cancel
Showing results for 
Search instead for 
Did you mean: 

SecudeSSL_SessionStart: SSL_connect() failed

Former Member
0 Kudos

Hi,

We have configured our server for SSL to access https web service. While doing a test connection from SM59 I get the following error - HTTP/1.0 500 Native SSL error

When the status of service is checked from transaction SMICM -->Goto -> Services: I see HTTPS service active.

When Trace file file is analyzed from transaction SMICM, I see the following log,

[Thr 3760] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 3760] session uses PSE file "K:\usr\sap\ETN\DVEBMGS00\sec\SAPSSLA.pse"

[Thr 3760] SecudeSSL_SessionStart: SSL_connect() failed

secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 3760] Sat Apr 01 10:16:40 2006

[Thr 3760] >> Begin of Secude-SSL Errorstack >>

[Thr 3760] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #

ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "EMAIL=premium-server@thawte.com, CN=Thawte P

ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete #

[Thr 3760] << End of Secude-SSL Errorstack

[Thr 3760] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 3760] <<- ERROR: SapSSLSessionStart(sssl_hdl=06D332C0)==SSSLERR_SSL_CONNECT

Please reply if anyone has a solution.

Thanks & Regards,

Jabeen

Accepted Solutions (0)

Answers (5)

Answers (5)

I too have face this error after installing new certificate sent from client, i forgot to restart the ICM and JAVA cluster. Once i restarted it start working and i can able to reach the client from SM59 Tcode.

Regards

Shahid

Former Member
0 Kudos

Hi I have the same problem as mentioned above.

I have some questions about the issue.

What du you mean by fully qualified name and where do I have to put it in?

When entering the URL of the Web Service, I got the message that the certificate is not trusted because the certificate is signed by the producer of the WS itself. Do I have to send the Certificate to a CA or can I use certificates signed on my own?

What is a CA? An Organisation? and does it cost anything?

I downloaded the Certificate in DER (binary) format and imported it in STRUST.

I've seen just one certificate in the Certification path. Are there more certification but not in the certification path?

BR,

Sebastian

Former Member
0 Kudos

Hi,

>Chain of certificates is incomplete

You did not import the complete cin of certificates.

Most likely the Root CA certificate or the sub CA certificate from the distant server is missing.

Regards,

Olivier

Former Member
0 Kudos

Hi,

I am facing the same problem in one of our system. If this issue is fixed in your environment, please let me know how you have did it.

Thanks & regards

Prem

former_member191062
Active Contributor
0 Kudos

Hello,

Can you check the note I mentioned above? It describes how the SSL can be enabled on the WAS.

Did you followed these steps?

Best regards,

Dezso

Former Member
0 Kudos

Check the fully qualified domain name aswell.

We had a problem after a j2ee addin installation.

After changing it to the fully qualified we had no issues with SSL

former_member191062
Active Contributor
0 Kudos

Hello,

1.

I assume you will get more help in the WebAS general forum.

2.

The error message means that the certificate you use is not verifiable. So eigther the CA certificate is not set up correctly or one of your intermediate certificates are missing.

Please read SAP note: #510007 it describes all the steps you need to make to enable SSL on your WAS.

Regards,

Dezso