Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring Secure Network Communication (SNC) between SAP systems and clients using WebSphere Adapter for SAP Software V7.5

Former Member
0 Kudos

getting  an error while provisioning user after configuring IT resource with SNC

SNC steps followed

1.     Creating SAP PSE

            sapgenpse get_pse -p SNCPSE.pse -x Password@123 CN=WKSBAN04FFB085A,OU=Mphasis,O=corp.mphasis.com,C=IN

2.     Configure the PSE and create a credentials file named cred_v2 for the user

          sapgenpse seclogin -p SNCPSE.pse -O vijay.k03

   

3.     Generate Own Certificate

          sapgenpse export_own_cert -v -p SNCPSE.pse -o CLIENT.crt

4.Maintain Certificate in OIM SAPPSE

          sapgenpse maintain_pk -v -a st1.crt -p SNCPSE.pse

PFA for configured it resource

ERROR ---->

Caused by:

RfcException: [null]

    message: CPIC-CALL: CMRCV on convId: 54628911

LOCATION    CPIC (TCP/IP) with Unicode

ERROR       GSS-API(maj): Miscellaneous failure

            GSS-API(min): A2200210:Peer certificate verification failed

            target="p:CN=ST1, OU=Mphasis, O=corp.mphasis.com, C=IN"

TIME        Mon Feb 22 14:49:08 2016

RELEASE     720

COMPONENT   SNC (Secure Network Communication)

VERSION     5

RC          -4

MODULE      sncxxall.c

LINE        3345

DETAIL      SncPEstablishContext

SYSTEM CALL gss_init_sec_context

COUNTER     6

    Return code: RFC_FAILURE(1)

3 REPLIES 3

Former Member
0 Kudos

From error "Peer certificate verification failed" it seems you have to import the peer certificate into the PSE.

Somewhere along the lines of:

sapgenpse maintain_pk –a <Peer-certificate> –p <PSE_file> -x <PIN>

Vanes
Advisor
Advisor
0 Kudos

Hi,

you could execute: sapgenpse maintain_pk -l -p <SNC PSE_file> and see if the correct certificate (it should be this one: p:CN=ST1, OU=Mphasis, O=corp.mphasis.com, C=IN) is in the list. You describe in 4. that you have imported a ST1 certificate but you should compare if it is correct.

regards

former_member202592
Participant
0 Kudos

Hello,

The "GSS-API(min): A2200210:Peer certificate verification failed" means that the Peer certificate was not imported in the server PSE.

In your scenario I believe that the WebSphere Adapter is acting like the client and the SAP system is acting as the server. Is the SAP system an ABAP system? If yes please do the following:

1. ICM Trace

a. Raise ICM trace level to 2;

b. Reproduce the issue;

c. Please attach the trace.

In the trace you will be able to identify which certificate is missing and in which PSE it should be imported. Refer to the Troubleshooting Guide below:

Troubleshooting Guide - How to troubleshoot the SSSLERR_PEER_CERT_UNTRUSTED (peer certificate (chain...

Cheers,

Filipe Santos