Skip to Content
0

SSL certificate is not valid & server supports SSL 3.0

Dec 11, 2017 at 09:51 AM

91

avatar image

Hi Basis experts,

Recent security scan on our SAP systems has shown threats related to SSL, TLS and Webserver. Below are the threat details.

****************

The certificate is NOT valid. It is issued by CN=root_ED1, OU=sapstartsrv, O=SAP System PKI, C=DE. Verification status: PartialChain. Information: A certificate chain could not be built to a trusted root authority. Certificate's CN: SAPERPDEV-ED1_ED1_00

The certificate is NOT valid. It is issued by CN=SSL_Self_Signed_Fallback. Verification status: UntrustedRoot. Information: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. Certificate's CN: SSL_Self_Signed_Fallback

The remote host supports connections using SSL 3.0 protocol.

The remote host supports connections using TLS 1.0 protocol.

****************

I have regenerated the certificates in strust and applied the new certificates. But still these threats are not getting cleared.

Could any of you guide on how to resolve these threats ?

Regards,

Naresh

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Isaias Freitas
Dec 11, 2017 at 06:34 PM
0

Hello Naresh,

That certificate is related to the "System PKI" feature of the SAP kernel.

Your security scan software must be raising that alert for the HTTPS port of the sapstartsrv (5XX14, where XX is the instance number).

This port is not accessed (or should not be accessed) by end users.

You can read the SAP Note 2200230 (S-user required) for more details about the System PKI.

Regards,

Isaías

Share
10 |10000 characters needed characters left characters exceeded