Quantcast
Channel: SCN : Popular Discussions - Enterprise Content Management (SAP ECM)
Viewing all articles
Browse latest Browse all 2566

Content Server SSL - SSL Connect failed - Connection not possible with HTTPS

$
0
0

Dear Experts

 

Facing to following problem:

 

IPs and names replaced with X.

 

I had to change the connection to content server to HTTPS. In IIS everything seems fine and the following page can be displayed:

https://fqdn:1092/ContentServer/ContentServer.dll?serverInfo

 

Now to sap. There I wanted to change the repository to HTTPS and changed the SSL Port to 1092 and then following error is displayed:

Fehler bei HTTP-Zugriff: IF_HTTP_CLIENT->RECEIVE 1 SSL handshake with XXX.XXX.XXX.XXX:1092 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102) The peer's X.509 C...

 

In ICM Trace I see the following:

[Thr 7436] <<            End of Secu-SSL Errorstack

[Thr 7436]   SSL_get_state()==0x2131 "SSLv3 read server certificate B"

[Thr 7436]   SSL NI-hdl 96: local=XXX.XXX.XXX.XXX:57991  peer=XXX.XX.XXX.XXX:1092

[Thr 7436] <<- ERROR: SapSSLSessionStart(sssl_hdl=000000002ED2E2D0)==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 7436] *** ERROR => SSL handshake with XXX.XXX.XXX.XXX:1092 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)

[Thr 7436] The peer's X.509 Certificate (chain) is untrusted

[Thr 7436]

[Thr 7436] SapSSLSessionStart()==SSSLERR_PEER_CERT_UNTRUSTED

[Thr 7436]   SSL:SSL_connnect() failed  (536872221/0x2000051d)

[Thr 7436]   => "SSL API error"

[Thr 7436] >>      SecuSSL ErrStack:

[Thr 7436] 0x2000051d   SAPCRYPTOLIB   SSL_connect

[Thr 7436] SSL API error

[Thr 7436] Failed to verify peer certificate. Peer not trusted.

[Thr 7436] 0xa0600203   SSL   ssl_verify_peer_certificates

[Thr 7436] Peer not trusted

[Thr 7436] 0xa0600297   SSL   ssl_cert_checker_verify_certificates

[Thr 7436] peer certificate (chain) is not trusted

[Thr 7436] Certificate:

[Thr 7436]   Certificate:

[Thr 7436]       Subject     :CN=XXXX

[Thr 7436]       Issuer      :CN=XXXIssuingCA10, DC=XXX, DC=XXX

[Thr 7436]       Serial number:0x5f0000029aa3d4c73fef2981bc00000000029a

[Thr 7436]       Validity:

[Thr 7436]         Not before  :Mon Jul 27 16:20:44 2015

[Thr 7436]         Not after   :Sun Jul 25 16:20:44 2021

[Thr 7436]       Key:

[Thr 7436]         Key type    :rsaEncryption (1.2.840.113549.1.1.1)

[Thr 7436]         Key size    :2048

[Thr 7436]       PK_Fingerprint_MD5:3193 E726 99A2 F10C 97EA A73D CC6C 61AE

[Thr 7436]       extensions:

[Thr 7436]         AuthorityKeyId:

[Thr 7436]           Significance:Non critical

[Thr 7436]           Value:

[Thr 7436]             Key identifier (size="20" ):42F8D3D3DBA97D29F79921B8F262898FD0084A36

[Thr 7436]         SubjectKeyIdentifier:

[Thr 7436]           Significance:Non critical

[Thr 7436]           Value        (size="20" ):8BC3DAB1F979D139CAE2731DAACD5CB67CA3EB58

[Thr 7436]         Key usage:

[Thr 7436]           Significance:Critical

[Thr 7436]           Value:

[Thr 7436]             digitalSignature

[Thr 7436]             keyEncipherment

[Thr 7436]         Extended key usage:

[Thr 7436]           Significance:Non critical

[Thr 7436]           Value:

[Thr 7436]             element#no="1":ClientAuthentication (1.3.6.1.5.5.7.3.2)

[Thr 7436]             element#no="2":ServerAuthentication (1.3.6.1.5.5.7.3.1)

[Thr 7436]         Alternative names:

[Thr 7436]           Significance:Non critical

[Thr 7436]           Value:

[Thr 7436]             element#no="1":

[Thr 7436]               GN-dNSName  :XXX

 

Then I added this certificate to STRUST. But still facing to the same error.

 

 

Thanks for any advices.

 

Kind regards

 

Lino


Viewing all articles
Browse latest Browse all 2566

Latest Images

Trending Articles



Latest Images

<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>