cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to create a DB connection to HANA Data Lake in SLT system.

suresh712
Participant

3 weeks ago

0 Kudos
116

Hello,

I am trying to add DBCO connection for HANA Datalake in SLT system. But getting certificate issue,

Database error -10709 at CON
Connection failed (RTE:[300015] SSL certificate validation failed: SSL error [536872221]: Unknown error, General error: 0x2000051d | SAPCRYPTOLIB | SSL_connect SSL API error Failed
to verify peer certificate. Peer not trusted. 0xa0600203 |
SSL_ | tls13_handshake Peer not trusted 0xa0600203 | SSL_ |
tls13_msg_decode Peer not trusted 0xa0600203 | SSL_ |
ssl_verify_peer_certificates Peer not trusted 0xa0600203 |
SSL_ | ssl_cert_checker_verify_certificates Peer not
trusted Certificate verification failed 0xa0600203 | SSL_ |
ssl_cert_checker_verify_certificates Peer not trusted -----
BEGIN VERIFICATION RESULT ----- # --- Messages -----------
ERROR: The chain of certificates is incomplete or untrusted,
missing certificate of [C1:AD:77:78] CN=DigiCert SHA2 Secure
Server CA, O=DigiCert Inc, C=US # --- Summary -----------
#01 Certificate (End Entity): VALID Subject:
CN=hanacloud.ondemand.com, O=SAP SE, L=Walldorf,
SP=Baden-Württemberg, C=DE Issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Fingerprint (SHA256):
1B:91:75:BF:EB:78:80:EA:7A:C4:3D:1D:6F:22:29:99:9F:A1:9A:B8:
:2C:9D:C4:13:11:65:6D:7E:DC:28:43 Validity:
Tue Feb 4 19:00:00 2025 / Thu Feb 5 18:59:59 2026 PK
validation: FAILED: Validation of dependents -
Issuer Certificate (Issuer - Only Invalid Certificates
Found) #02 Certificate (Issuer): VALID Subject:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert
Inc, C=US Issuer: CN=DigiCert Global
Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fingerprint (SHA256):
C1:AD:77:78:79:6D:20:BC:A6:5C:88:9A:26:55:02:11:56:52:8B:B6:
:F5:FA:43:E1:B8:E5:A8:3E:3D:2E:AA Validity:
Tue Sep 22 19:00:00 2020 / Sun Sep 22 18:59:59 2030 PK
validation: FAILED: Validation of dependents -
Issuer Certificate (ERROR: Issuer - No Certificates
Found) ----- END VERIFICATION RESULT ----- (ErrCode:
536872221.

below is the connection string we are using.

ENCRYPTION=TLS(TRUSTED_CERTIFICATES=*;TLS_TYPE=rsa;DIRECT=yes);HOST=<SQL endpoint of Datalake>

Am i missing something? or any issue with my connection string?

 

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
View Entire Topic
RobertWaywell
Product and Topic Expert
Product and Topic Expert
3 weeks ago
0 Kudos

The error indicates that there is a problem with your certificate. 

 

 

Show replies
Show replies
suresh712
Participant
3 weeks ago
0 Kudos

Thanks Rob for the reply. We have imported the Digi cert root certificates. Below are the certs we have imported to app server.

DigiCert Global Root G2

DigiCert Global Root G3

DigiCertTLSECCP384RootG5

DigiCert Global Root CA

RobertWaywell
Product and Topic Expert
Product and Topic Expert
3 weeks ago
0 Kudos

I'm specifically noting this error: ERROR:

The chain of certificates is incomplete or untrusted, missing certificate of [C1:AD:77:78] CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US # --- Summary ----------- #01 Certificate (End Entity): VALID Subject: CN=hanacloud.ondemand.com, O=SAP SE, L=Walldorf, SP=Baden-Württemberg, C=DE Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US Fingerprint (SHA256):

There is something it doesn't like about that certificate. Keep in mind that a certificate chain can be multiple levels deep. The most likely explanation  is that there is an intermediate certificate that you need to include that was used between the DigiCert root and the final certificate. 

You might also want to try replacing the "ü"  in the "SP=Baden-Württemberg" field. I expect that was original "Baden-Württemberg" and it is getting misinterpreted somewhere. While the certificate should be able to handle the special character, it is worth ruling it out as an issue. 

 

suresh712
Participant
3 weeks ago
0 Kudos
We are unable to figure out what certificate it is ? Can you pls help out with certificates that needs to be imported ?
Ask a Question