on 07-30-2015 9:00 AM
Dear Experts
Facing to following problem:
IPs and names replaced with X.
I had to change the connection to content server to HTTPS. In IIS everything seems fine and the following page can be displayed:
https://fqdn:1092/ContentServer/ContentServer.dll?serverInfo
Now to sap. There I wanted to change the repository to HTTPS and changed the SSL Port to 1092 and then following error is displayed:
In ICM Trace I see the following:
[Thr 7436] << End of Secu-SSL Errorstack
[Thr 7436] SSL_get_state()==0x2131 "SSLv3 read server certificate B"
[Thr 7436] SSL NI-hdl 96: local=XXX.XXX.XXX.XXX:57991 peer=XXX.XX.XXX.XXX:1092
[Thr 7436] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000002ED2E2D0)==SSSLERR_PEER_CERT_UNTRUSTED
[Thr 7436] *** ERROR => SSL handshake with XXX.XXX.XXX.XXX:1092 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)
[Thr 7436] The peer's X.509 Certificate (chain) is untrusted
[Thr 7436]
[Thr 7436] SapSSLSessionStart()==SSSLERR_PEER_CERT_UNTRUSTED
[Thr 7436] SSL:SSL_connnect() failed (536872221/0x2000051d)
[Thr 7436] => "SSL API error"
[Thr 7436] >> SecuSSL ErrStack:
[Thr 7436] 0x2000051d SAPCRYPTOLIB SSL_connect
[Thr 7436] SSL API error
[Thr 7436] Failed to verify peer certificate. Peer not trusted.
[Thr 7436] 0xa0600203 SSL ssl_verify_peer_certificates
[Thr 7436] Peer not trusted
[Thr 7436] 0xa0600297 SSL ssl_cert_checker_verify_certificates
[Thr 7436] peer certificate (chain) is not trusted
[Thr 7436] Certificate:
[Thr 7436] Certificate:
[Thr 7436] Subject :CN=XXXX
[Thr 7436] Issuer :CN=XXXIssuingCA10, DC=XXX, DC=XXX
[Thr 7436] Serial number:0x5f0000029aa3d4c73fef2981bc00000000029a
[Thr 7436] Validity:
[Thr 7436] Not before :Mon Jul 27 16:20:44 2015
[Thr 7436] Not after :Sun Jul 25 16:20:44 2021
[Thr 7436] Key:
[Thr 7436] Key type :rsaEncryption (1.2.840.113549.1.1.1)
[Thr 7436] Key size :2048
[Thr 7436] PK_Fingerprint_MD5:3193 E726 99A2 F10C 97EA A73D CC6C 61AE
[Thr 7436] extensions:
[Thr 7436] AuthorityKeyId:
[Thr 7436] Significance:Non critical
[Thr 7436] Value:
[Thr 7436] Key identifier (size="20" ):42F8D3D3DBA97D29F79921B8F262898FD0084A36
[Thr 7436] SubjectKeyIdentifier:
[Thr 7436] Significance:Non critical
[Thr 7436] Value (size="20" ):8BC3DAB1F979D139CAE2731DAACD5CB67CA3EB58
[Thr 7436] Key usage:
[Thr 7436] Significance:Critical
[Thr 7436] Value:
[Thr 7436] digitalSignature
[Thr 7436] keyEncipherment
[Thr 7436] Extended key usage:
[Thr 7436] Significance:Non critical
[Thr 7436] Value:
[Thr 7436] element#no="1":ClientAuthentication (1.3.6.1.5.5.7.3.2)
[Thr 7436] element#no="2":ServerAuthentication (1.3.6.1.5.5.7.3.1)
[Thr 7436] Alternative names:
[Thr 7436] Significance:Non critical
[Thr 7436] Value:
[Thr 7436] element#no="1":
[Thr 7436] GN-dNSName :XXX
Then I added this certificate to STRUST. But still facing to the same error.
Thanks for any advices.
Kind regards
Lino
Please Send the Certificate using transaction OAC0 and activate it on content server.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Eswaran
This issue's been solved. There were a lot of wrong certificates imported during the installation phase. Once I did all new it worked.
Thanks for your reply!
kind regards
Lino
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Lino,
you need to add the root certificate to SSL Client and add to Certificate List to make it work.
This is because here in this case ABAP server works as a client.
Regards,
Eswaran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.