2936528 - The digital signature for this certificate cannot be verified showing in transaction SSO2

HTTP Response 401 is showing when configuring the authentication with the Logon Ticket or Assertion Ticket.

In the ticket accepting ABAP system, the following message is showing for ticket issuing system when execute transaction SSO2.

SAP System <ticket issuing system> Client ***
Owner CN=***
Issuer CN=***
The digital signature for this certificate cannot be verified.

Even after perform the steps to enable the Single Sign-on authentication between ticket issuing system and accepting system the issue persisted, the Access Control List(ACL) is also maintained correctly.

The SEC_TRACE_ANALYZER of accepting system(Note: 2181120) shows below error:

===================================================
N  mySAP: Got the following SSF Params:
N         DN      =CN=***
N         Profile =/usr/sap/***/D*/sec/<ticket verification PSE name>.pse     >>>>>>>>>>>>SSF Profile Name
N         PAB     =/usr/sap/***/D*/sec/<ticket verification PSE name>.pse   >>>>>>>>> >>>Private Address Book

N  *** ERROR => SsfVerify failed (see note 1055856). [ssoxxsgn.c   152]
N  *** ERROR => ValidateTicket failed with rc = 5 and ssf_rc = 27.
===================================================

Read more...

SAP Netweaver

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Application Server for ABAP for SAP S/4HANA Cloud all versions ; SAP S/4HANA all versions ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

HTTP Response 401 ,  SsfVerify failed ,Ticket validation failed , SSO2 , The digital signature for this certificate cannot be verified , assertion ticket, logon ticket, ACL, SSFA , KBA , BC-SEC-LGN , Authentication , BC-JAS-SEC-LGN , Logon, SSO , Problem