on 08-02-2013 12:43 PM
Hi all,
I am configuring SSL for LDAP connection in SAP NW CE 7.3. My LDAP is Microsoft Active Directory 2012 from where I downloaded the root certificate. Then I navigated to NWA - Certificate & Keys - Trusted CAs - Import Entry where I imported the certicate in X509 format. However when I 'Validate Configuration' in NWA - Identity Management - LDAP Server, I get below error:
Validation failed. Technical detail: No connection to the ldap server: <server>:636 CausePeer certificate rejected by ChainVerifier RootCause:Peer certificate rejected by ChainVerifier
I'm doubting maybe the certificate is not valid. Can you please advise how to resolve this.
regards.
please check if the LDAP SSL certificate chain is complete. it is required to import all items in the certificate chain. Check the AD root certificate, if the issuer and subject is the same, it is a root
certificate, otherwise the issuer certificate also has to be imported.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suraj,
view the SSL certificate in NWA - Key storage service and check the subject and issuer fields:
Certificate1
Subject name <AD host name with domain>
Issuer name <cert1_issuer name> --> points to Certificate2
Then you need the certificate from the authority <cert1_issuer_name>
Certificate2
Subject name <cert1_issuer name>
Issuer name <cert2_issuer name> --> points to Root certificate
In case of a root certificate the subject and issuer are the same:
Certificate_root
Subject name <cert2_issuer_name>
Issuer name <cert2_issuer_Name>
The certificate chain is complete when all certificate are present. It can be an SSL certificate signed by a root CA directly, the middle certificate is not required.
Best Regards,
Antal
Hi Suraj,
I was out of office and can check this thread now.
I cannot see your attachment, please check following links:
How to enable LDAP over SSL with a third-paty certification authority
http://support.microsoft.com/kb/321051
https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+D...https://confluence.atlassian.com/display/CROWD/Configuring+an+SSL+Certificate+for+Microsoft+Active+D...
Best Regards,
Antal
Hi Suraj
Kindly go thru SAP Knowledge Base Article
1758780 - SSL connection to LDAP server fails with iaik.security.ssl.SSLCertificateException: Peer certificate rejected by ChainVerifier
1862321 - SSL handshake fails with 'Extension error: keyusage does not allow certificate signing'
Thanks
Ram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
plz refer this link
http://scn.sap.com/thread/409109
http://scn.sap.com/thread/1731327
read this link
http://help.sap.com/saphelp_nwce10/helpdata/en/7d/77fa735e5f47a2a50b5336fd1b5a61/content.htm
WR,
PHB
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
83 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.