Hi all,
I'm trying to setup client certificate authentication on a Java AS 7.31 SP13.
I followed all the available online manuals, importing keys and certificates, configuring keystore in NWA and also configuring ICM.
Still, in ICM I get the following error:
[Thr 1944] SSL_get_state() returned 0x00001181 "SSLv3 read client certificate B"
[Thr 1944] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 1944] session uses PSE file "D:\usr\sap\PO1\J00\sec\SAPSSLS.pse"
[Thr 1944] SecudeSSL_SessionStart: SSL_accept() failed --
[Thr 1944] secude_error 9 (0x00000009) = "the verification of the client's certificate chain failed"
[Thr 1944] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 1944] ERROR in ssl3_get_client_certificate: (9/0x0009) the verification of the client's certificate chain failed
[Thr 1944] ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete
[Thr 1944] ERROR in get_path: (106/0x006a) Can't verify certificate with PKRoot: Is not a CA certificate
[Thr 1944] << ---------- End of Secude-SSL Errorstack ----------
The client certificate that I'm using is self-signed, but I've imported it as Trusted CA and also in the SSL keystores in NWA.
Also, I've updated the profile parameters for ICM:
icm/HTTPS/trust_client_with_subject
icm/HTTPS/trust_client_with_issuer
Not sure what is going on here, in particular I don't understand the "Is not a CA certificate" message.
Sorry if this is some naive question, but I'm pretty new to these topics and any help would be greatly appreciated
Could anyone please assist?
Thanks, regards
Vincenzo