cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Transaction sso2 - The Digital Signature for This Certificate Cannot Be Verified

Go to solution
Former Member

on ‎01-07-2016 10:53 AM

0 Kudos

Hello Experts,

I am encountering an issue in transaction SSO2 which relates to importing a certificate from Enterprise Portal to ECC for the purpose of using Portal to generate Logon Tickets and the ABAP system to accept the Logon Tickets.

Process:

I have exported the SAPLogonTicketKeypair-cert.cert from our Enterprise Portal

I then logon to client 000 of our ECC system and run transaction STRUSTSSO2

I import the certificate, add to certificate list and add to ACL

I then run transaction SSO2 and execute it with blank fields and the following warning is displayed - "The Digital Signature for This Certificate Cannot Be Verified" (as per below image)

I perform the same actions using the same certificate on our other ECC and SRM systems and everything works fine, testing of logon tickets works fine too.

Would anyone have any ideas as to what I can do to try and resolve the issue.

I have searched SCN, Googled, etc... but not found anything of value.

Thanks in advance for any responses

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-07-2016 11:10 AM
0 Kudos

My first guess would be to check that you actually imported it? The right side of the dynpro is actually a "clipboard" and does not save anything - that can be a bit confusing.

Cheers,

Julius

ps: what are the release differences between the two ECC systems?

Show replies
Show replies
Former Member
‎01-07-2016 12:26 PM
0 Kudos

Thank you for the quick response Julius!

To check if the certificate is imported successfully, I performed the following:

I exited from strustsso2 and then re-ran strustsso2 and can confirm the certificate is still in the Certificate List, which I can double click the certificate and all the correct details are populated in the Certificate section. Thus, I assume it has saved successfully.

The system also shows in the ACL list successfully.

I had a look at the release differences for the systems which the certificate is successfully working in (not showing any warnings in transaction sso2).

ECC system with SAP_BASIS release 740, SP-Level 007 .... shows the warning which this post is created about.

ECC system with SAP_BASIS release 740, SP-Level 009 .... is successful

SRM system with SAP_BASIS release 740, SP-Level 009 .... is successful

BW system with SAP_BASIS release 740, SP-Level 008 .... is successful

I do not have any additional SP07 systems to test with, thus unable to confirm if the issue is specifically related to SP07 or not, however the obvious thing would be for me to upgrade the ECC system from SP07 to SP09. (It is a Sandbox system, thus would not pose great issues for upgrading).

It does seem strange that it would be related to a SP level though, as this is pretty standard SAP functionality and would expect to see a lot more people with the same problem if it was SP related?

Before I schedule a time for the SP upgrade, are there any other things you would suggest checking?

Regards,

Patrick

Former Member
‎01-07-2016 12:44 PM
0 Kudos

Well... here is that awkward moment when I admit I didn't search enough and found an SNOTE that provides a fix.

The snote is http://service.sap.com/sap/support/notes/2016525 and addresses the specific issue regarding transaction SSO2 and getting warnings for entries in the ACL list.

I have applied the note... and will perform the walk of shame back to my desk.

Thanks

Former Member
‎01-07-2016 11:15 PM
0 Kudos

Unfortunately we dont have a way to "sticky" threads anymore as the real estate for other marketing topics took preference, but people who search with find this - thank you for posting the solution!

I am sure that many ECC system with HCM running from a portal AND renew their certificates might run into the same problem.

Lets see how many used self signed certificates.

Curiosity question: is your Enterprise Portal in a different domain?

Cheers,

Julius

Former Member
‎01-08-2016 6:16 AM
0 Kudos

Our SSL certificates are signed by an root CA, whereas other certs are self signed.

No, the Enterprise Portal is not in a different domain. All servers are in the same domain.

Regards,

Patrick

Answers (0)

Ask a Question