SAP Knowledge Base Article - Preview

3485823 - Operation fails with 'The verified certificate chain is complete but no certificate is trusted' or 'Untrusted - Complete Chain'

Symptom

  • DigiCert Global Root G2 or G5 is already added
  • You are facing below errors:
     
    • The verified certificate chain is complete but no certificate is trusted
    • Trusted: ERROR: Untrusted - Complete Chain

  • Following errors might be also encountered:

    • Validation of dependents - Issuer Certificate (Issuer - Only Invalid Certificates Found)
    • PKI vailidation: FAILED
    • SSL API error
    • Failed to verify peer certificate. Peer not trusted.
    • SSO certificate validation failed: SSL error [<number>]: Unknown error, general error


In below example #01 (hanacloud.ondemand.com) is issued by #02 (DigiCert SHA2 Secure Server CA) and that is issued by #03  (DigiCert Global Root CA).

From the error it is visible that the chain of certificates is complete but #03 is untrusted.

----- BEGIN VERIFICATION RESULT -----

----- Messages -----------
ERROR: The verified certificate chain is complete but no certificate is trusted.
----- Summary -----------

#01 Certificate (End Entity): VALID
Subject: CN=hanacloud.ondemand.com, O=SAP SE, L=Walldorf, SP=Baden-Württemberg, C=DE
Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
PKI validation: FAILED: Validation of dependents - Issuer Certificate (Issuer - Only Invalid Certificates Found)

#02 Certificate (Issuer): VALID
Subject: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
PKI validation: FAILED: Validation of dependents - Issuer Certificate (Issuer - Only Invalid Certificates Found)

#03 Certificate (Issuer): VALID
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
PKI validation: FAILED
Trusted: ERROR: Untrusted - Complete Chain

----- END VERIFICATION RESULT -----


Read more...

Environment

  • SAP HANA Cloud

Product

SAP HANA Cloud 1.0

Keywords

SSO certificate validation failed, SSL error, Unknown error, general error, SSL API error, Failed to verify peer certificate, Peer not trusted, trusted, untrusted, chain, complete, incomplete, failed, PKI, validation, validation, dependents, peer, import export, remote source , KBA , HAN-CLS-HC , HANA Cloud Services HANA Cloud , HAN-DB-SDA , SAP HANA Smart Data Access , HAN-DP-SDI , SAP HANA smart data integration (SDI) , Known Error

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.