Hello all,
I'm trying to set up a ssl re-encryption for webdispatcher and EP but have some problems..
I created a pse and imported a SAP test certificate into webdispatcher and it works, now I would like to setup the portal with ssl, and if I connect directly to the EP it works (also here I signed the csr with a test certificate).
What doesn't work is the webdispatcher re-encryption through the portal, I did set these parameters in webdisp profile :
ssl/ssl_lib = D:\webdispatcher\sec\sapcrypto.dll
ssl/server_pse = D:\webdispatcher\sec\mio.pse
Parameters for Using SSL to the backend server
wdisp/ssl_encrypt = 2
wdisp/ssl_auth = 2
wdisp/ssl_cred = D:\webdispatcher\sec\mio.pse
wdisp/ssl_certhost = myhost
But I'm getting this errors :
[Thr 2604] << -
End of Secude-SSL Errorstack -
[Thr 2604] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 2604] SSL socket: local=10.219.28.25:1553 peer=10.209.10.181:53001
[Thr 2604] <<- ERROR: SapSSLSessionStart(sssl_hdl=025CFF08)==SSSLERR_SSL_CONNECT
[Thr 2604] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxpool.c 2077]
[Thr 2604] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 2604] session uses PSE file "D:\webdispatcher\sec\mio.pse"
[Thr 2604] SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 2604] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2604] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=xxx, OU=yyy, O=Portal, C=IT"
ERROR in get_path: (27/0x001b) Found root certificate of <CN=xxx, OU=yyy, O=Portal, C=IT> which does not fit the given PKRoot
ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=xxx, OU=yyy, O=Portal, C=IT> which does not fit the given PKRoot
[Thr 2604] << -
End of Secude-SSL Errorstack -
[Thr 2604] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 2604] SSL socket: local=10.219.28.25:1554 peer=10.209.10.181:53001
[Thr 2604] <<- ERROR: SapSSLSessionStart(sssl_hdl=025CFF08)==SSSLERR_SSL_CONNECT
[Thr 2604] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxpool.c 2077]
I know there's some missing parameter somewhere, but which 😊 ?
Any suggestions ?
Thanks and regards,
Michele