Skip to Content
avatar image
Former Member

SAP Work Manager 6.0 - SSL Certificate Issue

Hello Experts,

We have installed the SMP 2.3 and also applied the SP03 PL01 patch, Now we are trying to deploy the SAP Work Manager 6.0 app using SMP2.3.

We have done the below steps.

1. Created Agentry Application in SAP Control Center.

2. Deployed the WM Package in that application(Can see that package in \Servers\UnwiredServer\Repository\Agentry\default )

3. Created .PFX and .CER SSL cerificates using openSSL as given in sybase infocenter document.

4. Copied the certificate file in location \Servers\UnwiredServer\Repository\Agentry\default\appname.

5. In SCC, Changed the Angel front configuration which points to our SSL(.PFX) certificate(authenticationCertificateStore and authenticationCertificateStorePassword).

After doing these steps when we restart the agentry server it gives following error

Authentication Store=AgentryServer.pfx(We have given the same name to our certificate)

SSL error: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure

(SSL Socket Error), SSL Socket Error (error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure, ), ..\Socket\openSSLsockets.cpp#358:OpenSSLcontext::OpenSSLcontext

Note :

If we start agentry server with by default certificate it's working(atlease i can see server is in RUNNING status) but when client communicates to agentry server it gives "certificate is not generic" error.

I'm not sure if I've missed any steps, Any help would be appreciated.

Regards,

Abhishek Wajge

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Feb 07, 2014 at 03:26 PM

    Abhishek,

    That error is indicating that the password you supplied in the Agentry.ini file is incorrect for the AgentryServer.pfx file.  A common cause for this can if you updated the authenticationCertificateStorePassword but forget to tell Agentry that the password is not Encoded.  See the example below.

    [ANGEL Front End]

    trustedCertificateStore=

    authenticationCertificateStore=bill.pfx

    authenticationCertificateStorePassword=mypasswordhere

    authenticationCertificateStorePasswordEncoded=true

    In this example, I provided my bill.pfx file and password but forgot to change the Encoded to false.


    authenticationCertificateStorePasswordEncoded=false

    When I launch my server I get the following error on startup

    ANGEL Front End: opening listen socket on port 7003

    Exception: 09:20:44 02/07/2014 : 159 (SSL Socket Error), SSL Socket Error (error

    :23076071:PKCS12 routines:PKCS12_parse:mac verify failure, ), ..\Socket\openSSLs

    ockets.cpp#358:OpenSSLcontext::OpenSSLcontext

    Switching the Encoded to false solves the problem for this example.  Of course if you fogot to change the password as well that would also give you the same error message.

    Good Luck!

    --Bill

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Feb 12, 2014 at 06:27 AM

    Hi All,

    We are facing similar error.  As per the work Manager installation guide "SAP-WM-6.0-Installation.pdf" Section 3.1.1 , we have followed the following steps to install the work manager:

    1. Unzipped the original work manager zip file.

    2. created  self signed certificate using openssl and named it as  "AgentryServer.pfx"

    3. Copied the AgentryServer.pfx to unzipped folder created in step 1

    4. Edit Agentry.ini by entring the appropriate password.

    5. Zipped the folder.

    6.Deployed the work manager zip file created in step 5

    7 . Imported/Register the certificate authority file into windows host trusted root certificates list.

    The error we get is as below:

    Events.log

    BIO routines:BIO_read:connect error, ..\Socket\openSSLsockets.cpp#997:OpenSSLstreamSocket::SSLStreamSocket::checkSSLerror

    Thread-####.log

    SSL error: error:2006F067:BIO routines:BIO_read:connect

    Any suggestions are appreciated.

    Thanks

    Gaurav

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 19, 2014 at 01:22 PM

    Hi all,

    I'm experiencing same problem, to be more exact everything worked perfectly until migration of my  account and laptop from SAP_ALL to GLOBAL domain, could it be any relation?

    Many thanks

    Massimiliano

    Add comment
    10|10000 characters needed characters exceeded

    • I had the same problem after domain migration.  I actually re-installed SMP to get the new certificate with the new domain name, then moved it to my client devices.

      Jason Latko - Senior Product Developer at SAP.

  • Mar 19, 2014 at 04:59 PM

    Hi all,

    problem has been solved SyBooks Online  has worked for me.

    Just note that first command: "openssl req -x509 -days 365 -newkey rsa:<bits> -keyout server-key.pem -out server-cert.pem" asks for several information, pay attention to

    "Common Name (eg, YOUR name) []:" parameters, here I've coded my FQHN

    It worked for me.

    Many thanks for all sent suggestions

    Best regards

    Massimiliano

    Add comment
    10|10000 characters needed characters exceeded