Hi Experts,
We are trying to set up the principal propagation between HANA Cloud Connector and Gateway We have setup the System certificate and when we tried to import the CA certificate (*.p12 format) we are getting the following error. Please advise. We did not use the HCC to generate the CSR. Our certificate issuer generated the CSR and *.p12 certificate.
2016-07-25 14:33:13,603#INFO#com.sap.core.connectivity.tunnel.client.AbstractTunnelClient#Thread-8# #Successfully established tunnel: [id: 0x0c43df33, /10.23.0.95:58993 => connectivitytunnel.us1.hana.ondemand.com/65.221.12.41:443]|
2016-07-26 04:01:55,885#INFO#com.sap.core.connectivity.tunnel.core.impl.context.TunnelRegistryImpl#Thread-9# #Registered tunnel channel [id: 0x242be38d, /10.23.0.95:59746 => connectivitytunnel.us1.hana.ondemand.com/65.221.12.41:443] for tunnel id "account:///b81806aab" and client id "5A561410160F11E6C0D4D51A0A6425FB"|
2016-07-26 04:01:55,978#INFO#com.sap.core.connectivity.tunnel.client.AbstractTunnelClient#Thread-9# #Successfully established tunnel: [id: 0x242be38d, /10.23.0.95:59746 => connectivitytunnel.us1.hana.ondemand.com/65.221.12.41:443]|
2016-07-26 10:11:52,414#INFO#com.sap.scc.security#http-bio-8443-exec-8# #New RSA keypair was generated. Key size used: 4096|
2016-07-26 14:41:21,587#ERROR#com.sap.scc.ui#http-bio-8443-exec-7# #ppca.1 certificate import failed null
at com.sap.scc.util.KeyStoreFile.getPrivateKeyEntry(KeyStoreFile.java:134)
at com.sap.scc.servlets.ConfigurationServlet.uploadP12Certificate(ConfigurationServlet.java:1129)
at com.sap.scc.servlets.ConfigurationServlet.uploadP12Certificate(ConfigurationServlet.java:1129)
at com.sap.scc.servlets.ConfigurationServlet.uploadCertificate(ConfigurationServlet.java:1009)
at com.sap.scc.servlets.ConfigurationServlet.dispatch(ConfigurationServlet.java:120)
at com.sap.scc.servlets.ServletUtilities.service(ServletUtilities.java:41)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at com.sap.scc.ui.rt.UTF8Filter.doFilter(UTF8Filter.java:23)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.UnrecoverableKeyException: excess private key
at sun.security.provider.KeyProtector.recover(KeyProtector.java:338)
at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:138)
at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:55)
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:473)
at java.security.KeyStore.getEntry(KeyStore.java:1290)
at com.sap.scc.util.KeyStoreFile.getPrivateKeyEntry(KeyStoreFile.java:130)
at com.sap.scc.util.KeyStoreFile.getPrivateKeyEntry(KeyStoreFile.java:130)
... 28 more|