Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSL handshake failure

Hi experts,

This message is a continuation of [5998967 |SSL handshake failure], where the problem is unfortunately still not resolved.

Let me first recap:

1.We establish HTTPS connection from SAP WebAS to Apache (which acts as reverse proxy).

2. SSL client certificate of class 3 (SAP-side) is signed by root certificate of own CA, and this own CA root certificate is available in SSL server side

3. SSL server certificate (Apache-side) is signed by TrustCenter and the TrustCenter root certificate is available in SSL Client (Standard) PSE.

4. The HTTPS connection works if the Apache authentication is switched to Basic Authentication.

5. If the Apache is configured to use client authentication, it doesn't work. In Apache log we can see that at the stage of SSL handshake no client certificate is required and HTTPS connection is establisched. The Apache asks for client certificate (sends re-negotiation request) at the next step, when the client tries to access some subfolders on the target server. It looks as if the SAP doesn't send the client certificate and the Apache closes the connection.

Can it really be the case that client certificate can only be sent at SSL handshake stage?

Do you have any other ideas what we can try?

Thanks in advance

Andrey

The search for OSS notes doesn't bring much.

System info:

SAPHTTP Unicode @(#) $Id: //bas/700_REL/src/krn/ftp/http.c#17 $

SAP_BASIS 700SP13

SAP-Kernel 700_REL Patch 128

Former Member
Not what you were looking for? View more on this topic or Ask a question