08-27-2010 4:22 PM
Hi,
we want to communicate on HTTPS bettween ECC6 system and another application works on Weblogoc. we are doing the followings actions :
- installation SAPCryptolib
- Create teh SSL Client PSEs
- Generale Certificate and import it to Weblo; we use self signed Certificate
- we import on ECC the certificate gererated by Weblo
- we configuring the content repository with OCC0 transcation
But, when we try to communicate on HTTPS; we have the follwing message on log of the ICM
Thanks in advance for your help
Mohamed Karray
-
[Thr 2057] Fri Aug 27 11:53:15 2010
[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 2057] SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 2057] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2057] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180,
ERROR in get_path: (27/0x001b) Found root certificate of <CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180, OU=SAP Web AS, O=SAP Trust
ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180, OU=SAP Web AS, O=SA
[Thr 2057] << -
End of Secude-SSL Errorstack -
[Thr 2057] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 2057] SSL NI-sock: unix domain socket="/tmp/.sapicm4430"
[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x116077350)==SSSLERR_SSL_CONNECT
[Thr 2057] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 201
[Thr 2057] *** ERROR => IcmJ2EEScheduleFunc: Connection to clay06pgi.cla.edfgdf.fr:4430 failed - please check host configuration
Edited by: karray mohamed on Aug 27, 2010 5:23 PM
Edited by: karray mohamed on Aug 27, 2010 5:24 PM
Edited by: karray mohamed on Aug 27, 2010 5:26 PM
09-02-2010 10:03 AM
Hello Karray,
Once you have created client PSE, you need to download the SSL certificate and upload the same in the Visual Admin.
Also for successful handshake the SSl certificate should be present on your browser at server level.
Kindly let me know the steops which you have followed till now, so that we can correctly acknowledge what else is missing in your SSL configuration.
Please follow the note 510007
Thanks,
Shobhit Garg
09-02-2010 1:15 PM
Hi Shobhit Garg
I m following the all steps specified in note 510007
we are are generate a cetificate and upload the certifiacte generated by Documentum
Now, the configuration is work well
Thank you for your help
Mohamed
09-02-2010 1:23 PM
Hello,
I am sorry to inform you ...If your issue is resolved than please close the thread.
Always mark the replies which were helpful to you , so that other users are also aware of the same and can refer that reply as correct solution.
Thanks,
Shobhit Garg
09-02-2010 1:25 PM
>
> Always mark the replies which were helpful to you , so that other users are also aware of the same and can refer that reply > as correct solution.
>
Unless I am very much mistaken, other users are not able to see who the points were referred to for a question and this is a rather thinly veiled away of points begging?
The poster has already made it clear that your suggestion fixed the problem.