on 02-09-2011 7:44 AM
HI experts,
my scenario is Proxy to HTTPS. I imported the SLL usning STRUST. Then i restarted SMCIM using EXITSOFT. but i am getting below error in SMICM trace
hr 4568] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
hr 4568] session uses PSE file "F:\usr\sap\PID\DVEBMGS00\sec\SAPSSLC.pse"
hr 4568] SecudeSSL_SessionStart: SSL_connect() failed
hr 4568] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
hr 4568] >> Begin of Secude-SSL Errorstack >>
hr 4568] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #
hr 4568] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certificati
hr 4568] ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete #
hr 4568] << End of Secude-SSL Errorstack
hr 4568] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
hr 4568] SSL NI-sock: local=10.78.73.135:55511 peer=67.96.17.3:443
hr 4568] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000001A9D1E60)==SSSLERR_SSL_CONNECT
hr 4568] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn.c 1911]
Hi,
Probably the root certificate from CA or one of the intermediatory certificate is missing..
Open the certificate and check the tab 'Certification path' for details of this certificate chain.
this note could be helpful as well - Note 510007 - Setting up SSL on Web Application Server ABAP.
Regards,
Francis
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi antony,
As per your repsonce i checked my certificate.
I am able to see the Cerification status This certificate is OK. this cerificate is provided by client for HTTPS communication.
In STRUST 5 floders are avalble
System PSE
SNC SAPCryptolib
SSL server Standard
SSL client SSL Client (Anonymo
SSL client SSL Client (Standar
In baove floder in which folder i have to import the certifiate. after importing what knid of things i have to do. please let me know.
Thanks
Srini
Hi,
You would need to import the certificate in 'SSL client SSL Client' (Standard) afterwards restart ICM.
Do you have all the certificates in the 'Certification path' with you or only the last one. probably you also have to import the root certificate. the SSL connection can be tested by creating a HTTP destination to the external server in SM59.
Regards,
Francis
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.