Skip to Content

SSL certificate is not valid & server supports SSL 3.0

Hi Basis experts,

Recent security scan on our SAP systems has shown threats related to SSL, TLS and Webserver. Below are the threat details.

****************

The certificate is NOT valid. It is issued by CN=root_ED1, OU=sapstartsrv, O=SAP System PKI, C=DE. Verification status: PartialChain. Information: A certificate chain could not be built to a trusted root authority. Certificate's CN: SAPERPDEV-ED1_ED1_00

The certificate is NOT valid. It is issued by CN=SSL_Self_Signed_Fallback. Verification status: UntrustedRoot. Information: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Certificate's CN: SSL_Self_Signed_Fallback

The remote host supports connections using SSL 3.0 protocol.

The remote host supports connections using TLS 1.0 protocol.

****************

I have regenerated the certificates in strust and applied the new certificates. But still these threats are not getting cleared.

Could any of you guide on how to resolve these threats ?

Regards,

Naresh

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Dec 11, 2017 at 06:34 PM

    Hello Naresh,

    That certificate is related to the "System PKI" feature of the SAP kernel.

    Your security scan software must be raising that alert for the HTTPS port of the sapstartsrv (5XX14, where XX is the instance number).

    This port is not accessed (or should not be accessed) by end users.

    You can read the SAP Note 2200230 (S-user required) for more details about the System PKI.

    Regards,

    Isaías

    Add comment
    10|10000 characters needed characters exceeded