on 01-09-2015 3:43 PM
Hello,
I try to setup a https based connection to the sapstartsrv service including a client certificate SSO. The server validation for SSL is successfully done at client side. The sapcontrol program validates the server certificate (based on self signed certificates issued by myself as this is just for test purpose)
I can see the request for the client certificate in the trace information of the sapstartsrv.log
[Thr 139637867071232] ->> SapSSLSessionInit(&sssl_hdl=7efff976be18, role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT))
[Thr 139637867071232] <<- SapSSLSessionInit()==SAP_O_K
[Thr 139637867071232] in: args = "role=2 (SERVER), auth_type=1 (ASK_CLIENT_CERT)"
...
[Thr 139637867071232] No Client Certificate
The sapcontrol program should now send a client certificate... but I run into a http 401
sapcontrol -prot NI_HTTPS -host <remotehost> -nr <instancenumber> -function GetVersionInfo -debug
FAIL: HTTP error, HTTP/1.1 401 Unauthorized
If it is done via -queryuser the sapcontrol shows up with the requested information. But I want to do the authorization based on the certificate without providing user / pwd.
service/sso_admin_user_0 ist defined in the profile of sapstartsrv (default.pfl) which enables the request for the client certificate.
Self signed client certificate was added to SAPSSLC.pse on the sapcontrol side. The access is done from a linux system to another linux system. I read notes 1439348 and 1642340 and the sapcontrol / sapstartsrv is on kernel 7.21 PL 201.
Any ideas or suggestions on this issue ?
Kind regards, Hinrich
Hi Hinrich
I'm trying to do exactly what you did but using my own CA.
Can you please provide more details on the first steps? What did you do to get here?
I tried to generate certificate from a CSR of the SAPSSLC PSE and import the root certificate from my CA into this PSE.
I see nothing in sapstartsrv.log relating to certificates.
Thanks a lot!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi
Could you refer the SAP Notes
1565645 - SAP composite note: sapcontrol
1361528 - Error Message - FAIL: HTTP error, HTTP/1.1 401 Unauthorized
BR
SS
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.