2710271 - HTTPS connection to ABAP System "Not Reachable" : peer not authenticated or unable to find valid certification path to requested target

While checking the availability of an ABAP on-premise system (using the HTTPS protocol), the result is shown as "Not Reachable" in the SAP Cloud Connector.

Upon reviewing the ljs_trace.log or scc_core.trc files of the SAP Cloud Connector, the following entries are found:

=====
...#SccEndpointValidator has thrown exception for HTTPS://<hostname>:<port>: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:150)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:575)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at com.sap.scc.tcs.e2e.SccEndpointValidator$HttpBackendChecker.check(SccEndpointValidator.java:167)
at com.sap.scc.tcs.e2e.SccEndpointValidator.isConnectionPossible(SccEndpointValidator.java:112)
at com.sap.scc.tcs.e2e.SccEndpointValidator.checkEndpoint(SccEndpointValidator.java:98)
at com.sap.scc.servlets.AccessControlServlet$3.run(AccessControlServlet.java:867)|
... #Error when checking local connectivity to <hostname>:<port> --> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated|
=====

And also:

=====
...#SccEndpointValidator has thrown exception for HTTPS://<hostname>:<port>: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
...
 at com.sap.scc.servlets.AccessControlServlet$3.run(AccessControlServlet.java:677)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
 ... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
 ... 29 more|
... #Error when checking local connectivity to <hostname>:<port> --> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target|
=====
 

Note: Image/data in this KBA is from SAP internal systems, sample data, or demo systems, and any resemblance to real data is purely coincidental.
 

SAP Cloud Connector(SCC) release independent.

scc, not reachable, check result, abap system, pkix, certification path, peer not authenticated, cloud connector, TLS-inspection, TLS inspection, TLS-termination, TLS, firewall, router, broken connection, trust, SSL, certificate, SSL, STRUST, Server certificate, SCC, SAP Cloud connector, CC, Cloud Connector , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem