27-2006 8:29 AM
0 Kudos

First go to service.sap.com.

In the pottom of the page (a bit hidden) you will find a link called Benefit from Single Sign-On (the headline right above is vcalled "Questions Regarding Login".

Press the link and it will take you to a site explaining SAP Passport (Single Sign On). In the lower left of the page there is a button "Apply fo an SAP Passport". Press the button, a login popup will appear. Enter your userid and password and press the button to continue. In the next page your name and userid will be filled in by SAP and you have to enter your password again. Use the default key length (2048). Then press the button "Apply for SAP Passport". Now the certificate will be downloaded and you will get the question about saving it in Keychain.

During this process I had to press reload a number of times due to problems loading the different pages. But in the end, the SAP Passport was installed and now I can surf into thew sites of service.sap.com without manual logon.

Good luck

/Björn

Hans
Explorer
‎09-27-2006 4:05 PM
0 Kudos

That didn't work for me.

First, I can't go to service.sap.com with Safari because of some certificate issue. This is limited to Intel Macs, I believe. At least, I have the issue on my MBP, but not on my iMac G5.

Second, I used Firefox to follow your procedure, but even though I restarted the browser, I still need to log in manually.

The first issue is the most important to me. I don't mind logging in, but I really don't like having to use a different browser just for the SAP sites.

Former Member
‎09-27-2006 10:06 PM
0 Kudos

Sorry, can't help you there. I still use a PowerPC-mac and there it works. However, I wonder why Safari is behaving differently on an Intel-Mac. I mean, it should be the same thing, shouldn't it?

johna69
Product and Topic Expert
Product and Topic Expert
‎09-28-2006 1:34 PM
0 Kudos

Hi Hans,

I can get to service.sap.com using safari with my Intel Mac. However I then have problems when trying to apply for a passport. On the passport application page I get "The page requires a valid SSL client certificate" .

JohnA

Former Member
‎09-28-2006 7:20 PM
0 Kudos

This procedure works for me using Mac OS X 10.4.6/Safari Version 2.0.3 (417.9.2) on a MacBook Pro. Might want to remove all SAP related items from the keychain first, that's what I did, I had some very stale items in there.

-jake

Hans
Explorer
‎09-28-2006 9:48 PM
0 Kudos

This is weird, and extremely annoying.

If I go to <https://web.mit.edu/consult/www/certificate/test.html>, Safari will complain about an invalid certificate, but if I click Continue, I'll get the same error:

Safari can’t open the page “https://web.mit.edu/consult/www/certificate/test.html”. The error was: “client certificate rejected” (NSURLErrorDomain:-1205) Please choose Report Bug to Apple from the Safari menu, note the error number, and describe what you did before you saw this message.

I've tried removing all the Verisign and RSA certificates from my keychains, but that doesn't seem to make any difference. I've already deleted all the invalid certificates.

johna69
Product and Topic Expert
Product and Topic Expert
‎09-29-2006 2:12 PM
0 Kudos

The problem is covered in the following Web-kit bugzilla report:

http://www.opendarwin.org/pipermail/webkit-unassigned/2006-February/004930.html

I have a .mac account, so that may be me stumped until a fix is released.

JohnA

Hans
Explorer
‎09-29-2006 7:35 PM
0 Kudos

The Opendarwin team doesn't seem to be working on it. Scroll down on <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=7417">this page</a> to see the discussion.

Answers (4)

Answers (4)

martinmoser1
Discoverer
‎07-29-2012 4:43 PM
0 Kudos

I got the same problem and got it solved running OS X 10.8 with Safari 6.0 and Firefox 14.0.1
(but should be working similar in OS X 10.7.x with Safari 5.x)

GETTING THE SAP PASSPORT USING FIREFOX

- Get Firefox 14.0.1 for Mac (unless you have it already installed) from getfirefox.com and install it

- Use Firefox to navigate to service.sap.com using your SAP account (user/pwd) credentials

- Apply for the SAP Passport

  (You get there by clicking on the top right link saying "Benefit from Single-Sign-On"

- Install the certificate in Firefox

- Restart Firefox to make sure it worked

- Go to service.sap.com and make sure it is working

( it should offer the certificate that you just installed in the steps above )

If it is not working in Firefox start from scratch as describe here.

!! Continue reading only if your Firefox SAP Passport Logon works !!

DOWNLOADING THE SAP PASSPORT

- Go to Firefox -> Preferences

- Choose Advanced -> Encryption -> View Certificates

- In the tab "Your Certificates" select the one under "SAP Trust Community" and use the button "Backup..."

- Choose a destination (e.g. your desktop) and use a password to store the certificate backup safely

INSTALLING THE SAP PASSPORT IN MAC KEYCHAIN ACCESS APPLICATION

- Now open "Keychain access" application in OS X

- Drag and Drop the keychain file from the location before (e.g. Desktop) into the list of certificates offered

- Now you should be prompted for the password that you just used before and eventually your computers's admin password in addition

- If you see the certificate  under "SAP Passport CA" in the list you should be all set

- Now open Safari and navigate to service.sap.com

- You should be able to choose the SAP Passport certificate and login

You can now safely delete the backed up certificate in your temporary location (e.g. desktop) or move it to a safe location like a pen drive.

Good luck!

Thanks,

Martin

Show replies
Show replies
SauMaris
Contributor
‎08-21-2012 9:46 AM
0 Kudos

It's good to have at least a workaround, though better would be if SAP could create a proper installation procedure for Macs

Former Member
‎02-21-2012 4:32 PM
0 Kudos

I cannot login into the SAP sites with Safari -

https://sap.mymeetingroom.com/

service.sap.com

I get the certificate error. - The page requires a valid SSL client certificate

Your client certificate is untrusted or invalid. A Secure Sockets Layer (SSL)client certificate is used for identifying you as a valid user of the resource.

Like someone else has said here - I dont really want to switch to a different browser to get into the SAP sites.

There should really be a way to add a certificate in safari?

Show replies
Show replies
Former Member
‎12-12-2007 5:34 PM
0 Kudos

Couple of additional questions for anyone out there:

a) did you import it into the login keychain or the system keychain?

b) also, if you right click on the certificate with the Keychain app, and say "Get Info", the certificate comes up with "This certificate was signed by an unknown authority". is this a problem? does this need to be verified somehow?

c) also, if you right click on the private key within the certificate,, and say "Get Info" and choose the "Access Control" tab, by default it says "Confirm before allowing access". Should the other option of "Allow all application to access this item" be chosen instead?

Frustrated along with everyone else, hate bringing up Firefox just to use sdn and marketplace.

Cheers,

Greg

Show replies
Show replies
Former Member
‎03-14-2008 5:56 PM
0 Kudos

Thought I'd see if anyone has had any more luck getting Safari to work with SDN?

Cheers,

former_member278865
Explorer
‎04-03-2008 10:04 PM
0 Kudos

I'm replying from Safari 3.1 on OS X 10.4

You need an installed client certificate as mentioned above. That goes in your keychain under My Certificates. The authority for that certificate (mine is SSO_CA) must have an entry in the trusted certificates list. In Keychain access, import into your x509 anchors a certificate for the root certificate authority (I exported mine from an IE session in windows).

After these are in place, Safari should work with SDN.

My Air apps are also running correctly with this in place.

Hope this helps,

km

former_member278865
Explorer
‎04-03-2008 10:09 PM
0 Kudos

a) did you import it into the login keychain or the system keychain?

Login

b) also, if you right click on the certificate with the Keychain app, and say "Get Info", the certificate comes up with "This certificate was signed by an unknown authority". is this a problem? does this need to be verified somehow?

That is part two of my last post - you need to have the x509 cert installed to tell the browser you trust the certificate authority.

c) also, if you right click on the private key within the certificate,, and say "Get Info" and choose the "Access Control" tab, by default it says "Confirm before allowing access". Should the other option of "Allow all application to access this item" be chosen instead?

Mine is still set at Confirm.

Former Member
‎06-17-2008 3:53 PM
0 Kudos

Oddly enough, I never did get it to work.

But, here I am typing this on Safari. Always got so frustrated in brining up Firefox just for SDN, so once and a while I kept trying Safari just for the heck of it..... no luck until today. Have no idea what the difference is, I never changed anything since trying the keychain changes months ago.

Only thing that has happened has been Safari updates (3.1.1 build 5525.20) and Mac updates (10.5.3).

Anyways, something changed either on my Mac side or the SDN/Marketplace side, as all is well.

So, for those out there that might stumble across this thread, give your Safari another whirl!

Cheers,

Greg

Former Member
‎11-17-2006 9:41 AM
0 Kudos

Hi there, I had the same problem and initially installed Firefox to get a certificate. I then made a backup of the certificate in Firefox and put the file into the keyring. That was it, and now Safari works for me on all the SAP sites that ask for my logon.

Best regards,

Anders

Show replies
Show replies
johna69
Product and Topic Expert
Product and Topic Expert
‎11-22-2006 4:15 PM
0 Kudos

Hi Anders,

How did you backup the certificate from Firefox?

Thanks

John

Former Member
‎11-30-2006 2:01 PM
0 Kudos

Hello John,

Firefox

Preferences...

Advanced

Encryption:

View certificates

Choose certificate from the list and press "Backup". This will save the certificate into a PKCS12 file which can be imported to the keyring.

After this Safari should ask to confirm the certificate when entering sdn.sap.com.

Regards, Michael

Former Member
‎11-16-2007 2:44 AM
0 Kudos

I tried this but I still got the same error.

What finally worked for me was rebuilding my Keychain using the 'Keychain Access' app.

1) Reset your keychain: Preferences -> Reset my Keychain

- This will create a new keychain and backup the old keychain.

2) Import old keychain entries: File -> Add Keychain

- Select the old keychain on the left.

- Copy entries from old login keychain to new keychain.

- I wouldn't copy any SAP entries since that's what was probably causing the issue

Good luck!

mario_reyesminor
Explorer
‎08-13-2012 7:13 PM
0 Kudos

Thanks a lot Michael, this solution worked great for me, I had this issue from quite some time. I am replying from Safari on my Macbook Pro Intel Mountain Lion. Best regards!!

Ask a Question