- An outgoing SSL connection from the Netweaver Application Server Java fails.
- When the issue is reproduced with tracing activated as documented in KBA 2673775 - Use /tshw to collect IAIK debug trace for outgoing calls in AS Java, the following traces can be found:
Extension error: keyusage does not allow certificate signing
ssl_debug(n): Sending alert: Alert Fatal: bad certificate
ssl_debug(n): Shutting down SSL layer...
ssl_debug(n): SSLException while handshaking: Peer certificate rejected by ChainVerifier
ssl_debug(n): Closing transport...
Note: The error 'Peer certificate rejected by ChainVerifier' is written whenever there is a failure to verify the certificate or certificate chain sent by the server to which the outbound SSL connection attempt is made, and can occur for many different reasons. This document is only written for the very specific case where when the issue is reproduced with tracing activated, 'Extension error: keyusage does not allow certificate signing' can be found.
SAP NetWeaver Application Server Java all versions
iaik , KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.