Symptom
- ICM/SAP Web dispatcher trace (dev_icm/dev_webdisp) reports error like below,
*** WARNING => Own Cert Expired! -- limiting UTCTime=YYMMDDHHMMSS
PSE file="/usr/sap/TST/T00/sec/SAPSSLC.pse"
......
SSL_get_state()==0x2171 "TLS write client certificate B"
*** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
cli SSL session PSE "/usr/sap/TST/T00/sec/SAPSSLC.pse"
......
secussl_read: SSL_read() failed (101/0x00000065)
=> "Own certificate (chain) is expired, corrupt or not yet valid."
>> ---------- Begin of Secu-SSL Errorstack ---------- >>
0x00000065 | SAPCRYPTOLIB | SSL_read
SAPCRYPTO API error
Own certificate (chain) is expired, corrupt or not yet valid.
0xa0600299 | SSL | ssl3_read_bytes
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_connect
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_send_client_certificate
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_output_cert_chain
own certificate (chain) is expired - cannot be used for authentication
<< ---------- End of Secu-SSL Errorstack ----------
- Logon the web admin page of ICM/SAP Web dispatcher, the PSE validity date expired. The information can be found with below menu/path,
SSL and Trust Configuration -> PSE Management
Choose the PSE from the dropdown list > PSE attributes
Check the Validity - NotBefore/NotAfter
Read more...
Environment
- SAP NetWeaver
- SAP NetWeaver Application Server for SAP S/4HANA
- ABAP PLATFORM - Application Server ABAP
- SAP Web Dispatcher
Product
Keywords
KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.