cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SMP3 - AppDevelopment:

Go to solution
Former Member

on ‎09-16-2014 2:46 PM

0 Kudos

Hi, I have a question on SMP3 and AppDevelopment:

I have SMP3 SP03 (3.0.3) installed and running.  I have an application installed/published with app specific configurations displaying in the SAP Administration center.  I am receiving the "I am here" via the http request.  When connecting using the TestEnvironment, I am receiving the "A certificate needed to verify the certificate received cannot be found" error.  I have followed the Sybase documentation (all three Authentication Certificates) to create/install the certificate, albeit some of the documentation doesn't align with SMP3 when updating via the "console", but I am still unable to resolve the certificate error.  Are there any tricks or other documents I should consider?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-16-2014 2:51 PM
0 Kudos
  1. Go to “<Platfrom>\Server\configuration”
  2. Double click on “smp_crt.cer”
  3. Click “Install Certificate” on the following window
  4. On windows 8 select “Current User”
  5. Select “Place all certificate in the following store” and click “Browse”
  6. Select “Trusted Root Certification Authorities” and click “Ok” and then “Next”
  7. Click “Finish”
  8. A “Security Warning” pop-up with come up click “Yes”
Show replies
Show replies
Former Member
‎09-16-2014 2:57 PM
0 Kudos

Thank you for your reply.

Unfortunately, I have already installed that certificate "smp_crt.cer" into the Root Certificates store, as well as creating/installing the "Self-Signed" ones I created.

Former Member
‎09-16-2014 3:00 PM
0 Kudos

The startup was error free, however I have just noticed the following event error:

Configuration, Configuration, authenticationCertificateStore, File: , ..\agentry\SystemLogger.cpp#792:DTLoggerHandler::badKey

Former Member
‎09-16-2014 3:04 PM
0 Kudos

When you enter in the server information into the client are you using the FQDN or just the machine name?

When you look at the certificate it will say what the server is issued too you need to use this full name when you enter the name into the client.

Former Member
‎09-16-2014 3:12 PM
0 Kudos

I am using the FQDN on the client, which matches the Certificate "smp_crt.cer" information (confirmed prior to installing).

Former Member
‎09-16-2014 3:22 PM
0 Kudos

What is the version of ATE you are using?

Stephen

Former Member
‎09-16-2014 3:27 PM
0 Kudos

Agentry v7.0.3.605

Ps.  I removed the "Bad Key" error, by removing the "authenticationCertificateStore" entries I had added earlier when trying to match up the settings we had used in previous versions of Agentry Server (with self-signed Certs).  I restarted the SMP server, but the error is the same.

Former Member
‎09-16-2014 4:00 PM
0 Kudos

I have installed the Agentry Client (win32) and am receiving the same error as the ATE.

I have installed the ATE on a different machine, and prior to installing the "smp_crt.cer", I received this error:

 

“Certificate received is not found in the trusted list, nor
can it be traced to a trusted root.”

I then installed the "smp_crt.cer" as instructed and the original error has returned.  From the ATE events.log, I have the following:

09/16/2014 10:41:18, 1,        22,2148074248, Thr      21108, Error #2148074248(0x80090308): The token supplied to the function is invalid

, ..\..\..\..\Socket\win32\schannelSSLsockets.cpp#615:SchannelSSLstreamSocket::handshake

09/16/2014 10:41:22, 1,        25,         0, Thr      21108, Certificate received is not found in the trusted list, nor can it be traced to a trusted root., ..\..\..\..\Socket\win32\schannelSSLsockets.cpp#786:SchannelSSLstreamSocket::validateContextCertificates

09/16/2014 10:43:53, 1,        22,2148074279, Thr      21108, Error #2148074279(0x80090327): An unknown error occurred while processing the certificate.

, ..\..\..\..\Socket\win32\schannelSSLsockets.cpp#615:SchannelSSLstreamSocket::handshake

Subsequent attempts have only repeated the SchannelSSLstreamSocket::handshake error.

I have also disabled all firewall protection...

bill_froelich
Product and Topic Expert
Product and Topic Expert
‎09-18-2014 3:31 PM
0 Kudos

Jay,

Did you get this resolved?

It is certainly implying the certificate presented by the server isn't trusted.

I would suggest connecting from IE to the URL to get the "I am here!" message and then click on the lock in the address bar to view the certificate presented.  Confirm the host name and re-install to the Trusted Root Certification Authorities store on the device.

Then try again from the ATE on the same machine to see if that changes anything.

What kind of certificate is it?  Is it a self-signed one or provided by a third party?

--Bill

Former Member
‎09-22-2014 4:50 PM
0 Kudos

No, this is still not resolved.

I confirmed the Certificate information is correct and even installed it "again" from the details found when viewing the CERT via the IE "lock".  I believe this certificate is the one installed as part of the SMP installation which Stephen had asked that I use.  I see no way to adjust this since receiving a "bad key" from manual edits to the Agentry.ini...

I notice the following in the SMP-server log file:

2014 09 22 11:40:17#0-400#WARN#com.sybase.security.core.CertificateValidationLoginModule##anonymous#http-bio-8081-exec-6###The certificate (chain) is not valid. |

Answers (0)

Ask a Question