Hi Arijit,

do you have the right role in your subaccount? Admin or SCC admin?

Best,

Matthi

Hi Arijit

How you checked whether the required SCP hosts are reachable from the proxy? For US1, the hosts are:

The list can be found in the Network section of the Prerequisites page.

Also, the user needs the Cloud Connector Admin role in the subaccount, but that should result in a different error message.

Regards,

Morten

Did the CA certificate you uploaded into the Cloud Connector contained the KeyCertSign attribute? If not, it needs to. This is a key attribute that needs to be included in your CA certificate so maybe check this again.

Thanks

Phil Cooley

Hi Arijit,

The cloud connector log file contains the entry where "500" error code is logged. Could you find that in the ljs_trace.log file? The reason shold be logged as well.

If the access from browser works to the certificate signing service, ensure that same proxy settings are applied in the cloud connector.

Best regards,

Antal

In the log I found:

When successfully connect to trial account, the sequence of events logged are as below:

#Creating an sslContextProvider for account p925088trial@hanatrial.ondemand.com without SSLContext. Keystore did not contain a certificate.|
#New RSA keypair was generated. Key size used 4096, time 72192 ms|
#Will retrieve Connectivity CA certificate from SAP Cloud Platform|
#Executing Http Get request to https://connectivitycertsigning.hanatrial.ondemand.com:443/certificate/management/v1/trusted/ca/acco...
#Returned Http Response with code 200|
#Connectivity CA certificate retrieved successfully from SAP Cloud Platform|
#Send Certificate Signing Request for cloud connector certificate to SAP Cloud Platform|
#Executing Http Post request to https://connectivitycertsigning.hanatrial.ondemand.com:443/certificate/management/v1/sign/account/p9...
#Returned Http Response with code 200|
#Cloud Connector certificate signed successfully by SAP Cloud Platform|
#User Administrator starting Tunnel account:///p925088trial for account SCP Trial in region hanatrial.ondemand.com|
#Sending handshake request for tunnel: account:///p925088trial and host connectivitynotification.hanatrial.ondemand.com:443|
#Registered tunnel channel [id: 0xf60107b5, L:/<server_ip>:52402 - R:/<proxy_ip>:<port>] for tunnel id "account:///p925088trial" and client id "16A8DAF051B711E88471C9A80A1F6545"|
#Successfully established tunnel channel to notification service: [id: 0xf60107b5, L:/<server_ip>:52402 - R:/<proxy_ip>:<port>]|

When trying to connect to the productive instance, the logged events are as below:

#Creating an sslContextProvider for account <subaccount_id>@us1.hana.ondemand.com without SSLContext. Keystore did not contain a certificate.|
#New RSA keypair was generated. Key size used 4096, time 250558 ms|
#Will retrieve Connectivity CA certificate from SAP Cloud Platform|
#Executing Http Get request to https://connectivitycertsigning.us1.hana.ondemand.com:443/certificate/management/v1/trusted/ca/accou...
#Tunnel account:///<subaccount_id> is inoperative. SccEndpoint com.sap.scc.config.TunnelSccEndpoint@25cb0c0b ok, and context == null|
#Preparation of tunnel certificate for <subaccount_id>@us1.hana.ondemand.com account failed.

I have tried to open the url https://connectivitycertsigning.us1.hana.ondemand.com:443/certificate/management/v1/trusted/ca/accou... in browser within the server and it first prompts for credentials and then returns the certificate. Hence, I assume the host is reachable.