$(function () { pageContext.i18n.modTalk = 'moderation talk'; pageContext.i18n.replyToComment = 'Reply'; pageContext.i18n.modTalkEmpty = 'moderation talk is empty'; pageContext.url.getModTalk = "/comments/%25ID%25/listModTalk.json"; pageContext.url.possibleCommentRecipients = "/comments/%ID%/possibleRecipients.json"; pageContext.url.commentEdit = '/comments/%25ID%25/edit.html'; pageContext.url.commentView = '/comments/%ID%/view.html'; pageContext.i18n.commentVisibility = { 'full': 'Viewable by all users', 'op': 'Viewable by the original poster', 'mod': 'Viewable by moderators', 'opAndMod': 'Viewable by moderators and the original poster', 'other': 'Advanced visibility', 'dialogTitle': 'Comment visibility', 'selectGroups': 'Visible to groups', 'selectOther': 'Other recipients', 'selectOriginalPoster': 'Original poster', 'selectModerators': 'Moderators', 'selectAssignees': 'Asked to answer users' }; pageContext.i18n.commentMenuLabels = { 'comment-edit': 'comments.menu.edit', 'comment-delete': 'comments.menu.delete', 'comment-convert': 'comments.menu.convert' };pageContext.i18n.answer= { bestAnswer: 'Best Answer', controlBar : { accept: 'Accept', unaccept: 'Unaccept', acceptCommand: 'Accept this answer as correct', cancelAcceptedCommand: 'Remove this answers accepted status' } }; window.croles = { u: false, op: false, m: false, og: false, as: false, ag: false, dc: false, doc: false, eo: false, ea: false }; tools.init({ q: { e: false, ew: false, eo: false, r: false, ro: false, d: false, dow: false, fv: false, c: false, co: false, p: false, tm: false , ms: false, mos: false }, n: { f: false, vf: false, vfo: false, vr: true, vro: true, c: false, co: false, vu: false, vd: false, w: false, wo: false, l: false }, c: { e: false, eo: false, d: false, dow: false, ta: false, tao: false, l: false }, a: { e: false, ew: false, eo: false, d: false, dow: false, a: false, aoq: false, ao: false, tc: false, tco: false, p: false, tm: false }, pc: croles }, { tc: true, nsc: true }); commandUtils.initializeLabels(); }); Skip to Content
avatar image
Former Member

ICM_HTTP_SSL error for RFC destinations

Hi All, I am trying the connection test for HMRC RFC destination and I am getting the ICM_HTTP_SSL error. The icm trace shows

Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

Thr 2314]    session uses PSE file "/usr/sap/PIP/DVEBMGS00/sec/SAPSSLA.pse"

Thr 2314] SecudeSSL_SessionStart: SSL_connect() failedThr 2314]   secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"Thr 2314] >>            Begin of Secude-SSL Errorstack            >>

Thr 2314] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

Thr 2314] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "CN=VeriSign Class 3 Public Primary Ce

Thr 2314] ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete

Thr 2314] <<            End of Secude-SSL Errorstack

Thr 2314]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

Thr 2314]   SSL NI-sock: local=149.170.135.6:49916  peer=157.203.50.169:443

Thr 2314] <<- ERROR: SapSSLSessionStart(sssl_hdl=116d39bd0)==SSSLERR_SSL_CONNECT

Thr 2314] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00085b12} [icxxconn_mt.c 1957]

I understand the certificate chain is not valid, but I dont know how to get this fixed.

I followed this post and looks similar to issue I am facing. ICM_HTTP_SSL_ERROR when calling web service

Thanks,

Bharath

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Oct 11, 2013 at 10:57 AM

    Hi,

    "the verification of the server's certificate chain failed"

    This means that client or server's certificate or your client's public certificate for that server is not ok. This is a double and asimetric key system, Server has a key pair(public and private) and client has only the public key of each server.

    You should:

    1-Regenerate server's certificate or be sure of certificate is properly generated. May be that it's not lapsed but internally is bad generated

    2-In tr strust of server export public key of this certificate

    3-In tr strust of client, import exported public key

    regards

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 11, 2013 at 09:32 AM

    Hi Bharath,

    Did you configure STRUST properly?

    Regrads

    Gagan

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Gagandeep Batra

      Hi,

      Thanks for your reply.

      Yes I checked the certificates. One certificate's going to expire in 2014 and the other on 25 october 2013.

      Regards,

      Bharath

  • avatar image
    Former Member
    Oct 14, 2013 at 11:20 AM

    Hi all,

    Thanks for your replies.

    I dont know why but I had to re import the Veri sign certificates in strust transaction and now the RFC destination is working fine.

    Thanks,

    Bharath

    Add comment
    10|10000 characters needed characters exceeded