04-27-2015 1:33 PM
Hi All,
I found the following error in ICMAN Trace. Do you have any suggestion to troubleshoot the issue?
I have created SAPSSLS using Trust Manager and have the certificate signed by our Secure Login Server. In addition, I also import the root CA Certificate of Secure Login Server (and also the SSL Sub CA Certificate) to the certificate list of corresponding PSE. Also, at the client side, the root CA certificate also imported to client's certificate store.
I would be very grateful for any contribution.
Best regards,
Duy
04-28-2015 9:16 AM
04-27-2015 8:18 PM
Hi
It depends when did you change the certificate.
If 27.04 10:33 - there is only one error - probably access to admin interface with wrong credentials.
If not try to restart ICM (in SMICM transcation) and show all logs from "SSL Initialization" entry (or error before).
Regards
Przemek
04-28-2015 7:30 AM
Hi,
Before those errors in the screenshot, there is no other errors, the SSL initialization shows "Success - SapCryptoLib SSL ready!". Also, I did restart ICM manually, and there is no error found the system log at the time either.
Do you know what might be the cause of " SSL API error received a fatal TLS1.0 unknown_ca alert from the peer"? The peer in this case is the computer I used to access the ECC system via NWBC from a web browser. In the browser certificate store, I have also imported the root CA certificate Secure Login Server, so I'm not sure about the reason for those fatal alerts.
Regards,
Duy
04-28-2015 9:21 AM
Errors are sent from web browser client when you don't have CA chain in their certificate store.
You should have warning on your web browser page too.
04-28-2015 9:35 AM
Hi,
Actually I didn't have any warning in the web browsers. It's probably because I imported the CA certificates in the certificate stores already. It seems that the issue is with the SSL Server PSE since previously, I put the CA certificates there, restarted the ICM manually, cleared the browser cache and restarted the browser again but the issue still occur. Until later when I restarted the system, the errors are not seen in the log anymore.
Regards
Duy
04-28-2015 9:16 AM