SAP Knowledge Base Article - Preview

2942034 - "received a fatal TLS certificate unknown alert message from the peer"

Symptom

The following trace entries are observed in the trace file of the ICM (dev_icm) or the SAP Web Dispatcher (dev_webdisp) in the work directory (LocalDrive\usr\sap\<SID>\SCS<XX>\work):

[Thr 12428] Fri Jun 26 20:18:38:820 2020
[Thr 12428] SSL_get_state()==0x1180 "TLS read client certificate A"
[Thr 12428] *** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
[Thr 12428] srv SSL session PSE "C:\usr\sap\<SID>\<instance>\sec\SAPSSLS.pse"
[Thr 12428] session ciphersuites=135:PFS:HIGH::EC_P256:EC_HIGH
[Thr 12428] Server SSL_CTX 000001CC4D900FB0 pvflags=897 (TLSv1.2,TLSv1.1,TLSv1.0,BC)
[Thr 12428] TLSextSNI server_name="<your SAP fully qualified hostname>"
[Thr 12428] secussl_read: SSL_read() failed (536875078/0x20001046)
[Thr 12428] => "received a fatal TLS certificate unknown alert message from the peer"
[Thr 12428] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 12428] 0x20001046 | SAPCRYPTOLIB | SSL_read
[Thr 12428] SSL API error
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_accept
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] << ---------- End of Secu-SSL Errorstack ----------
[Thr 12428] SSL NI-hdl 50: local=<IP address of SAP>:<HTTPS port> peer=<client IP address>:<random port>
[Thr 12428] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=1cc4ddd58f0)==SSSLERR_SSL_READ
[Thr 12428] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-58): SSSLERR_SSL_READ [icxxconn.c 2442]

Instead of the "received a fatal TLS certificate unknown alert message from the peer" message, it is also possible to get the same error but with "received a fatal TLS unknown_ca alert from the peer" instead.


Read more...

Environment

  • Database independent
  • SAP NetWeaver
  • SAP Web Application Server for SAP S/4HANA
  • ABAP Platform
  • Client/Server Technology - ICM (Internet Communication Manager)
  • Client/Server Technology - Web Dispatcher

Product

ABAP platform all versions ; SAP NetWeaver all versions ; SAP Web Application Server for SAP S/4HANA all versions

Keywords

SSL, dev_icm, dev_webdisp, work directory, LocalDrive\usr\sap\<SID>\SCS<XX>\work, SSL_get_state()==0x1180 "TLS read client certificate A", received a fatal TLS certificate unknown alert message from the peer, SSSLERR_SSL_READ, client system/browser, SSL server certificate, Certification Authority, STRUST, Web Admin UI, SSSLERR_ALERT_CERTIFICATE_UNKNOWN, Your connection is not private, certificate issue , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.