3561927 - Report OA2C_GENERIC_ACCESS results in error SSSLERR_PEER_CERT_UNTRUSTED

Symptom

Running the OA2C_GENERIC_ACCESS report results in the SSSLERR_PEER_CERT_UNTRUSTED error message.

However, there is no certificate missing; it has been confirmed that the certificate is present.

The ICM Level 3 trace indicates the SSSLERR_PEER_CERT_UNTRUSTED error message but additionally shows "FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)":

*** ERROR => SSL handshake with <hostname:port> failed: SSSLERR_PEER_CERT_UNTRUSTED
Peer's X.509 certificate (chain) validation failed (missing trust?)
...
Peer not trusted
BEGIN VERIFICATION RESULT
# Messages
ERROR: Revocation list is missing
# Summary
#01 Certificate (End Entity): VALID
Subject: <>
Issuer: <>
Fingerprint (SHA256): <>
Validity: <>
PKI validation: FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)
#02 Certificate (Issuer): VALID
Subject: <>
Issuer: <>
Fingerprint (SHA256): <>
Validity: <>
PKI validation: Succeeded
END VERIFICATION RESULT

The CCL (CommonCryptoLib) trace shows the following configuration details:
Configuration: ccl/pkix/profile/<name>/issuer = <Any String>
Configuration: ccl/pkix/profile/<name>/revocation_check = CRL

Environment

SAP NetWeaver Application Server for ABAP
CommonCryptoLib 8.5.2 or newer

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA all versions

Keywords

Revocation list is missing, SSSLERR_PEER_CERT_UNTRUSTED, OA2C_GENERIC_ACCESS, OAuth, OAuth2, FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found), SAP Cryptographic Library, COMMONCRYPTOLIB, CRL, Certificate Revocation Checking , KBA , BC-IAM-SSO-CCL , CommonCryptoLib , BC-SEC-LGN-OA2 , OAuth 2.0 for ABAP , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.