3365905 - Own Cert Expired

• ICM/SAP Web dispatcher trace (dev_icm/dev_webdisp) reports error like below,

 *** WARNING => Own Cert Expired! -- limiting UTCTime=YYMMDDHHMMSS
 PSE file="/usr/sap/TST/T00/sec/SAPSSLC.pse"

......

   SSL_get_state()==0x2171 "TLS write client certificate B"
 *** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
   cli SSL session PSE "/usr/sap/TST/T00/sec/SAPSSLC.pse"
......
 secussl_read: SSL_read() failed  (101/0x00000065)
    => "Own certificate (chain) is expired, corrupt or not yet valid."
 >> ---------- Begin of Secu-SSL Errorstack ---------- >>
 0x00000065 | SAPCRYPTOLIB | SSL_read
 SAPCRYPTO API error
 Own certificate (chain) is expired, corrupt or not yet valid.
 0xa0600299 | SSL | ssl3_read_bytes
 own certificate (chain) is expired - cannot be used for authentication
 0xa0600299 | SSL | ssl3_connect
 own certificate (chain) is expired - cannot be used for authentication
 0xa0600299 | SSL | ssl3_send_client_certificate
 own certificate (chain) is expired - cannot be used for authentication
 0xa0600299 | SSL | ssl3_output_cert_chain
 own certificate (chain) is expired - cannot be used for authentication
 << ---------- End of Secu-SSL Errorstack ----------

• Logon the web admin page of ICM/SAP Web dispatcher, the PSE validity date expired. The information can be found with below menu/path,

SSL and Trust Configuration -> PSE Management

Choose the PSE from the dropdown list > PSE attributes

Check the Validity - NotBefore/NotAfter 

• SAP NetWeaver
• SAP NetWeaver Application Server for SAP S/4HANA
• ABAP PLATFORM - Application Server ABAP
• SAP Web Dispatcher

KBA , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , Problem