Re: Can't get SSL Authentication to work

Hi Amerjit, here are the answers to your questions:

Q) Are you the Basis Admin for this system and are permitted to restart if necessary ?

A) Nope, I am a developing the ABAP code for the web service consumer.

Q) Do you have o/s access on the SAP server ?

A) Nope, but I can ask the server admin to run OS commands for me (see below).

Q) Your Web Service Server is what ?

A) It's an IBM DataPower machine. I will need to ask if you need more information (like version).

1. I would like you to have a look at OSS  #510007 noting point #7 (optional) and the setting of ssl/client_ciphersuites to 208.

--> I have asked the basis team to change that, not done yet though.

2. If you have o/s access on the SAP system, are you able to telnet to the web service server.

eg: telnet <server ip> <ssl port>

--> Yes, that's working, the remote server is reachable:

rorzesek@af7lq001:~> telnet 10.206.58.12 16101

Trying 10.206.58.12...

Connected to 10.206.58.12.

Escape character is '^]'.

3. Please increase the trace level of ICM before you try your next test and then upload the ICM trace file after your test.

The Trace (level 3) can be found here: ICM Trace - Pastebin.com

4. On your SAP system, please try connecting to the web service server with openssl to get certificate and protocol information. The following command will give you certificate, certificate chain and protocol information.

rorzesek@af7lq001:~> openssl s_client -showcerts -connect HOSTNAME:16101

CONNECTED(00000003)          

depth=0 /DC=de/DC=[hidden]/DC=SecPort/OU=Special Applications/OU=Websphere MQ/OU=TIMB/O=TIMB/OU=DEV/CN=HOSTNAME

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 /DC=de/DC=[hidden]/DC=SecPort/OU=Special Applications/OU=Websphere MQ/OU=TIMB/O=TIMB/OU=DEV/CN=HOSTNAME

verify error:num=27:certificate not trusted

verify return:1

depth=0 /DC=de/DC=[hidden]/DC=SecPort/OU=Special Applications/OU=Websphere MQ/OU=TIMB/O=TIMB/OU=DEV/CN=HOSTNAME

verify error:num=21:unable to verify the first certificate

verify return:1

28889:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1098:SSL alert number 40

28889:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: