on 10-17-2014 3:48 PM
Hi all,
I'm trying to setup client certificate authentication on a Java AS 7.31 SP13.
I followed all the available online manuals, importing keys and certificates, configuring keystore in NWA and also configuring ICM.
Still, in ICM I get the following error:
[Thr 1944] SSL_get_state() returned 0x00001181 "SSLv3 read client certificate B"
[Thr 1944] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 1944] session uses PSE file "D:\usr\sap\PO1\J00\sec\SAPSSLS.pse"
[Thr 1944] SecudeSSL_SessionStart: SSL_accept() failed --
[Thr 1944] secude_error 9 (0x00000009) = "the verification of the client's certificate chain failed"
[Thr 1944] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1944] ERROR in ssl3_get_client_certificate: (9/0x0009) the verification of the client's certificate chain failed
[Thr 1944] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete
[Thr 1944] ERROR in get_path: (106/0x006a) Can't verify certificate with PKRoot: Is not a CA certificate
[Thr 1944] << ---------- End of Secude-SSL Errorstack ----------
The client certificate that I'm using is self-signed, but I've imported it as Trusted CA and also in the SSL keystores in NWA.
Also, I've updated the profile parameters for ICM:
icm/HTTPS/trust_client_with_subject
icm/HTTPS/trust_client_with_issuer
Not sure what is going on here, in particular I don't understand the "Is not a CA certificate" message.
Sorry if this is some naive question, but I'm pretty new to these topics and any help would be greatly appreciated
Could anyone please assist?
Thanks, regards
Vincenzo
Hi
Could you refer the SAP Note
1094342 - ICM trace contains verification of the server's certificate
Regards
SS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi, thanks for your help
Actually I am aware of the SAP note but it applies to ABAP stacks.
Also, the message applies to "the verification of the server's certificate chain failed"
while in my case I have problems with the client certificates.
I've done the equivalent configuration steps in the Java AS: importing the relevant certificates in the SSL keystores and in Trusted CAs keystore.
Any idea what could be wrong here?
Thanks, regards
Vincenzo
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.