on 05-12-2009 11:05 PM
Hi, all
I am trying to enable SSL on ADS. I have already gone through the ADS config doc and the url thoroughly. I am still getting error ICM_HTTP_SSL_ERROR. Running FP_PDF_TEST_00 will generate error "SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure". Looking at the trace file, I saw this:
[Thr 07] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 07] WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSL
v3 handshake failure alert message from the peer
[Thr 07] << -
End of Secude-SSL Errorstack -
[Thr 07] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 07] No certificate request received from Server
[Thr 07] SSL NI-sock: local=10.100.48.226:41738 peer=10.100.48.226:51201
[Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10502f7d0)==SSSLERR_SSL_CONNECT
[Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSS
LERR_SSL_CONNECT [icxxconn_mt.c 2012]
Here's what I have done:
Create client certificate from strust
Import the abap client certificate into the j2ee stack under ADScerts and TrustedCAs views.
Attach the abap cert to the ADSUSER in VA
Include the abap client cert in the SSL provider in VA
Export out the ssl cert and import it into the strust in ABAP
However, it still did not work. If you have experience on configuring ADS SSL, please advise.
By the way, there are 2 things I do not undertstand in the SAP ADS config guide.
1) We are supposed to import the signing CA's cert into TrustedCAs view. However, if this is a self-signed client certifcate from the abap side, where does the CA cert come from. My guess this is the client cert from strust
2) In step 5.4.7 in the ADS config doc, it says that you would need to associate the ADSCerts in the authentication. However, I notice that it can only choose the private key. But the client cert we imported only has the public part. Am I missing something?
Your advice is much appreciated.
Thanks,
Jonathan.
Actually I got it working finally. If you are interested, I can send you more info. Send me an email as the SDN doesn't let me post my email.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello JonathanJonathan Ma:
I´m faced the same issue to configuring ASD certificates. Please, could you help me?
Thank you very much
Hi my friend,
Did you solve it? In such case, could you please tell us how?
Thanks,
Federico
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
By the way, I forgot to mention that our environment is ECC6 support stack 12. It is a dual stack environment.
Thanks,
Jonathan.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.