configuting HTTPS on ECC6

Former Member · ‎08-27-2010

Hi,

we want to communicate on HTTPS bettween ECC6 system and another application works on Weblogoc. we are doing the followings actions :

- installation SAPCryptolib

- Create teh SSL Client PSEs

- Generale Certificate and import it to Weblo; we use self signed Certificate

- we import on ECC the certificate gererated by Weblo

- we configuring the content repository with OCC0 transcation

But, when we try to communicate on HTTPS; we have the follwing message on log of the ICM

Thanks in advance for your help

Mohamed Karray

-

[Thr 2057] Fri Aug 27 11:53:15 2010

[Thr 2057] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 2057] SecudeSSL_SessionStart: SSL_connect() failed --

secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 2057] >> -

Begin of Secude-SSL Errorstack -

>>

[Thr 2057] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180,

ERROR in get_path: (27/0x001b) Found root certificate of <CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180, OU=SAP Web AS, O=SAP Trust

ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=clay06pgi.cla.edfgdf.fr, OU=I0020138180, OU=SAP Web AS, O=SA

[Thr 2057] << -

End of Secude-SSL Errorstack -

[Thr 2057] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 2057] SSL NI-sock: unix domain socket="/tmp/.sapicm4430"

[Thr 2057] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x116077350)==SSSLERR_SSL_CONNECT

[Thr 2057] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 201

[Thr 2057] *** ERROR => IcmJ2EEScheduleFunc: Connection to clay06pgi.cla.edfgdf.fr:4430 failed - please check host configuration

Edited by: karray mohamed on Aug 27, 2010 5:23 PM

Edited by: karray mohamed on Aug 27, 2010 5:24 PM

Edited by: karray mohamed on Aug 27, 2010 5:26 PM

Former Member · ‎09-02-2010

Hello Karray,

Once you have created client PSE, you need to download the SSL certificate and upload the same in the Visual Admin.

Also for successful handshake the SSl certificate should be present on your browser at server level.

Kindly let me know the steops which you have followed till now, so that we can correctly acknowledge what else is missing in your SSL configuration.

Please follow the note 510007

Thanks,

Shobhit Garg

Former Member · ‎09-02-2010

Hi Shobhit Garg

I m following the all steps specified in note 510007

we are are generate a cetificate and upload the certifiacte generated by Documentum

Now, the configuration is work well

Thank you for your help

Mohamed

Former Member · ‎09-02-2010

Hello,

I am sorry to inform you ...If your issue is resolved than please close the thread.

Always mark the replies which were helpful to you , so that other users are also aware of the same and can refer that reply as correct solution.

Thanks,

Shobhit Garg

Former Member · ‎09-02-2010

>


> Always mark the replies which were helpful to you , so that other users are also aware of the same and can refer that reply > as correct solution.
>

Unless I am very much mistaken, other users are not able to see who the points were referred to for a question and this is a rather thinly veiled away of points begging?

The poster has already made it clear that your suggestion fixed the problem.