cancel
Showing results for 
Search instead for 
Did you mean: 

Problem with SSL Connection in WebService (SOAMANAGER)

Former Member
0 Kudos

Hi,

I try to consume a webservice via SSL from my ABAP System. But I alwas get following error in SMICM-Log:

[Thr 2314] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS20/sec/SAPSSLA.pse, show client certificate if available

[Thr 2314] <<- SapSSLSetTargetHostname(sssl_hdl=117b95270)==SAP_O_K

[Thr 2314]      in: hostname = "xxx.xxx.com"

[Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 2314]    session uses PSE file "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLA.pse"

[Thr 2314] SecudeSSL_SessionStart: SSL_connect() failed

[Thr 2314]   secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 2314] >>

[Thr 2314] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

[Thr 2314] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=XX, CN=PKI, DC=XX, DC=

[Thr 2314] ERROR in get_path: (27/0x001b) Found root certificate of <CN=XXX, CN=PKI, DC=XX, DC=com> which does not fit th

[Thr 2314] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=XXX, CN=PKI, DC=XXX, DC=com> which does not

[Thr 2314] <<

[Thr 2314]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

If I change the PSE-Filename in debugger to SAPSSLS.pse, everything works fine...

[Thr 2571]   SapISSLComposeFilename(): Filename = "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse"

[Thr 2571] <<- SapSSLSetSessionCredential(sssl_hdl=117b952d0)==SAP_O_K

[Thr 2571]      in: cred_name = "/usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse"

[Thr 2571] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS20/sec/SAPSSLS.pse, show client certificate if available

[Thr 2571] <<- SapSSLSetTargetHostname(sssl_hdl=117b952d0)==SAP_O_K

[Thr 2571]      in: hostname = "xxx.xxx.com"

[Thr 2571]   No certificate request received from Server

[Thr 2571]   secudessl_AddSSL2Cache(): session_id_len==0

[Thr 2571]   MatchTargetName("xxx.xxx.com", CN="pki") MISmatch

[Thr 2571]   MatchTargetName("xxx.xxx.com", CN="Machine") MISmatch

[Thr 2571]   MatchTargetName("xxx.xxx.com", CN="xxx.xxx.com") == EXACT match

[Thr 2571] <<- SapSSLSessionStart(sssl_hdl=117b952d0)==SAP_O_K

Have you any idea what the problem is? I have installed the root certificate and have no further idea

Regards

Peter

Accepted Solutions (0)

Answers (1)

Answers (1)

jitendra_it
Active Contributor
0 Kudos

Hi Peter,

Take help from your basis team for troubleshooting. check this

http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CEIQFjAA&url=http%3A%2...

First check the SSL webservices is working in SAP system only Or not. for this u can create a webservice with https and consume in same system. If its working properly then u can try with external https services.

Many Thanks,

Jitendra