Skip to Content
author's profile photo Former Member
Former Member

Problem creating SM59 connection to HTTPS

Hello -

I am trying to connect to an external REST API from SAP over HTTPS. In SAP I have created a connection in SM59 with the host/prefix & port. The vendor has indicated that they do not issue out SSL certificates, and that we must use basic authentication (username/password) to authenticate.

In SM59 when I set SSL to inactive and test the connection, I get a 400 Bad Request - The plain HTTP request was sent to HTTPS port message. When I set to SSL active I get an ICM_HTTP_SSL_ERROR which I assume indicates that there is an issue with the SSL certificate, yet we do not need an SSL certificate to connect. Thus I am not sure what to do in order to make SAP connect?

Has anyone faced this issue that can offer any advice? Below is the error from the ICM monitor.

[Thr 16924] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 16924] session uses PSE file "K:\usr\sap\DEV\DVEBMGS00\sec\SAPSSLA.pse"

[Thr 16924] SecudeSSL_SessionStart: SSL_connect() failed

[Thr 16924] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 16924] >> Begin of Secude-SSL Errorstack >>

[Thr 16924] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #

[Thr 16924] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "EMAIL=info@valicert.com, CN=http://w

[Thr 16924] ERROR in get_path: (27/0x001b) Found root certificate of <EMAIL=info@valicert.com, CN=http://www.valicert.com/, OU=ValiC

[Thr 16924] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <EMAIL=info@valicert.com, CN=http://www.valicert.com/, O

[Thr 16924] << End of Secude-SSL Errorstack

[Thr 16924] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 16924] SSL NI-sock: local=10.10.7.78:62645 peer=131.103.27.179:443

[Thr 16924] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000000C170B10)==SSSLERR_SSL_CONNECT

[Thr 16924] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {005a66f8} [icxxconn.c 1957]

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Sep 04, 2013 at 08:09 PM

    HTTPS (which is basically HTTP over SSL) requires a certificate, always. Your vendor might not issue client certificates but they have a server certificate. You have to import the complete server certificate including any intermediate certificates and root certificate, uless already known by AS ABAP, in STRUST.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.