cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Content Certificate get HTTP error: 500 (Internal Serv E) Access Denied

Former Member

Hello all,

after installing SAP Content Server 640 on a Windows 2008 R2 SP1 System

it is not possible to get Certificate on SAP TA : CSADMIN

when I click on the Certificate button I get the following Error Message

HTTP error: 500 (Internal Server Error) "CertBag::ReadCerts failed rc=5, Access is denied.

What does it mean ?

the IIS Version seems the Standard

Thanks for your help

Bet regards

Vito

Accepted Solutions (0)

Answers (1)

Answers (1)

christoph_hopf
Advisor
Advisor

Hi Vito,

could you please run report RSCMST for the affected repository to check for any errors?

For each repository the SAP Content Server maintains two files that keep

the system certificates in order to verify signatures. Both are named

as the repository, one with extension ".cert" and one with ".pse".

These certificates and pse files are stored in the "Security" Directory

below the server installation directory

(C:\program files\SAP\Content Server\Security).

To resolve the issue, remove all files from the Security directory and

make sure that the Security directory has access rights "full control"

for everyone.

After that, distribute a new certificate to the content server for the

repository in question and activate it. This should produce two files

'your_repository_name.cert and your_repository_name.pse.

Afterwards, please test if the same error occurs when you run this

program RSCMST.

Please also ensure that there are no errors reported in transaction

STRUST; the system pse should have a green bauble associated with it.

The error:

HTTP error: 500 (Internal Server Error) "CertBag::ReadCerts failed

rc=5, Access is denied means the content server cannot read the

security subfolder present in Content server installation directory.

Content Server is an ISAPI extension hence the user running the

process "inetinfo" should have sufficiant authorizations to

read and write in to Content Server Installation folder.

Ususaly the default users would be "SYSTEM" or "NETWORK SERVICE"

you can verify this in the windows task manager processes tab the

user of inetinfo process.

Please provide Full access authorizations to these users. Please

provide full access to this directory and all its sub directories to

the NETWORK SERVICE user?

Please also ensure that you follow the recommendations within the

SAP note 851146.

Best regards,

Christoph

Former Member

Hello,

thank you very much!!!

Your advice about rights on directory was very helpfull.

"These certificates and pse files are stored in the "Security" Directory

below the server installation directory

(C:\program files\SAP\Content Server\Security).

To resolve the issue, remove all files from the Security directory and

make sure that the Security directory has access rights "full control"

for everyone."