02-22-2016 11:09 AM
getting an error while provisioning user after configuring IT resource with SNC
SNC steps followed
1. Creating SAP PSE
sapgenpse get_pse -p SNCPSE.pse -x Password@123 CN=WKSBAN04FFB085A,OU=Mphasis,O=corp.mphasis.com,C=IN
2. Configure the PSE and create a credentials file named cred_v2 for the user
sapgenpse seclogin -p SNCPSE.pse -O vijay.k03
3. Generate Own Certificate
sapgenpse export_own_cert -v -p SNCPSE.pse -o CLIENT.crt
4.Maintain Certificate in OIM SAPPSE
sapgenpse maintain_pk -v -a st1.crt -p SNCPSE.pse
PFA for configured it resource
ERROR ---->
Caused by:
RfcException: [null]
message: CPIC-CALL: CMRCV on convId: 54628911
LOCATION CPIC (TCP/IP) with Unicode
ERROR GSS-API(maj): Miscellaneous failure
GSS-API(min): A2200210:Peer certificate verification failed
target="p:CN=ST1, OU=Mphasis, O=corp.mphasis.com, C=IN"
TIME Mon Feb 22 14:49:08 2016
RELEASE 720
COMPONENT SNC (Secure Network Communication)
VERSION 5
RC -4
MODULE sncxxall.c
LINE 3345
DETAIL SncPEstablishContext
SYSTEM CALL gss_init_sec_context
COUNTER 6
Return code: RFC_FAILURE(1)
02-23-2016 9:28 AM
From error "Peer certificate verification failed" it seems you have to import the peer certificate into the PSE.
Somewhere along the lines of:
sapgenpse maintain_pk –a <Peer-certificate> –p <PSE_file> -x <PIN>
03-16-2016 3:47 PM
Hi,
you could execute: sapgenpse maintain_pk -l -p <SNC PSE_file> and see if the correct certificate (it should be this one: p:CN=ST1, OU=Mphasis, O=corp.mphasis.com, C=IN) is in the list. You describe in 4. that you have imported a ST1 certificate but you should compare if it is correct.
regards
04-07-2016 5:31 PM
Hello,
The "GSS-API(min): A2200210:Peer certificate verification failed" means that the Peer certificate was not imported in the server PSE.
In your scenario I believe that the WebSphere Adapter is acting like the client and the SAP system is acting as the server. Is the SAP system an ABAP system? If yes please do the following:
1. ICM Trace
a. Raise ICM trace level to 2;
b. Reproduce the issue;
c. Please attach the trace.
In the trace you will be able to identify which certificate is missing and in which PSE it should be imported. Refer to the Troubleshooting Guide below:
Cheers,
Filipe Santos