SAP Knowledge Base Article - Public

3068483 - Error when trying to renew SAC subaccount certificate in Cloud Connector


On Cloud Connector, the SAC subaccount certificate expired.

When attempting to refresh it, below error message appears:

  • An error occurred when trying to connect — see logs for details (unless log level is 'Off')

In the Cloud connector ljs_trace.log this can be seen:

  • "at
    Caused by: SCC handshake failed: 403 — Forbidden"


  • SAP Cloud Connector (SCC)
  • SAP Analytics Cloud (SAC)
  • Datasphere

Reproducing the Issue

1. Click "Certificate" button to refresh certificate in SAP Cloud Connector (SCC) subaccount 
2. Enter user and password -> The error is seen.


This is usually caused by a mismatch of users between the SAC BTP Core Account info and the user credentials being used for the certificate refresh in Cloud Connector. The users needs to be the same. 


  1. Access SAP Analytics Cloud.
  2. Go to the Main Menu > System > Administration
  3. Click on Data Source Configuration and scroll until "SAP BTP Core Account".
  4. Check the email that is displayed there. If it is not yours, choose Edit and set to your email which is associated to an S-user ID.
  5. Try to refresh the certificate in the Cloud Connector with this email and password.

See Also

  • 2950537 - Subaccount certificate expired from SAP Cloud Connector
  • 2397165 - How do I connect SAP Analytics Cloud (SAC) to the SAP BTP Cloud Connector and SAP Analytics Cloud Agent?


 Authorization, handshake, unauthorized, 401, SCC handshake failed: 403 — Forbidden, SAP BTP Core Account, credentials, SAC Subaccount, Certificate, Refresh, Cloud Connector. , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , LOD-ANA-ADM , SAC Administration , How To


SAP Analytics Cloud 1.0