SSSLERR_PEER_CERT_UNTRUSTED Trying to connect to t...

bobi04 · ‎12-06-2023

Hello,

I'm trying to connect to a URL in the same server, ( BSP applic. ) but when I try to connect to this URL I get the next error.

SSL handshake with xxxxxx.it-dc.net:8081 failed: SSSLERR_PEER_CERT_UNTRUSTED (-102)#Peer's X.509 certificate (chain) validation failed (missing trust?)##SapSSLSessionStartNB()==SSSLERR_PEER_CERT_UNT

I tried to look in STRUST transaction but there is the certificate and it doesn't look like there is any error within,

Can somebody help?

abo · ‎12-06-2023

Did you look at the whole chain from the root CA downwards or just the final node?

bobi04 · ‎12-06-2023

c5e08e0478aa4727abc4482f5be390b2 when I go to STRUST, I see the certificate, I don't see any chain or anything related to that

Ulrich_Schmidt · ‎12-06-2023

The CA root certificate of the "peer's" certificate needs to be imported into the "Certificate List" in STRUST, most probably in the "SSL client Standard" section or the currently used "SSL client xyz" section.

bobi04 · ‎12-06-2023

I have it there.

Ulrich_Schmidt · ‎12-06-2023

No, you don't...: "Certificate List" is empty!

bobi04 · ‎12-06-2023

I think that this one is the correct, there are a certificate List.

This is the log of the error.

Ulrich_Schmidt · ‎12-06-2023

That one is the list for the server, but your problem is in the client. Your client does not trust the certificate of the server, therefore you need to import your server's CA root into the trust list of the client.

abo · ‎12-06-2023

the chain is visible as such only in a browser, the STRUST interface will show them as separate certificates

syedkamran · ‎12-06-2023

You can check the dev_icm log for exact certificate name which is causing the problem and import the same required certificate in correct PSE file.

SSSLERR_PEER_CERT_UNTRUSTED Trying to connect to the same system