Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

ERROR during SecudeSSL - Rapid Content Delivery in SSM

Hi Gurus,

we try to configure Rapid Content Delivery in SSM.

We have imported all needed certificates for the SSL in STRUST.

Symantec_Class_1_Individual_Subscriber_CA_-_G4

VeriSign_Class_1_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_2_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5

VeriSign_Class_3_Secure_Server_CA

VeriSign_Class_4_Public_Primary_Certification_Authority_-_G3

VeriSign_Inc.

GTE CyberTrust Global Root
But we alway get the following error.

[Thr 1800] Fri Jan 16 15:50:21 2015

[Thr 1800] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 1800]    session uses PSE file "/usr/sap/SSM/DVEBMGS01/sec/SAPSSLC.pse"

[Thr 1800] SecudeSSL_SessionStart: SSL_connect() failed --

[Thr 1800]   secude_error 536872221 (0x2000051d) = "SSL API error"

[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>

[Thr 1800] 0x2000051d | SAPCRYPTOLIB | SSL_connect

[Thr 1800] SSL API error

[Thr 1800] Failed to verify peer certificate. Peer not trusted.

[Thr 1800] 0xa0600203 | SSL | ssl_verify_peer_certificates

[Thr 1800] Peer not trusted

[Thr 1800] 0xa0600297 | SSL | ssl_cert_checker_verify_certificates

[Thr 1800] peer certificate (chain) is not trusted

[Thr 1800] PropertyBlock:

[Thr 1800]   Status      :Not successful

[Thr 1800]   Profile     :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800]   SignerStatus:Not successful

[Thr 1800]   SignerVerificationResult:

[Thr 1800]     element#no="1":

[Thr 1800]       Status      :Not successful

[Thr 1800]       Validity    :Successful

[Thr 1800]       BasicConstraints:Successful

[Thr 1800]       KeyUsage    :Successful

[Thr 1800]       ObjectStatus:Not successful

[Thr 1800]       SignerCert:

[Thr 1800]         Certificate:

[Thr 1800]             Subject     :CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US

[Thr 1800]         Verification result:

[Thr 1800]           Status      :Not successful

[Thr 1800]           Profile     :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800]           SignerStatus:Not successful

[Thr 1800]           BasicConstraintsPathLen:1

[Thr 1800]           SignerVerificationResult:

[Thr 1800]             element#no="1":

[Thr 1800]               Status      :Not successful

[Thr 1800]               Validity    :Successful

[Thr 1800]               BasicConstraints:Successful

[Thr 1800]               KeyUsage    :Successful

[Thr 1800]               ObjectStatus:Not successful

[Thr 1800]               SignerCert:

[Thr 1800]                 Certificate:

[Thr 1800]                     Subject     :CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

[Thr 1800]                 Verification result:

[Thr 1800]                   Status      :Not successful

[Thr 1800]                   Profile     :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800]                   SignerStatus:Not successful

[Thr 1800]                   SignerVerificationResult: None

[Thr 1800]

[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------

[Thr 1800]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 1800]   SSL NI-sock: local=172.16.130.221:47564  peer=172.16.143.101:80

[Thr 1800] <<- ERROR: SapSSLSessionStart(sssl_hdl=1115818b0)==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 1800] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-102): SSSLERR_PEER_CERT_UNTRUSTED {0009b898} [icxxconn_mt.c 1957]

Has someone a suggestion?

regards

Chris

Tags:
Former Member
Former Member replied

Okay, i found my issue.

I imported the certificates to "System-PSE" instead to "SSL Client SSL Client (Standard)"

blunder

regards

Chris

1 View this answer in context
Not what you were looking for? View more on this topic or Ask a question