Symptom
- You want to use SSO and have two certificate issuers and both use the same CN as the certificate name
- Because of Skype Clients running on some PCs you have set the registry key on each SAP CCtr Server as per KBA 2174821:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL -> SendTrustedIssuerList = 1" - Agents are unable to use the SSO certificate, unless other certificates are uninstalled
- Your agents are also using other systems that require Certificates like Lync/Skype
- In the AS logs similar entries can be observed:
- TRC> AuthenticationService: Start validating user [user.name@company.com]
- TRC> AuthenticationService: User with 'certificate [subject=user.name@company.com, issuer=CA-SERVERNAME' not authenticated.
Read more...
Environment
SAP Contact Center
Product
SAP Contact Center, on-premise edition 7.0 ; SAP Contact Center, on-premise edition all versions
Keywords
CCtr, SCC, CCI, CRM-CCI, SAP Business Communication Management 7, Certificate Authority, Mix Certificates, Windows Server 2012 2012R2 SSO certificate chain multiple CA trust, skype, multi certificates , KBA , CRM-CCI , Contact Center Infrastructure , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.