on 12-07-2009 8:42 AM
Hello,
We are getting the following error in the dev_icm trace file:
=================================================================
[Thr 04] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
[Thr 11] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
[Thr 11] *** ERROR => IcmJ2EEScheduleFunc: Connection to medpoolP45.os.fth.sbs.de:8443 failed - please check host configuration
[Thr 05] Mon Dec 7 08:14:40 2009
[Thr 05] SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
[Thr 08] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 05] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 08] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 05] SecudeSSL_SessionStart: SSL_accept() failed
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
[Thr 08] >> Begin of Secude-SSL Errorstack >>
[Thr 05] >> Begin of Secude-SSL Errorstack >>
[Thr 08] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 Veri
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 05] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
[Thr 08] << End of Secude-SSL Errorstack
[Thr 05] << End of Secude-SSL Errorstack
[Thr 08] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 05] SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
[Thr 08] SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
[Thr 05] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000051ad9b0)==SSSLERR_SSL_ACCEPT
[Thr 08] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000052c0030)==SSSLERR_SSL_CONNECT
=================================================================
But in STRUST all the SSL server certificate and SSL client certificate are in green.
Kindly let us know how to solve this error.
Thanks,
Rajesh
Hi Rajesh,
Have you got solution ??? Please share. I am also facing same issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jitendra,
We resolved the issues by referring to Note 1249794
Hope this help
Daniel
Hi,
Did you manage the sub-CA certificate ? Verisign always use a Root CA certificate and a sub CA certificate.
This what is called 'the chain of certificates".
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
it looks like the problem is in certificate verification. Probably you need to import root certificate into SAP. have a look at note 1094342. It's well described there.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.