on 09-14-2012 7:03 AM
Hi,
I try to consume a webservice via SSL from my ABAP System. But I alwas get following error in SMICM-Log:
[Thr 2314] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS20/sec/SAPSSLA.pse, show client certificate if available
[Thr 2314] <<- SapSSLSetTargetHostname(sssl_hdl=117b95270)==SAP_O_K
[Thr 2314] in: hostname = "xxx.xxx.com"
[Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 2314] session uses PSE file "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLA.pse"
[Thr 2314] SecudeSSL_SessionStart: SSL_connect() failed
[Thr 2314] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 2314] >>
[Thr 2314] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
[Thr 2314] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=XX, CN=PKI, DC=XX, DC=
[Thr 2314] ERROR in get_path: (27/0x001b) Found root certificate of <CN=XXX, CN=PKI, DC=XX, DC=com> which does not fit th
[Thr 2314] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=XXX, CN=PKI, DC=XXX, DC=com> which does not
[Thr 2314] <<
[Thr 2314] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
If I change the PSE-Filename in debugger to SAPSSLS.pse, everything works fine...
[Thr 2571] SapISSLComposeFilename(): Filename = "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse"
[Thr 2571] <<- SapSSLSetSessionCredential(sssl_hdl=117b952d0)==SAP_O_K
[Thr 2571] in: cred_name = "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse"
[Thr 2571] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse, show client certificate if available
[Thr 2571] <<- SapSSLSetTargetHostname(sssl_hdl=117b952d0)==SAP_O_K
[Thr 2571] in: hostname = "xxx.xxx.com"
[Thr 2571] No certificate request received from Server
[Thr 2571] secudessl_AddSSL2Cache(): session_id_len==0
[Thr 2571] MatchTargetName("xxx.xxx.com", CN="pki") MISmatch
[Thr 2571] MatchTargetName("xxx.xxx.com", CN="Machine") MISmatch
[Thr 2571] MatchTargetName("xxx.xxx.com", CN="xxx.xxx.com") == EXACT match
[Thr 2571] <<- SapSSLSessionStart(sssl_hdl=117b952d0)==SAP_O_K
Have you any idea what the problem is? I have installed the root certificate and have no further idea
Regards
Peter
Hi Peter,
Take help from your basis team for troubleshooting. check this
First check the SSL webservices is working in SAP system only Or not. for this u can create a webservice with https and consume in same system. If its working properly then u can try with external https services.
Many Thanks,
Jitendra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.