SAP Knowledge Base Article - Preview

3700002 - Secure HDBSQL Connection Fails With ERROR: The verified certificate chain is complete but no certificate is trusted

Symptom

You have followed the steps in Server Certificate Authentication | SAP Help Portal, created a new sapsrv.pse, and imported the root certificate to sapcli.pse to establish secure hdbsql connection to HANA database. However, the connection failed with error below though the certificate displayed is correct:


sp7adm@hanadb:/usr/sap/SP7/HDB00> hdbsql  -n hanadb:30015 -u SYSTEM -e
Password:
* -10709: Connection failed (RTE:[300015] SSL certificate validation failed: SSL error [536872221]: Unknown error, General error: 0x2000051d | SAPCRYPTOLIB | SSL_connect
SSL API error
Failed to verify peer certificate. Peer not trusted.
0xa0600203 | SSL_ | ssl3_connect
Peer not trusted
0xa0600203 | SSL_ | ssl3_get_server_certificate
Peer not trusted
0xa0600203 | SSL_ | ssl3_decode_server_certificate
Peer not trusted
0xa0600203 | SSL_ | ssl_verify_peer_certificates
Peer not trusted
0xa0600203 | SSL_ | ssl_cert_checker_verify_certificates
Peer not trusted
Certificate verification failed
0xa0600203 | SSL_ | ssl_cert_checker_verify_certificates
Peer not trusted
----- BEGIN VERIFICATION RESULT -----
 # --- Messages -----------
 ERROR: The verified certificate chain is complete but no certificate is trusted.
 # --- Summary -----------
 #01 Certificate (End Entity): VALID
  Subject:                      CN=hanadb, OU=CT1, OU=HANA-SSL-NEW
  Issuer:                       CN=hanadb, OU=CT1, OU=HANA-SSL-NEW
  Fingerprint (SHA256):         45:AA:57:2D:58:6D:53: (192.168.230.65:9496 -> hanadb:30015)) SQLSTATE: HY000


Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.


Read more...

Environment

  • SAP HANA, platform edition 1.0
  • SAP HANA, platform edition 2.0

Product

SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0

Keywords

sapsrv.pse does not take effect, how to make sapsrv.pse take effect, The verified certificate chain is complete but no certificate is trusted, sapcli.pse , KBA , HAN-DB-SEC , SAP HANA Security & User Management , HAN-DB-CLI , SAP HANA Clients (JDBC, ODBC) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.