Skip to Content
author's profile photo Former Member
Former Member

Content Server SSL - SSL Connect failed - Connection not possible with HTTPS

Dear Experts

Facing to following problem:

IPs and names replaced with X.

I had to change the connection to content server to HTTPS. In IIS everything seems fine and the following page can be displayed:

https://fqdn:1092/ContentServer/ContentServer.dll?serverInfo

Now to sap. There I wanted to change the repository to HTTPS and changed the SSL Port to 1092 and then following error is displayed:

Fehler bei HTTP-Zugriff: IF_HTTP_CLIENT->RECEIVE 1 SSL handshake with XXX.XXX.XXX.XXX:1092 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102) The peer's X.509 C...

In ICM Trace I see the following:

[Thr 7436] << End of Secu-SSL Errorstack

[Thr 7436] SSL_get_state()==0x2131 "SSLv3 read server certificate B"

[Thr 7436] SSL NI-hdl 96: local=XXX.XXX.XXX.XXX:57991 peer=XXX.XX.XXX.XXX:1092

[Thr 7436] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000002ED2E2D0)==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 7436] *** ERROR => SSL handshake with XXX.XXX.XXX.XXX:1092 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)

[Thr 7436] The peer's X.509 Certificate (chain) is untrusted

[Thr 7436]

[Thr 7436] SapSSLSessionStart()==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 7436] SSL:SSL_connnect() failed (536872221/0x2000051d)

[Thr 7436] => "SSL API error"

[Thr 7436] >> SecuSSL ErrStack:

[Thr 7436] 0x2000051d SAPCRYPTOLIB SSL_connect

[Thr 7436] SSL API error

[Thr 7436] Failed to verify peer certificate. Peer not trusted.

[Thr 7436] 0xa0600203 SSL ssl_verify_peer_certificates

[Thr 7436] Peer not trusted

[Thr 7436] 0xa0600297 SSL ssl_cert_checker_verify_certificates

[Thr 7436] peer certificate (chain) is not trusted

[Thr 7436] Certificate:

[Thr 7436] Certificate:

[Thr 7436] Subject :CN=XXXX

[Thr 7436] Issuer :CN=XXXIssuingCA10, DC=XXX, DC=XXX

[Thr 7436] Serial number:0x5f0000029aa3d4c73fef2981bc00000000029a

[Thr 7436] Validity:

[Thr 7436] Not before :Mon Jul 27 16:20:44 2015

[Thr 7436] Not after :Sun Jul 25 16:20:44 2021

[Thr 7436] Key:

[Thr 7436] Key type :rsaEncryption (1.2.840.113549.1.1.1)

[Thr 7436] Key size :2048

[Thr 7436] PK_Fingerprint_MD5:3193 E726 99A2 F10C 97EA A73D CC6C 61AE

[Thr 7436] extensions:

[Thr 7436] AuthorityKeyId:

[Thr 7436] Significance:Non critical

[Thr 7436] Value:

[Thr 7436] Key identifier (size="20" ):42F8D3D3DBA97D29F79921B8F262898FD0084A36

[Thr 7436] SubjectKeyIdentifier:

[Thr 7436] Significance:Non critical

[Thr 7436] Value (size="20" ):8BC3DAB1F979D139CAE2731DAACD5CB67CA3EB58

[Thr 7436] Key usage:

[Thr 7436] Significance:Critical

[Thr 7436] Value:

[Thr 7436] digitalSignature

[Thr 7436] keyEncipherment

[Thr 7436] Extended key usage:

[Thr 7436] Significance:Non critical

[Thr 7436] Value:

[Thr 7436] element#no="1":ClientAuthentication (1.3.6.1.5.5.7.3.2)

[Thr 7436] element#no="2":ServerAuthentication (1.3.6.1.5.5.7.3.1)

[Thr 7436] Alternative names:

[Thr 7436] Significance:Non critical

[Thr 7436] Value:

[Thr 7436] element#no="1":

[Thr 7436] GN-dNSName :XXX

Then I added this certificate to STRUST. But still facing to the same error.

Thanks for any advices.

Kind regards

Lino

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    Posted on Aug 01, 2015 at 04:57 PM

    Please Send the Certificate using transaction OAC0 and activate it on content server.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 25, 2016 at 11:32 AM

    Hi Eswaran

    This issue's been solved. There were a lot of wrong certificates imported during the installation phase. Once I did all new it worked.

    Thanks for your reply!

    kind regards

    Lino

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 25, 2016 at 11:11 AM

    Hello Lino,

    you need to add the root certificate to SSL Client and add to Certificate List to make it work.

    This is because here in this case ABAP server works as a client.

    Regards,

    Eswaran

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.