cancel
Showing results for 
Search instead for 
Did you mean: 

VSCode UNABLE_TO_VERIFY_LEAF_SIGNATURE on-premise system with valid certificate

patrick_weber11
Participant
0 Kudos
2,317

Hello community,

this is less a question but might be helpful for others fighting with this issue.
Related to this question here, I was still unable to connect to a on-premise S/4 (2020) system.

The system I want to connect uses an official certificate of our company, it is not a self-signed certificate but a certificate verified by a trustful and trusted vendor. To add the system as SAP system in VSCode, I ran Fiori App Generator and tried to add it as new system like this:

But it always gives me the error UNABLE_TO_VERIFY_LEAF_SIGNATURE.

I disabled all SSL related settings in VSCOde, I've installed the certificate chain over and over again and tried different nodejs settings like disable SSL_strict and also set environment variable NODE_EXTRA_CA_CERTS like described here.

Also I asked our SAP administrator to provide a HTTP connection and even this didn't work as it still keeps redirecting to HTTPS.

Luckily, I'm able to connect to an SAP ECC System (on-premise) by HTTP. I don't understand what is different here as this also uses the same certificates but it seems not to redirect for some reason. I used it to build a connection because I was interested what gets saved in which file.

After connection was set up to ECC system, I simply can change related settings (URL) like this. Please note, it still doesn't work with SSL but for some reason, HTTP works now. I also tried to build a new application with success. I got a huge list containing all active oData system of our S/4 on-premise system

The connection gets saved in a file named systems.json which is located at C:\users\<username>\.fioritools and the content looks like this.

{
  "systems": {
    "http://<url to your system>:8000/100": {
      "name": "myS4",
      "url": "http://<url to your system>:8000",
      "client": "100",
      "userDisplayName": "myUser"
    }
  }
}

So if anyone ran into the same issue, simply try to create a connection like this manually.

Hope this helps some people out there.

BR Patrick

View Entire Topic
Shen2
Employee
Employee
0 Kudos

I encountered a similar issue recently and found this post while searching for solution. For my scenario, the problem was the backend service has self-signed certificate. And the error was from ui5-middleware-simpleproxy. It helped to add strictSSL: false option in ui5.yaml.



Screenshot 2024-08-09 at 8.12.07 AM.png