on 2023 Nov 24 11:23 AM
Hey experts,
the following warning for is periodically flooding our LaMa Enterprise 3.0 Java security log:
The client proxy is making a SSL connection to https://<host.domain>:1129 without validating the SSL server certificate. Please change the configuration to validate the SSL server certificate.
In the attachment you can see one of the messages in detail.
2723977 is the only related SAP note I could find, but it just describes how to change the severity of this message from warning to error, which...will not help 😉
Of course I tried to check the Consumer Proxies configuration in Single Service Administration regarding the Ignore server certifcates (insecure) option, hence this seems to be the cause for this warning according to SAP note 2723977. But I have no idea which entry is relevant here. The one thing they all have in common: Ignore server certifcates (insecure) is activated by default.
Do you have any idea, if this can be fixed by changing a specific entries config to Accept Certificates in Keystore View: WebServiceSecurity, which entry needs to be configured and what the side-effects of this configuration for LaMa could be?
Maybe some of you have already had a similiar issue...
Thanks & regards, Marie
Hi Marie,
To enable the SSL server certificate validation in LaMa, you can disable the relevant "Ignore SSL Server Certificates for..." checkboxes in Setup > Engine.
For more details, please refer to the documentation page below:
The certificate entries should be configured in the "LVMView" in "Certificates and Keys: Key Storage" in NWA.
Best Regards,
Hristo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marie
As a suggestion in addition to the note 2723977
Can you verify if SSL is configured in NWA, if it is, check under certificates and keys, you should see a keystore view named Trusted CAs. Add the relevant root certificates (from the url in the error message) in there and then go back to your config and select accept certificates in keystore view - select 'Trusted CAs'
It's an SSL feature and shouldn't break your system
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey prosper Muzuva,
thanks for your reply. SSL is configured. I uploaded the root certificates in the Trusted CAs keystore view + into the Trusted CAs tab in SSL configuration (don't think it's necessary, but won't hurt ;)) and restarted the ICM. Had no effect. I guess we somehow have to change the setting in some logical port of some Consumer Proxies, but I'm still not sure, which is the right one and what happens if I do so...
Thanks & regards
User | Count |
---|---|
67 | |
10 | |
10 | |
10 | |
10 | |
8 | |
8 | |
7 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.