Skip to Content
avatar image
Former Member

STRUST: Cannot analyze certificate

Hi experts,

I am trying to connect to HCP from ABAP.

I am facing the exact problem decribed here. Apparently, the SSL Client (Anonymous) PSE needs HCP's root certificate.

So as a solution, I 'd like to import the Root CA of hanatrial.ondemand.com into STRUST. Root CA seems to be Baltimore CyberTrust, so I go to https://www.digicert.com/digicert-root-certificates.htm and download the first certificate.

I also import it into Chrome and export it in both base-64 and DER formats.

In STRUST, I try to import the certificate I got in from the website above as well as the ones I exported from Chrome, via Import Certificate on the Anonymous Client PSE node.

All attempts fail with the Cannot analyse certificate message.

I also updated sapcrypto.dll (hope I did it correctly) but that did not help either.

What am I doing wrong?

Add comment
10|10000 characters needed characters exceeded

  • Former Member

    Update: I cannot seem to import *any* certifcates. Even certificates I imported a few weeks ago OR certificates I *export* from STRUST cannot be imported now and give the same error.

    Also CRYPTOLIB is on 8.5.7 according to report SSF02:

    SFLIB Version 1.850.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.5.7 (+MT) ##Copyright (c) SAP, 2011-2017##compiled for windows-x86-64##

    So that can't be the issue, can it?

    I think I facing a more fundamental configuration issue, since at least importing worked a few week ago. I'll try retracing my steps.

    If you have any ideas, let me know!

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Jan 23, 2017 at 02:50 PM

    Solved! Set the following parameters to default values again, then it worked:

    ssl/ssl_lib

    Windows NT:<DRIVE>:\usr\sap\<SID>\
    SYS\exe\run\sapcrypto.dll

    sec/libsapsecu

    Windows NT:<DRIVE>:\usr\sap\<SID>\
    SYS\exe\run\sapcrypto.dll

    ssf/ssfapi_lib

    Windows NT:<DRIVE>:\usr\sap\<SID>\
    SYS\exe\run\sapcrypto.dll

    ssf/name

    SAPSECULIB

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 23 at 09:57 AM

    In our case the parameter ssf/name was written in low case (sapseculib), after changing it to SAPSECULIB and restarting application server ... problem solved :)

    Add comment
    10|10000 characters needed characters exceeded