SAP Knowledge Base Article - Preview

2685317 - SSO Login to CDT with multiple Client Certificates don't work


  • You want to use SSO and have two certificate issuers and both use the same CN as the certificate name
  • Because of Skype Clients running on some PCs you have set the registry key on each SAP CCtr Server as per KBA 2174821:
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL -> SendTrustedIssuerList = 1"
  • Agents are unable to use the SSO certificate, unless other certificates are uninstalled
  • Your agents are also using other systems that require Certificates like Lync/Skype
  • In the AS logs similar entries can be observed:
    • TRC> AuthenticationService: Start validating user  []
    • TRC> AuthenticationService: User with 'certificate [, issuer=CA-SERVERNAME' not authenticated.



SAP Contact Center


SAP Contact Center, on-premise edition 7.0 ; SAP Contact Center, on-premise edition all versions


CCtr, SCC, CCI, CRM-CCI, SAP Business Communication Management 7, Certificate Authority, Mix Certificates, Windows Server 2012 2012R2 SSO certificate chain multiple CA trust, skype, multi certificates , KBA , CRM-CCI , Contact Center Infrastructure , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.