Symptom
Running the OA2C_GENERIC_ACCESS report results in the SSSLERR_PEER_CERT_UNTRUSTED error message.
However, there is no certificate missing; it has been confirmed that the certificate is present.
The ICM Level 3 trace indicates the SSSLERR_PEER_CERT_UNTRUSTED error message but additionally shows "FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)":
*** ERROR => SSL handshake with <hostname:port> failed: SSSLERR_PEER_CERT_UNTRUSTED
Peer's X.509 certificate (chain) validation failed (missing trust?)
...
Peer not trusted
BEGIN VERIFICATION RESULT
# Messages
ERROR: Revocation list is missing
# Summary
#01 Certificate (End Entity): VALID
Subject: <>
Issuer: <>
Fingerprint (SHA256): <>
Validity: <>
PKI validation: FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)
#02 Certificate (Issuer): VALID
Subject: <>
Issuer: <>
Fingerprint (SHA256): <>
Validity: <>
PKI validation: Succeeded
END VERIFICATION RESULT
The CCL (CommonCryptoLib) trace shows the following configuration details:
Configuration: ccl/pkix/profile/<name>/issuer = <Any String>
Configuration: ccl/pkix/profile/<name>/revocation_check = CRL
Read more...
Environment
- SAP NetWeaver Application Server for ABAP
- CommonCryptoLib 8.5.2 or newer
Product
Keywords
Revocation list is missing, SSSLERR_PEER_CERT_UNTRUSTED, OA2C_GENERIC_ACCESS, OAuth, OAuth2, FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found), SAP Cryptographic Library, COMMONCRYPTOLIB, CRL, Certificate Revocation Checking , KBA , BC-IAM-SSO-CCL , CommonCryptoLib , BC-SEC-LGN-OA2 , OAuth 2.0 for ABAP , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.