3221674 - SAP Cloud Connector Principal Propagation warning: "no suitable certificate found - continuing without client authentication"

Symptom

Principal propagation is not working from BTP to backend system via Cloud Connector.
Upon analysis of the ICM traces and Cloud Connector SSL traces, it is identified that the Cloud Connector is not forwarding its system certificate to the ICM.
Further the following message is found in the ljs_trace.log (<2.17)/scc_core.trc (>=2.17) with SSL trace enabled:

#*** ServerHelloDone
#Warning: no suitable certificate found - continuing without client authentication
#*** Certificate chain
#<Empty>
#***

(* or similar message indicating the handshake will continue without client authentication:
"No X.509 certificate for client authentication, use empty Certificate message instead".
The exact message depends on the SCC release.)

Environment

SAP Cloud Connector release independent

Product

CONNECTOR FRAMEWORK all versions ; connectivity proxy for SAP Connectivity service all versions

Keywords

client did not send any cert, <no cert>, PP, icm/trusted_reverse_proxy_0, warning, no suitable certificate found - continuing without client authentication, client authentication, system certificate, strust, cc, scc, cloud connector, principal propagation, Subject DN, Issuer, SAN, Subject Alternative Names, no trust, logon, Reject untrusted forwarded certificate, icm/server_port*, Unauthorized, HttpCertIsReverseProxyTrustworthy, intermediary is NOT trusted, trusted_reverse_proxy, , KBA , BC-MID-SCC , SAP Cloud Connector On-Demand/On-Premise Connectivity , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.