Dear SCN Team,
i got an issue with using SCN on MAC OS with Safari.
If i don't have a valid SSL certificate provided by SAP (SMP), i am not able to logon SCN. Even if i have installed no certificate at all in my key store, i get the same error "The page requires a valid ssl client certificate".
This is a serious issue, because of i will loose my S-User due to company change and from that i will have a public SCN user (P-User) only with no SSL certificate at all.
Currently the SCN team is not able to copy any content from my old user to the new one (due to lack of functionality with the new SCN platform) and now i am not able to logon anymore with that P-user too.
Please check this SSL certificate behavior and provide a solution.
Thank you.
Safari Version: Version 5.1.7 (7534.57.2)
MAC OS: 10.7.4
Best Regards
Stefan
Hi Stefan,
i found your thread, because i ran into the same problem.
You may already have found your solution, but i like to add what i did now.
The Apple-ID entry in the keystore of the Mac seems to be in relation with the problem. No idea why calling the scn.sap.com is catching this one.
Because the date of the keystone-entry for the Apple-ID was the day when i started my "MacOS career" i had doubts to just delete it and see what happens. (Will there be any problems with the AppStore/OS-Updates afterwords?
There was no helpful hint to the few similar threads in the web, therefore i just tried it.
Result:
➕Now i'm able to login to scn.sap.com again. (= normal behavior)
➕ I'm still able to start the AppStore, too.
That's it so far. I anything comes up in the next days i'll update the thread.
Best regards
Christian
Hello Stefan,
In the new SCN platform we strongly recommend against using multiple user accounts. This can cause problems as I can see in your user accounts (inconsistency between the SCN account and LDAP)
Using the admin tool, I fixed the inconsistencies in your accounts and did some manual manipulation.
Now your s-user is associated with brose email address and your p-user is associated with soocs email address.
Your p-user account is the one that now holds all your activities and points (I assume that this is what you wanted. Correct?)
You should be able to perform the following operations:
Go to SCN: http://scn.sap.com/welcome
Log in with your p-user (this time login with your p-number, not with your email address)
Verify that your account is ok, with all the activities and points.
Only if you still need your s-user account, perform the following:
log out from your p-user
Log in with your s-user (this time login with your s-number, not with your email address)
During this login you will have to approve the email address (must be different from the email address of your p-user), then you will be required to agree to the SCN terms of use.
Please update me if this was helpful.
The error "The page requires a valid ssl client certificate" I have seen only twice before now: once on Safari for Windows, and once on Chrome for iPad.
In both cases, this is due to a bug in how SSL is handled by the browser.
In our SSL configuration, the client certificate authentication can be configured for "request", "require" or "ignore". "Request" means that a certificate will be requested from the client, but it is not mandatory. "Require" means that a certificate is mandatory.
We use the "Request" setting, precisely so that the absence of a certificate does not prevent users accessing the system via username/password.
Unfortunately, it seems that there is some piece of SSL code on some Apple platforms that interprets "request" as "require" and will not let you in without a certificate.
In the case of the other error "Digital certificate has expired", this is seems to be a case that the browser is presenting an outdated certificate to the server, and this is being rejected at SSL level - therefore, all certificates have not been removed from the browser in this case.
I recommend that you get the latest O/S updates from Apple, and hopefully this fixes their SSL bug.
Best regards,
Darren Hague
(SAP ID Service architect)
As Darren correctly mentioned, the real problem in Safari is this:
This is due to a bug in how SSL is handled by the browser.
In our SSL configuration, the client certificate authentication can be configured for "request", "require" or "ignore".
"Request" means that a certificate will be requested from the client, but it is not mandatory.
"Require" means that a certificate is mandatory.
Safari actually handles this correctly but is missing a feature called "Ignore this request for this website".
This is what happens:
Safari receives a "certificate request" and as a result it will look into it's certificate store to see if it has any certificates. If it does, it will ask you to select a certificate. However none of the certificates is valid for the SAP site so you will need to click on "cancel". But if you don't have any certificates installed , then Safari won't ask you for a certificate and as a result you won't have a problem.
That was the basics, but now the problems:.
I hope this summary is helpful to all of you MAC based Safari fans.
This post was created in a MAC based Safari browser (v6.0.5)
PS:
See the post below on the Apple Support community which I created in the hope for a solution:
https://discussions.apple.com/thread/5451317
If anyone as AppleCare the might call them and refer to this issue. 😉
Hi ,
we have the same problem with our WebDispatcher Proxy and the Safari for Mac f
Have someone found a solution ? We user Sap Webdispatcher 7.40 Patch 43.
Regards
Hi,
I also facing the same issue during SAP CONNECT,
but lucky that I also installed FireFox on my MAC OS X 10.9,
and it's running OK.
Add a comment