cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Error in ABAP stack

Go to solution
Former Member

on ‎02-09-2011 7:44 AM

0 Kudos

HI experts,

my scenario is Proxy to HTTPS. I imported the SLL usning STRUST. Then i restarted SMCIM using EXITSOFT. but i am getting below error in SMICM trace

hr 4568] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

hr 4568] session uses PSE file "F:\usr\sap\PID\DVEBMGS00\sec\SAPSSLC.pse"

hr 4568] SecudeSSL_SessionStart: SSL_connect() failed

hr 4568] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

hr 4568] >> Begin of Secude-SSL Errorstack >>

hr 4568] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #

hr 4568] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certificati

hr 4568] ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete #

hr 4568] << End of Secude-SSL Errorstack

hr 4568] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

hr 4568] SSL NI-sock: local=10.78.73.135:55511 peer=67.96.17.3:443

hr 4568] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000001A9D1E60)==SSSLERR_SSL_CONNECT

hr 4568] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn.c 1911]

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-09-2011 9:16 AM
0 Kudos

Hi,

Probably the root certificate from CA or one of the intermediatory certificate is missing..

Open the certificate and check the tab 'Certification path' for details of this certificate chain.

this note could be helpful as well - Note 510007 - Setting up SSL on Web Application Server ABAP.

Regards,

Francis

Show replies
Show replies
Former Member
‎02-09-2011 9:40 AM
0 Kudos

Hi antony,

As per your repsonce i checked my certificate.

I am able to see the Cerification status This certificate is OK. this cerificate is provided by client for HTTPS communication.

In STRUST 5 floders are avalble

System PSE

SNC SAPCryptolib

SSL server Standard

SSL client SSL Client (Anonymo

SSL client SSL Client (Standar

In baove floder in which folder i have to import the certifiate. after importing what knid of things i have to do. please let me know.

Thanks

Srini

Former Member
‎02-09-2011 9:57 AM
0 Kudos

Hi,

You would need to import the certificate in 'SSL client SSL Client' (Standard) afterwards restart ICM.

Do you have all the certificates in the 'Certification path' with you or only the last one. probably you also have to import the root certificate. the SSL connection can be tested by creating a HTTP destination to the external server in SM59.

Regards,

Francis

Former Member
‎02-09-2011 10:34 AM
0 Kudos

Hi,

As per your replay i did same. while testing from SAP PI SM59 Type G. i am getting below error.

ICM_HTTP_SSL_ERROR

Answers (0)

Ask a Question