Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Untrusted Certificate path when connecting via SAProuter

daphneo
Explorer
0 Kudos
305

Hi

We are connecting to a customer's SAP system via SAProuter.

Currently getting an error on our side that:

*** ERROR => SncPEstablishContext()==SNCERR_GSSAPI  [D:/depot/bas/75 3604]
GSS-API(maj): Miscellaneous failure
GSS-API(min): A2200223:Peer certificate path not trusted
Unable to establish the security context
target="p:CN=CLIENT_CERTIFICATE"

On the customer side, they get a similar error:

*** ERROR => SncPEstablishContext(): SNCERR_AUTH_MISMATCH -- wrong peer!
expecting = "p:CN=sapserv1, OU=SAProuter, O=SAP, C=DE"
but peer is = "p:CN=MY_CERTIFICATE"

I have installed CN=CLIENT_CERTIFICATE in my pse file.

The customer have installed CN=MY_CERTIFICATE in their pse file.

Customer is starting their saprouter with:

C:\usr\sap\saprouter\saprouter.exe -r -W  -K p:CN=CLIENT_CERTIFICATE

I'm starting my saprouter in a similar fashion but with -K p:CN=MY_CERTIFICATE

Yes, customer is having CN=sapserv1, OU=SAProuter, O=SAP, C=DE in their saprouttab, but that is for SAP to connect.

In my saprouttab I have an entry:

KP "p:CN=CLIENT_CERTIFICATE" 159.x.x.x 3299
P 10.x.x.x 159.x.x.x 3299

Why would SAProuter think we're using the sapserv1 certificate instead of the one specified?

And most importantly, how can I fix this?

0 REPLIES 0