Hi experts,
I am trying to connect to HCP from ABAP.
I am facing the exact problem decribed here. Apparently, the SSL Client (Anonymous) PSE needs HCP's root certificate.
So as a solution, I 'd like to import the Root CA of hanatrial.ondemand.com into STRUST. Root CA seems to be Baltimore CyberTrust, so I go to https://www.digicert.com/digicert-root-certificates.htm and download the first certificate.
I also import it into Chrome and export it in both base-64 and DER formats.
In STRUST, I try to import the certificate I got in from the website above as well as the ones I exported from Chrome, via Import Certificate on the Anonymous Client PSE node.
All attempts fail with the Cannot analyse certificate message.
I also updated sapcrypto.dll (hope I did it correctly) but that did not help either.
What am I doing wrong?
-
Former Member
Update: I cannot seem to import *any* certifcates. Even certificates I imported a few weeks ago OR certificates I *export* from STRUST cannot be imported now and give the same error.
Also CRYPTOLIB is on 8.5.7 according to report SSF02:
SFLIB Version 1.850.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.5.7 (+MT) ##Copyright (c) SAP, 2011-2017##compiled for windows-x86-64##
So that can't be the issue, can it?
I think I facing a more fundamental configuration issue, since at least importing worked a few week ago. I'll try retracing my steps.
If you have any ideas, let me know!
2 Answers
-
Best Answer
Former MemberJan 23, 2017 at 02:50 PMSolved! Set the following parameters to default values again, then it worked:
ssl/ssl_lib
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dllsec/libsapsecu
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dllssf/ssfapi_lib
Windows NT:<DRIVE>:\usr\sap\<SID>\
SYS\exe\run\sapcrypto.dllssf/name
SAPSECULIB
Add comment
-
Jan 23 at 09:57 AM
In our case the parameter ssf/name was written in low case (sapseculib), after changing it to SAPSECULIB and restarting application server ... problem solved :)
Add comment
Add comment