Skip to Content
0
Former Member
Jan 16, 2015 at 03:01 PM

ERROR during SecudeSSL - Rapid Content Delivery in SSM

1151 Views

Hi Gurus,

we try to configure Rapid Content Delivery in SSM.

We have imported all needed certificates for the SSL in STRUST.

Symantec_Class_1_Individual_Subscriber_CA_-_G4

VeriSign_Class_1_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_2_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G3

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4

VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5

VeriSign_Class_3_Secure_Server_CA

VeriSign_Class_4_Public_Primary_Certification_Authority_-_G3

VeriSign_Inc.

GTE CyberTrust Global Root
But we alway get the following error.

[Thr 1800] Fri Jan 16 15:50:21 2015

[Thr 1800] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 1800] session uses PSE file "/usr/sap/SSM/DVEBMGS01/sec/SAPSSLC.pse"

[Thr 1800] SecudeSSL_SessionStart: SSL_connect() failed --

[Thr 1800] secude_error 536872221 (0x2000051d) = "SSL API error"

[Thr 1800] >> ---------- Begin of Secude-SSL Errorstack ---------- >>

[Thr 1800] 0x2000051d | SAPCRYPTOLIB | SSL_connect

[Thr 1800] SSL API error

[Thr 1800] Failed to verify peer certificate. Peer not trusted.

[Thr 1800] 0xa0600203 | SSL | ssl_verify_peer_certificates

[Thr 1800] Peer not trusted

[Thr 1800] 0xa0600297 | SSL | ssl_cert_checker_verify_certificates

[Thr 1800] peer certificate (chain) is not trusted

[Thr 1800] PropertyBlock:

[Thr 1800] Status :Not successful

[Thr 1800] Profile :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800] SignerStatus:Not successful

[Thr 1800] SignerVerificationResult:

[Thr 1800] element#no="1":

[Thr 1800] Status :Not successful

[Thr 1800] Validity :Successful

[Thr 1800] BasicConstraints:Successful

[Thr 1800] KeyUsage :Successful

[Thr 1800] ObjectStatus:Not successful

[Thr 1800] SignerCert:

[Thr 1800] Certificate:

[Thr 1800] Subject :CN=Symantec Class 3 Secure Server CA - G4, OU=Symantec Trust Network, O=Symantec Corporation, C=US

[Thr 1800] Verification result:

[Thr 1800] Status :Not successful

[Thr 1800] Profile :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800] SignerStatus:Not successful

[Thr 1800] BasicConstraintsPathLen:1

[Thr 1800] SignerVerificationResult:

[Thr 1800] element#no="1":

[Thr 1800] Status :Not successful

[Thr 1800] Validity :Successful

[Thr 1800] BasicConstraints:Successful

[Thr 1800] KeyUsage :Successful

[Thr 1800] ObjectStatus:Not successful

[Thr 1800] SignerCert:

[Thr 1800] Certificate:

[Thr 1800] Subject :CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

[Thr 1800] Verification result:

[Thr 1800] Status :Not successful

[Thr 1800] Profile :1.3.6.1.4.1.694.2.2.2.2

[Thr 1800] SignerStatus:Not successful

[Thr 1800] SignerVerificationResult: None

[Thr 1800]

[Thr 1800] << ---------- End of Secude-SSL Errorstack ----------

[Thr 1800] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 1800] SSL NI-sock: local=172.16.130.221:47564 peer=172.16.143.101:80

[Thr 1800] <<- ERROR: SapSSLSessionStart(sssl_hdl=1115818b0)==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 1800] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-102): SSSLERR_PEER_CERT_UNTRUSTED {0009b898} [icxxconn_mt.c 1957]

Has someone a suggestion?

regards

Chris