/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- ICM/SAP Web dispatcher trace (dev_icm/dev_webdisp) reports error like below,
*** WARNING => Own Cert Expired! -- limiting UTCTime=YYMMDDHHMMSS
PSE file="/usr/sap/TST/T00/sec/SAPSSLC.pse"
......
SSL_get_state()==0x2171 "TLS write client certificate B"
*** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
cli SSL session PSE "/usr/sap/TST/T00/sec/SAPSSLC.pse"
......
secussl_read: SSL_read() failed (101/0x00000065)
=> "Own certificate (chain) is expired, corrupt or not yet valid."
>> ---------- Begin of Secu-SSL Errorstack ---------- >>
0x00000065 | SAPCRYPTOLIB | SSL_read
SAPCRYPTO API error
Own certificate (chain) is expired, corrupt or not yet valid.
0xa0600299 | SSL | ssl3_read_bytes
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_connect
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_send_client_certificate
own certificate (chain) is expired - cannot be used for authentication
0xa0600299 | SSL | ssl3_output_cert_chain
own certificate (chain) is expired - cannot be used for authentication
<< ---------- End of Secu-SSL Errorstack ----------
- Logon the web admin page of ICM/SAP Web dispatcher, the PSE validity date expired. The information can be found with below menu/path,
SSL and Trust Configuration -> PSE Management
Choose the PSE from the dropdown list > PSE attributes
Check the Validity - NotBefore/NotAfter
- G type RFC destination failed with error:
SSL handshake with
<hostname>:<port> failed:
SSSLERR_SSL_READ (-58)#SAPCRYPTO:SSL_read()
failed##SapSSLSessionStartNB()==SSSLERR_SSL_READ#
SSL:SSL_read() failed (101/0x0065)# => "Own
certificate (chain) is expired, corrupt or not yet
valid." SSL:SSL_get_state()==0x2171 "TLS writ
Read more...
Environment
- SAP NetWeaver
- SAP NetWeaver Application Server for SAP S/4HANA
- ABAP PLATFORM - Application Server ABAP
- SAP Web Dispatcher
Product
Keywords
Own certificate (chain) is expired, corrupt or not yet valid, SSSLERR_SSL_READ, Own Cert Expired!, TLS write client certificate B, client certificate expired, PSE certificate expired , KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)