/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- You have XS Classical job integrated with other application. The job failed and check the xsengine trace trace you can find the error like "The verified certificate chain is complete but no certificate is trusted."
- Here is an example trace:
[3465359]{-1}[-1/-1] 2025-09-17 15:40:00.053233 i TraceContext TraceContext.cpp(01371) : UserName=XXX, ApplicationUserName=XXX, ApplicationName=XXX, ApplicationSource=XXX
[3465359]{-1}[-1/-1] 2025-09-17 15:40:00.053233 e xsa:XXX XXX(00143) : error fetching csrf token
[3465359]{-1}[-1/-1] 2025-09-17 15:40:00.053245 e xsa:XXX XXX(00144) : HttpClient.request: request failed because of internal error: SSL certificate validation failed: SSL error [536872221]: Unknown error, General error: 0x2000051d | SAPCRYPTOLIB | SSL_connect
SSL API error
Failed to verify peer certificate. Peer not trusted.
0xa0600203 | SSL_ | ssl3_connect
Peer not trusted
0xa0600203 | SSL_ | ssl3_get_server_certificate
Peer not trusted
0xa0600203 | SSL_ | ssl3_decode_server_certificate
Peer not trusted
0xa0600203 | SSL_ | ssl_verify_peer_certificates
Peer not trusted
0xa0600203 | SSL_ | ssl_cert_checker_verify_certificates
Peer not trusted
Certificate verification failed
0xa0600203 | SSL_ | ssl_cert_checker_verify_certificates
Peer not trusted
----- BEGIN VERIFICATION RESULT -----
# --- Messages -----------
ERROR: The verified certificate chain is complete but no certificate is trusted.
# --- Summary -----------
#01 Certificate (End Entity): VALID
Subject: CN=XXX, O=SAP SE, L=Walldorf, SP=XXX, C=DE
Issuer: CN=DigiCert G5 TLS RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Fingerprint (SHA256): 34:F9:88:E3:09:80:7E:7A:DD:83:53:D8:E9:D1:5B:53:F3:A8:A1:4F:5B:E6:FD:41:4F:D9:E1:94:9C:1E:53:5D
Validity: Mon Sep 15 00:00:00 2025 / Mon Sep 14 23:59:59 2026
PKI validation: FAILED: Validation of dependents - Issuer Certificate (Issuer - Only Invalid Certificates Found)
#02 Certificate (Issuer): VALID
Subject: CN=DigiCert G5 TLS RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Issuer: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Fingerprint (SHA256): C6:27:0A:15:06:91:FB:E1:90:D8:31:F5:13:9B:DF:EE:CF:7B:29:8B:4F:A0:CA:17:30:6A:69:D7:E9:1E:7B:A2
Validity: Wed Apr 14 00:00:00 2021 / Sun Apr 13 23:59:59 2031
PKI validation: FAILED: Validation of dependents - Issuer Certificate (Issuer - Only Invalid Certificates Found)
#03 Certificate (Issuer): VALID
Subject: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Issuer: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Fingerprint (SHA256): 37:1A:00:DC:05:33:B3:72:1A:7E:EB:40:E8:41:9E:70:79:9D:2B:0A:0F:2C:1D:80:69:31:65:F7:CE:C4:AD:75
Validity: Fri Jan 15 00:00:00 2021 / Sun Jan 14 23:59:59 2046
PKI validation: FAILED
Trusted: ERROR: Untrusted - Complete Chain
----- END VERIFICATION RESULT -----
Read more...
Environment
SAP HANA Platform
Product
SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0
Keywords
hana xs, certificate validation, s4hana cloud integration, DigiCertTLSRSA4096RootG5, DigiCertGlobalRootCA, SAPSSLC.pse, hana xs job scheduler, integration failure, certificate chain not trusted, ssl error, hana database , KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-AS-XS , SAP HANA Extended Application Services , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)