Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

The verification of the server's certificate chain failed

Hi All,

Not sure this is the right forum for this but never mind.

I am trying to get abap2GApps working and am having problems with the client certificates.

I am getting the below error in ICM :-

[Thr 06] Mon Jul 30 09:34:47 2012

[Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 06]    session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"

[Thr 06] SecudeSSL_SessionStart: SSL_connect() failed

  secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 06] >>            Begin of Secude-SSL Errorstack            >>

[Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E

ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete

[Thr 06] <<            End of Secude-SSL Errorstack

[Thr 06]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 06]   SSL NI-sock: local=172.30.7.170:59036  peer=172.30.8.100:80

[Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT

[Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]

Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.

For accounts.google.com they use (this set works) :-

1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US

2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA

3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

For docs.google.com they use a different set of SSL certs. :-

1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US

2) CN=Google Internet Authority, O=Google Inc, C=US

3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US

Can anyone explain what I am doing wrong or how to correct this?

Thanks

Craig

Not what you were looking for? View more on this topic or Ask a question