HTTPS Webservice Consumer Proxy - SSL Error

Hello all !

I'm encountering an issue while testing the connection to a HTTPS Webservice

Considering HTTPS and SSL have been installed correctly in our SAP system and the HTTPS is activated (green flag in SMICM)

I have done the following things :

1) I have configured a logical port in SOAMANAGER

Within the Consumer Security TAB (X.509 SSL Client PSE)

I put DFAULT value in the SSL Client PSE (STRUST)

the authentification Method is sapsp:HTTPX509

In the transport settings Port is 443 (port of HTTPS is configured differently in our SAP system)

2) In transaction STRUST I added the certificate of my webservice (imported from Firefox)

in the SSL client (Standard), there is a own certificate self signed by SAP Trust Community for my SAP instance

There I imported my certificate from the Webservice I need to reach and added it to the certificate list.

3)When I ping my WebService,

I receive the following Log in SMICM ==> (Trace Level 3)

[Thr 1286]   SSL NI-sock: local=xxx  peer=xxxx:443

[Thr 1286] <<- SapSSLSetNiHdl(sssl_hdl=116c58850, ni_hdl=129)==SAP_O_K

[Thr 1286] ->> SapSSLSetSessionCredential(sssl_hdl=116c58850, &cred_name=116c58810)

[Thr 1286]   SapISSLComposeFilename(): Filename = "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286]   SecudeSSL_SetSessionCred(): request for default client credentials

[Thr 1286] <<- SapSSLSetSessionCredential(sssl_hdl=116c58850)==SAP_O_K

[Thr 1286]      in: cred_name = "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse, show client certificate if available

[Thr 1286] ->> SapSSLSetTargetHostname(sssl_hdl=116c58850, &hostname=116c587d0)

[Thr 1286] <<- SapSSLSetTargetHostname(sssl_hdl=116c58850)==SAP_O_K

[Thr 1286]      in: hostname = "www.XXX.xx" (hostname of my webservice)

[Thr 1286] ->> SapSSLSessionStart(sssl_hdl=116c58850)

[Thr 1286]   SapISSLUseSessionCache(): Creating NEW session (0 cached)

[Thr 1286] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

[Thr 1286]    session uses PSE file "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286] No Secude Error present in trace stack!

[Thr 1286]   SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 1286]   No certificate request received from Server

[Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=116c58850)==SSSLERR_SSL_CONNECT

[Thr 1286] ->> SapSSLErrorName(rc=-57)

[Thr 1286] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

[Thr 1286] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010077} [icxxconn_mt.c 1989]

[Thr 1286] ->> SapSSLSessionDone(&sssl_hdl=1107eebd8)

[Thr 1286] <<- SapSSLSessionDone()==SAP_O_K

[Thr 1286]      in: sssl_hdl   = 116c58850

[Thr 1286]          ... ni_hdl = 129

Could you tell me what's wrong ? or what I'm missing ?

The certificate I added is wrong ? is it a server certificate when you import it from firefox yourself ? Or I need to ask a "Client Certificate" ?

Do they need to sign anything ?

I'm a bit lost...

Many Thanks !!!

Kr,

Jonathan,