Hi, all

I am trying to enable SSL on ADS. I have already gone through the ADS config doc and the url thoroughly. I am still getting error ICM_HTTP_SSL_ERROR. Running FP_PDF_TEST_00 will generate error "SOAP Runtime Exception: CSoapExceptionTransport : HTTP receive failed with exception communication_failure". Looking at the trace file, I saw this:

[Thr 07] >> -

Begin of Secude-SSL Errorstack -

>>

[Thr 07] WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSL

v3 handshake failure alert message from the peer

[Thr 07] << -

End of Secude-SSL Errorstack -

[Thr 07] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 07] No certificate request received from Server

[Thr 07] SSL NI-sock: local=10.100.48.226:41738 peer=10.100.48.226:51201

[Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10502f7d0)==SSSLERR_SSL_CONNECT

[Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSS

LERR_SSL_CONNECT [icxxconn_mt.c 2012]

Here's what I have done:

Create client certificate from strust

Import the abap client certificate into the j2ee stack under ADScerts and TrustedCAs views.

Attach the abap cert to the ADSUSER in VA

Include the abap client cert in the SSL provider in VA

Export out the ssl cert and import it into the strust in ABAP

However, it still did not work. If you have experience on configuring ADS SSL, please advise.

By the way, there are 2 things I do not undertstand in the SAP ADS config guide.

1) We are supposed to import the signing CA's cert into TrustedCAs view. However, if this is a self-signed client certifcate from the abap side, where does the CA cert come from. My guess this is the client cert from strust

2) In step 5.4.7 in the ADS config doc, it says that you would need to associate the ADSCerts in the authentication. However, I notice that it can only choose the private key. But the client cert we imported only has the public part. Am I missing something?

Your advice is much appreciated.

Thanks,

Jonathan.