cancel
Showing results for 
Search instead for 
Did you mean: 

SAP Work Manager 6.0 - SSL Certificate Issue

Former Member
0 Kudos

Hello Experts,

We have installed the SMP 2.3 and also applied the SP03 PL01 patch, Now we are trying to deploy the SAP Work Manager 6.0 app using SMP2.3.

We have done the below steps.

1. Created Agentry Application in SAP Control Center.

2. Deployed the WM Package in that application(Can see that package in \Servers\UnwiredServer\Repository\Agentry\default )

3. Created .PFX and .CER SSL cerificates using openSSL as given in sybase infocenter document.

4. Copied the certificate file in location \Servers\UnwiredServer\Repository\Agentry\default\appname.

5. In SCC, Changed the Angel front configuration which points to our SSL(.PFX) certificate(authenticationCertificateStore and authenticationCertificateStorePassword).

After doing these steps when we restart the agentry server it gives following error

Authentication Store=AgentryServer.pfx(We have given the same name to our certificate)

SSL error: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure

(SSL Socket Error), SSL Socket Error (error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, ), ..\Socket\openSSLsockets.cpp#358:OpenSSLcontext::OpenSSLcontext

Note :

If we start agentry server with by default certificate it's working(atlease i can see server is in RUNNING status) but when client communicates to agentry server it gives "certificate is not generic" error.

I'm not sure if I've missed any steps, Any help would be appreciated.

Regards,

Abhishek Wajge

Accepted Solutions (1)

Accepted Solutions (1)

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Abhishek,

That error is indicating that the password you supplied in the Agentry.ini file is incorrect for the AgentryServer.pfx file.  A common cause for this can if you updated the authenticationCertificateStorePassword but forget to tell Agentry that the password is not Encoded.  See the example below.

[ANGEL Front End]

trustedCertificateStore=

authenticationCertificateStore=bill.pfx

authenticationCertificateStorePassword=mypasswordhere

authenticationCertificateStorePasswordEncoded=true

In this example, I provided my bill.pfx file and password but forgot to change the Encoded to false.


authenticationCertificateStorePasswordEncoded=false

When I launch my server I get the following error on startup

ANGEL Front End: opening listen socket on port 7003

Exception: 09:20:44 02/07/2014 : 159 (SSL Socket Error), SSL Socket Error (error

:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, ), ..\Socket\openSSLs

ockets.cpp#358:OpenSSLcontext::OpenSSLcontext

Switching the Encoded to false solves the problem for this example.  Of course if you fogot to change the password as well that would also give you the same error message.

Good Luck!

--Bill

Former Member
0 Kudos

Hi Bill,

Thanks for taking your time however I've given the right password and also encoded value set to false but again will double check and give you update.

Also, I can see there are two different agentry.ini files available in SMP2.3 installation directory, one is located at \Servers\AgenryServer\Agentry.ini and other one is located at \Servers\UnwiredServer\Repository\Agentry\default\appname\package\agentry.ini , which one i need to modify? I'm bit confused here as i don't know which agentry.ini file is required to publish the app.


Can you please help to solve my queries.


Regards,

Abhishek Wajge

Former Member
0 Kudos

modify "\Servers\UnwiredServer\Repository\Agentry\default\appname\agentry.ini "

Answers (3)

Answers (3)

0 Kudos

Hi all,

problem has been solved SyBooks Online  has worked for me.

Just note that first command: "openssl req -x509 -days 365 -newkey rsa:<bits> -keyout server-key.pem -out server-cert.pem" asks for several information, pay attention to

"Common Name (eg, YOUR name) []:" parameters, here I've coded my FQHN

It worked for me.

Many thanks for all sent suggestions

Best regards

Massimiliano

0 Kudos

Hi all,

I'm experiencing same problem, to be more exact everything worked perfectly until migration of my  account and laptop from SAP_ALL to GLOBAL domain, could it be any relation?

Many thanks

Massimiliano

bill_froelich
Product and Topic Expert
Product and Topic Expert
0 Kudos

Yes your host name would have changed during the migration.   You probably need to regenerate the certificate using the new host name.  If your certificate was based on your old FQDN that won't resolve anymore and you will need to use the new domain name.

--Bill

jason_latko
Active Contributor
0 Kudos

I had the same problem after domain migration.  I actually re-installed SMP to get the new certificate with the new domain name, then moved it to my client devices.

Jason Latko - Senior Product Developer at SAP.

Former Member
0 Kudos

Hi All,

We are facing similar error.  As per the work Manager installation guide "SAP-WM-6.0-Installation.pdf" Section 3.1.1 , we have followed the following steps to install the work manager:

1. Unzipped the original work manager zip file.

2. created  self signed certificate using openssl and named it as  "AgentryServer.pfx"

3. Copied the AgentryServer.pfx to unzipped folder created in step 1

4. Edit Agentry.ini by entring the appropriate password.

5. Zipped the folder.

6.Deployed the work manager zip file created in step 5

7 . Imported/Register the certificate authority file into windows host trusted root certificates list.

The error we get is as below:

Events.log

BIO routines:BIO_read:connect error, ..\Socket\openSSLsockets.cpp#997:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror

Thread-####.log

SSL error: error:2006F067:BIO routines:BIO_read:connect

Any suggestions are appreciated.

Thanks

Gaurav