Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SAP Router Issue - GSS-API(maj): A token had an invalid signature...

Hello Friends,

  We renewed a saprouter certificate, It was successfull and we dint face any error during the process. But when we start the router it throws the below error in dev_rout file..

"Sat Jul 11 14:01:22 2015

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE'

[sncxxall3374]*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3340]

      GSS-API(maj): A token had an invalid signature

      GSS-API(min): Certification path incomplete

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (rc=-4;0022FB98;1803) [nisnc.c      998]

*** WARNING => NiBufISetHS: ready could not be freed (hdl 2) [nibuf.cpp    4356]

*** ERROR => SncPEstablishContext() failed for target='p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE'

[sncxxall3374]*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [sncxxall.c 3340]

      GSS-API(maj): A token had an invalid signature

      GSS-API(min): Certification path incomplete

    Unable to establish the security context

    target="p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE"

<<- SncProcessInput()==SNCERR_GSSAPI

*** ERROR => NiSncIProcIn: SncProcessInput failed (rc=-4;0022FB98;1803) [nisnc.c      998]"

I found the note 95810 - Problem analysis when using SNC with Secude  with the fallowing solution.

"2.1 Errors in the Security Network Layer

------------------------------------

2.1.1 Signature of a certificate cannot be checked

----------------------------------------------------------

The PSE (Personal Security Environment) of the user and application server are issued by different CAs (Certification Authorities). The PSE of the user does not contain a public key of a CA with which the certificate of the application server can be verified.

Use PSEs of the same CA. If this is impossible, check out the option of cross certification with Secude support."



But we do not understand solution. Where and in which file i have to change the public key of CA.


Please help me to to resolve this issue.



Thanks&Regards


Farkath C




Tags:
Former Member
Not what you were looking for? View more on this topic or Ask a question