Skip to Content
avatar image
Former Member

ABAP Service Consumer HTTPS with Client Certificate Authentication not working

Dear all,

I'm trying to consume HTTPS web service with SSL client certificate authentication. The client certificate I'm using for authentication is valid for the server, but the server response is 401 Unauthorized. I've tested the service with SOAPUI tool and I get correct response.

My config:

In SOAMANAGER the transport level authentication configured is X509 SSL client certificate and I've selected a custom SSL Client Identity where I've loaded a new PSE created (sapgenpse) by importing a p12 file containing my certificate.

SAPCryptolib 8.5.2 and ssl/client_ciphersuites relevant param value is 208:HIGH:MEDIUM:+e3DES:!aNULL:!eNULL

I´ve analysed the outgoing traffic with Wireshark for an incorrect request made from ABAP consumer and for correct one made from SOAPUI:

During handshake I can see that after server send Certificate Request, SAP sends my client certificate but when server requests for a Change Ciphersuite Spec, SAP does not respond with the corresponding Change Ciphersuite Spec message and posts the payload directly to the server with an "Application Data" message. The server response is another "Application Data" message that contains a 401 Unauthorized error. So I think the problem is that the ciphersuite used by SAP for encrypting is not the same as server expects. Is it possible? Any configuration step I missed?

The request send from SOAPUI has a correct response. Wireshark traffic shows in this case that is SOAPUI who request the server first a Change Ciphersuite Spec and after that the server responds with another Change Ciphersuite Spec message.

Thank you in advance.

Gari.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers