cancel
Showing results for 
Search instead for 
Did you mean: 

Extract peer SSL certificate automatically to resolve SSSLERR_PEER_CERT_UNTRUSTED

dschiener
Explorer
0 Kudos
227

Hi there.

I am looking for a solution to extract a missing peer SSL certificate and add it to the trust store via ABAP.

For the second part, adding it to the trust store, I already found a solution.

What's now still missing is the step to extract the SSL certificate from peer automatically.

Any ideas how to do this in ABAP?

BR

Sandra_Rossi
Active Contributor
0 Kudos
For public Web sites, you may get it via your internet browser (click on the "https lock" in the address bar, etc.)
Sandra_Rossi
Active Contributor
0 Kudos
Sorry. If you ask because of the certificate expiry date, what about adding the certificate of its Certificate Authority whose expiry date should be far away? If ABAP, I know a partial solution, it works in ABAP 7.52 but doesn't work in 7.58. https://github.com/sandraros/zcerti
Suneeth_P
Participant

ICM level 3 trace logs the server SSL certificate. 
Openssl can also extract SSL certificate from the target with the -showcerts option.

I am a Basis admin . I find having the root certificate in the ABAP trust store more manageable than having the certificate chain if everyone agrees to it. It lasts longer as well in most cases well over 10 years
Specially with the BTP end points, SAP keeps changing the certificates and its recommended to have the root certificate in trust store

Accepted Solutions (0)

Answers (2)

Answers (2)

dschiener
Explorer
0 Kudos

@Suneeth_P this would work, yes - just tested successfully.

But with this way, I would accept ALL certificates that have been signed from this CA...

Granted that it's very improbably that the CA get's compromised, but it would be more safe/explicit to add only the peers certificate to trust store.

dschiener
Explorer
0 Kudos

@Sandra_Rossi thank you. I know this way. But what I am looking for (as I wrote) is a programmable solution :).