Hi experts,
I am trying to connect to HCP from ABAP.
I am facing the exact problem decribed here. Apparently, the SSL Client (Anonymous) PSE needs HCP's root certificate.
So as a solution, I 'd like to import the Root CA of hanatrial.ondemand.com into STRUST. Root CA seems to be Baltimore CyberTrust, so I go to https://www.digicert.com/digicert-root-certificates.htm and download the first certificate.
I also import it into Chrome and export it in both base-64 and DER formats.
In STRUST, I try to import the certificate I got in from the website above as well as the ones I exported from Chrome, via Import Certificate on the Anonymous Client PSE node.
All attempts fail with the Cannot analyse certificate message.
I also updated sapcrypto.dll (hope I did it correctly) but that did not help either.
What am I doing wrong?
Update: I cannot seem to import *any* certifcates. Even certificates I imported a few weeks ago OR certificates I *export* from STRUST cannot be imported now and give the same error.
Also CRYPTOLIB is on 8.5.7 according to report SSF02:
SFLIB Version 1.850.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.5.7 (+MT) ##Copyright (c) SAP, 2011-2017##compiled for windows-x86-64##
So that can't be the issue, can it?
I think I facing a more fundamental configuration issue, since at least importing worked a few week ago. I'll try retracing my steps.
If you have any ideas, let me know!
Solved! Set the following parameters to default values again, then it worked:
ssl/ssl_lib
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll
sec/libsapsecu
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll
ssf/ssfapi_lib
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll
ssf/name
SAPSECULIB
In our case the parameter ssf/name was written in low case (sapseculib), after changing it to SAPSECULIB and restarting application server ... problem solved :)