on 03-10-2016 10:08 AM
Hi,
when setting up the technical monitoring of our PO system we get the following error message.
TR: SOLMAN_SETUP --> Technical Monitoring --> Integration Monitoring --> Prozessintegration
General Note we tested 1796893, 2274878, 1791457.
Unfortunately I could not find a solution, every tip I would be very grateful.
Best regards
Georg
Hi,
we have opened a message by SAP.
The error was an incorrect entry.
SOLMAN_SETUP --> Managed Systems Configuration --> Enter System Parameters --> Common Parameters
Regards
Georg
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hallo,
please ICM trace file dev_icm.
Regards
Thomas.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hallo Georg,
the error in ICM is:
peer certificate (chain) is not trusted
Follow by a reference to the certificate:
[Thr 140138213611264] Certificate:
[Thr 140138213611264] Certificate:
[Thr 140138213611264] Subject :CN=XXXXX
[Thr 140138213611264] Issuer :CN=XXXXX
The error appears to occur for all three PSEs (refer to STRUSTSSO)
/usr/sap/***/DVEBMGS**/sec/SAPSSLA.pse: SSL client SSL Client (Anonymous)
/usr/sap/***/DVEBMGS**/sec/SAPSSLS.pse: SSL Server Standard
/usr/sap/***/DVEBMGS**/sec/SAPSSLC.pse: SSL client SSL Client (Standard)
I believe you need to add certificate with "Subject :CN=******.xxxxx-airport.de, OU=InstantSSL, OU=Issued etc. etc." to STRUSTSSO of "SSL client SSL Client (Anonymous)", "SSL Server Standard" and "SSL client SSL Client (Standard)" on instance ***, DVEBMGS**.
Above certificate is signed (issued) by "CN=COMODO RSA Organization Validation Secure Server CA etc.". My understanding is that COMODO isn't usually trusted, so you will also need to add this certificate as well (you can extract/export it from your Airport-certificate).
To get the Airport-certificate point your browser at the Airport-host and double-click the lock-symbol in the URL.
Regards
Thomas.
Hallo Georg,
you are getting a different error in ICM now:
[Thr 140163579234048] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH {00030026} [icxxconn_mt.c 1989]
Please refer to note http://service.sap.com/sap/support/notes/1318906 regarding this new error after importing your certificates.
The important sentence in the note is: "You must be able to access the server at the address for which the certificate was issued."
E.g. your certificate might be issued for a server name whereas the access from Solution Manager is via IP.
Maybe you want to increase the ICM trace level to 2 (via transaction SMICM) to get more details on which certificate is causing the issue.
Regards
Thomas.
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.