SAP Knowledge Base Article - Preview

3561927 - Report OA2C_GENERIC_ACCESS results in error SSSLERR_PEER_CERT_UNTRUSTED

Symptom

Running the OA2C_GENERIC_ACCESS report results in the SSSLERR_PEER_CERT_UNTRUSTED error message.

However, there is no certificate missing; it has been confirmed that the certificate is present.

The ICM Level 3 trace indicates the SSSLERR_PEER_CERT_UNTRUSTED error message but additionally shows "FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)":

*** ERROR => SSL handshake with <hostname:port> failed: SSSLERR_PEER_CERT_UNTRUSTED
              Peer's X.509 certificate (chain) validation failed (missing trust?)
...
              Peer not trusted
                    BEGIN VERIFICATION RESULT
               #     Messages
               ERROR: Revocation list is missing
               #     Summary
               #01 Certificate (End Entity): VALID
                Subject:                      <>
                Issuer:                       <>
                Fingerprint (SHA256):         <>
                Validity:                     <>
                PKI validation:               FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found)
               #02 Certificate (Issuer):     VALID
                Subject:                      <>
                Issuer:                       <>
                Fingerprint (SHA256):         <>
                Validity:                     <>
                PKI validation:               Succeeded
                    END VERIFICATION RESULT

The CCL (CommonCryptoLib) trace shows the following configuration details:
Configuration: ccl/pkix/profile/<name>/issuer                           = <Any String>
Configuration: ccl/pkix/profile/<name>/revocation_check                 = CRL


Read more...

Environment

  • SAP NetWeaver Application Server for ABAP
  • CommonCryptoLib 8.5.2 or newer

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA all versions

Keywords

Revocation list is missing,  SSSLERR_PEER_CERT_UNTRUSTED, OA2C_GENERIC_ACCESS, OAuth, OAuth2, FAILED: Validation of dependents - Revocation List (ERROR: CRL - No CRL Found), SAP Cryptographic Library, COMMONCRYPTOLIB, CRL, Certificate Revocation Checking , KBA , BC-IAM-SSO-CCL , CommonCryptoLib , BC-SEC-LGN-OA2 , OAuth 2.0 for ABAP , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.