3 weeks ago
Hello,
I am trying to add DBCO connection for HANA Datalake in SLT system. But getting certificate issue,
Database error -10709 at CON
Connection failed (RTE:[300015] SSL certificate validation failed: SSL error [536872221]: Unknown error, General error: 0x2000051d | SAPCRYPTOLIB | SSL_connect SSL API error Failed
to verify peer certificate. Peer not trusted. 0xa0600203 |
SSL_ | tls13_handshake Peer not trusted 0xa0600203 | SSL_ |
tls13_msg_decode Peer not trusted 0xa0600203 | SSL_ |
ssl_verify_peer_certificates Peer not trusted 0xa0600203 |
SSL_ | ssl_cert_checker_verify_certificates Peer not
trusted Certificate verification failed 0xa0600203 | SSL_ |
ssl_cert_checker_verify_certificates Peer not trusted -----
BEGIN VERIFICATION RESULT ----- # --- Messages -----------
ERROR: The chain of certificates is incomplete or untrusted,
missing certificate of [C1:AD:77:78] CN=DigiCert SHA2 Secure
Server CA, O=DigiCert Inc, C=US # --- Summary -----------
#01 Certificate (End Entity): VALID Subject:
CN=hanacloud.ondemand.com, O=SAP SE, L=Walldorf,
SP=Baden-Württemberg, C=DE Issuer:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US
Fingerprint (SHA256):
1B:91:75:BF:EB:78:80:EA:7A:C4:3D:1D:6F:22:29:99:9F:A1:9A:B8:
:2C:9D:C4:13:11:65:6D:7E:DC:28:43 Validity:
Tue Feb 4 19:00:00 2025 / Thu Feb 5 18:59:59 2026 PK
validation: FAILED: Validation of dependents -
Issuer Certificate (Issuer - Only Invalid Certificates
Found) #02 Certificate (Issuer): VALID Subject:
CN=DigiCert SHA2 Secure Server CA, O=DigiCert
Inc, C=US Issuer: CN=DigiCert Global
Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fingerprint (SHA256):
C1:AD:77:78:79:6D:20:BC:A6:5C:88:9A:26:55:02:11:56:52:8B:B6:
:F5:FA:43:E1:B8:E5:A8:3E:3D:2E:AA Validity:
Tue Sep 22 19:00:00 2020 / Sun Sep 22 18:59:59 2030 PK
validation: FAILED: Validation of dependents -
Issuer Certificate (ERROR: Issuer - No Certificates
Found) ----- END VERIFICATION RESULT ----- (ErrCode:
536872221.
below is the connection string we are using.
ENCRYPTION=TLS(TRUSTED_CERTIFICATES=*;TLS_TYPE=rsa;DIRECT=yes);HOST=<SQL endpoint of Datalake>
Am i missing something? or any issue with my connection string?
Request clarification before answering.
The error indicates that there is a problem with your certificate.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm specifically noting this error: ERROR:
The chain of certificates is incomplete or untrusted, missing certificate of [C1:AD:77:78] CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US # --- Summary ----------- #01 Certificate (End Entity): VALID Subject: CN=hanacloud.ondemand.com, O=SAP SE, L=Walldorf, SP=Baden-Württemberg, C=DE Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US Fingerprint (SHA256):
There is something it doesn't like about that certificate. Keep in mind that a certificate chain can be multiple levels deep. The most likely explanation is that there is an intermediate certificate that you need to include that was used between the DigiCert root and the final certificate.
You might also want to try replacing the "ü" in the "SP=Baden-Württemberg" field. I expect that was original "Baden-Württemberg" and it is getting misinterpreted somewhere. While the certificate should be able to handle the special character, it is worth ruling it out as an issue.
User | Count |
---|---|
88 | |
10 | |
9 | |
8 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.