on 04-03-2006 6:17 PM
Hi,
We have configured our server for SSL to access https web service. While doing a test connection from SM59 I get the following error - HTTP/1.0 500 Native SSL error
When the status of service is checked from transaction SMICM -->Goto -> Services: I see HTTPS service active.
When Trace file file is analyzed from transaction SMICM, I see the following log,
[Thr 3760] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 3760] session uses PSE file "K:\usr\sap\ETN\DVEBMGS00\sec\SAPSSLA.pse"
[Thr 3760] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 3760] Sat Apr 01 10:16:40 2006
[Thr 3760] >> Begin of Secude-SSL Errorstack >>
[Thr 3760] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "EMAIL=premium-server@thawte.com, CN=Thawte P
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete #
[Thr 3760] << End of Secude-SSL Errorstack
[Thr 3760] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 3760] <<- ERROR: SapSSLSessionStart(sssl_hdl=06D332C0)==SSSLERR_SSL_CONNECT
Please reply if anyone has a solution.
Thanks & Regards,
Jabeen
I too have face this error after installing new certificate sent from client, i forgot to restart the ICM and JAVA cluster. Once i restarted it start working and i can able to reach the client from SM59 Tcode.
Regards
Shahid
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi I have the same problem as mentioned above.
I have some questions about the issue.
What du you mean by fully qualified name and where do I have to put it in?
When entering the URL of the Web Service, I got the message that the certificate is not trusted because the certificate is signed by the producer of the WS itself. Do I have to send the Certificate to a CA or can I use certificates signed on my own?
What is a CA? An Organisation? and does it cost anything?
I downloaded the Certificate in DER (binary) format and imported it in STRUST.
I've seen just one certificate in the Certification path. Are there more certification but not in the certification path?
BR,
Sebastian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
>Chain of certificates is incomplete
You did not import the complete cin of certificates.
Most likely the Root CA certificate or the sub CA certificate from the distant server is missing.
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am facing the same problem in one of our system. If this issue is fixed in your environment, please let me know how you have did it.
Thanks & regards
Prem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
1.
I assume you will get more help in the WebAS general forum.
2.
The error message means that the certificate you use is not verifiable. So eigther the CA certificate is not set up correctly or one of your intermediate certificates are missing.
Please read SAP note: #510007 it describes all the steps you need to make to enable SSL on your WAS.
Regards,
Dezso
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.