Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ERROR during SecuSSL_SessionStart

Go to solution
Duy_Le_-_Islet_
Participant

‎04-27-2015 1:33 PM

0 Kudos

Hi All,

I found the following error in ICMAN Trace. Do you have any suggestion to troubleshoot the issue?

I have created SAPSSLS using Trust Manager and have the certificate signed by our Secure Login Server. In addition, I also import the root CA Certificate of Secure Login Server (and also the SSL Sub CA Certificate) to the certificate list of corresponding PSE. Also, at the client side, the root CA certificate also imported to client's certificate store.

I would be very grateful for any contribution.

Best regards,

Duy

Preview file
89 KB
1 ACCEPTED SOLUTION

Go to solution
Duy_Le_-_Islet_
Participant

‎04-28-2015 9:16 AM

0 Kudos

Hi,

The errors are fixed after restarting the system.

Regards,

Duy

5 REPLIES 5

Go to solution
Private_Member_69416
Active Participant

‎04-27-2015 8:18 PM

0 Kudos

Hi

It depends when did you change the certificate.

If 27.04 10:33 - there is only one error - probably access to admin interface with wrong credentials.

If not try to restart ICM (in SMICM transcation) and show all logs from "SSL Initialization" entry (or error before).

Regards

Przemek

Go to solution
Duy_Le_-_Islet_
Participant
In response to Private_Member_69416

‎04-28-2015 7:30 AM

0 Kudos

Hi,

Before those errors in the screenshot, there is no other errors, the SSL initialization shows "Success - SapCryptoLib SSL ready!". Also, I did restart ICM manually, and there is no error found the system log at the time either.

Do you know what might be the cause of " SSL API error received a fatal TLS1.0 unknown_ca alert from the peer"? The peer in this case is the computer I used to access the ECC system via NWBC from a web browser. In the browser certificate store, I have also imported the root CA certificate Secure Login Server, so I'm not sure about the reason for those fatal alerts.

Regards,

Duy

Go to solution
Private_Member_69416
Active Participant
In response to Private_Member_69416

‎04-28-2015 9:21 AM

0 Kudos

Errors are sent from web browser client when you don't have CA chain in their certificate store.

You should have warning on your web browser page too.

Go to solution
Duy_Le_-_Islet_
Participant
In response to Private_Member_69416

‎04-28-2015 9:35 AM

0 Kudos

Hi,

Actually I didn't have any warning in the web browsers. It's probably because I imported the CA certificates in the certificate stores already. It seems that the issue is with the SSL Server PSE since previously, I put the CA certificates there, restarted the ICM manually, cleared the browser cache and restarted the browser again but the issue still occur. Until later when I restarted the system, the errors are not seen in the log anymore.

Regards

Duy

Go to solution
Duy_Le_-_Islet_
Participant

‎04-28-2015 9:16 AM

0 Kudos

Hi,

The errors are fixed after restarting the system.

Regards,

Duy