Skip to Content
0

STRUST: Cannot analyze certificate

Jan 20, 2017 at 05:04 PM

968

avatar image
Former Member

Hi experts,

I am trying to connect to HCP from ABAP.

I am facing the exact problem decribed here. Apparently, the SSL Client (Anonymous) PSE needs HCP's root certificate.

So as a solution, I 'd like to import the Root CA of hanatrial.ondemand.com into STRUST. Root CA seems to be Baltimore CyberTrust, so I go to https://www.digicert.com/digicert-root-certificates.htm and download the first certificate.

I also import it into Chrome and export it in both base-64 and DER formats.

In STRUST, I try to import the certificate I got in from the website above as well as the ones I exported from Chrome, via Import Certificate on the Anonymous Client PSE node.

All attempts fail with the Cannot analyse certificate message.

I also updated sapcrypto.dll (hope I did it correctly) but that did not help either.

What am I doing wrong?

10 |10000 characters needed characters left characters exceeded
Former Member

Update: I cannot seem to import *any* certifcates. Even certificates I imported a few weeks ago OR certificates I *export* from STRUST cannot be imported now and give the same error.

Also CRYPTOLIB is on 8.5.7 according to report SSF02:

SFLIB Version 1.850.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.5.7 (+MT) ##Copyright (c) SAP, 2011-2017##compiled for windows-x86-64##

So that can't be the issue, can it?

I think I facing a more fundamental configuration issue, since at least importing worked a few week ago. I'll try retracing my steps.

If you have any ideas, let me know!

0
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
avatar image
Former Member Jan 23, 2017 at 02:50 PM
0

Solved! Set the following parameters to default values again, then it worked:

ssl/ssl_lib

Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll

sec/libsapsecu

Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll

ssf/ssfapi_lib

Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dll

ssf/name

SAPSECULIB

Share
10 |10000 characters needed characters left characters exceeded
Martin Rosecky Jan 23 at 09:57 AM
0

In our case the parameter ssf/name was written in low case (sapseculib), after changing it to SAPSECULIB and restarting application server ... problem solved :)

Share
10 |10000 characters needed characters left characters exceeded