Protect4S - VM User Guide
  • Protect4S - VM User Guide
  • Introduction
    • Quick setup
    • Support
    • Protect4S VM place in SAP system landscape
  • Pre-conditions and installation
    • Supported operating system and database types
    • Software version requirements
    • Recommendations
    • Heterogeneous database connections
  • Protect4S VM Software Installation
    • Add-On Installation, import support packages and upgrade
    • Installation post-processing
  • Create Protect4S VM users and roles
    • Distribution of satellite roles
    • satellite system ABAP RFC user using wizard
    • satellite system ABAP RFC user MANUAL SETUP
    • satellite system JAVA user
    • satellite system database user
    • satellite system operating system user
    • Operating system user other than <sid>adm
    • Satellite system BusinessObjects user
  • Check and set Application settings
  • Protect4S VM Menu
  • Execute the Quick setup
    • Company
    • Systems
      • Creating an ABAP system
      • Creating a JAVA system
      • Creating a BusinessObjects BI system
      • Creating a HANA standalone system
      • Creating a SAP Web Dispatcher system
      • Creating a SAProuter system
      • Creating a SAP Cloud Connector system
      • SAPControl security settings
  • Create a project
    • New project
    • New Scan
  • Check Template
  • Contact persons and Scan subscription
    • Contact persons
    • Scan subscriptions
  • Reports
    • Scan result
    • Scan results information
    • System tab
    • Company tab
    • Scan statistics tab
    • Check overview
    • Risk history
    • Scan statistics
    • Scan export
    • Mitigation report
    • Scan comparison
    • Management overview
    • Connection map
  • Mitigation of Vulnerabilities
    • Mitigation menu
  • Check exemptions
  • SIEM Interface
  • Integration
    • Incident Management
  • Information and support
    • Welcome menu
    • Product information
    • Check information
    • Change log
    • User Guide
    • Report a software defect
    • Feature request
  • Deinstallation
  • Appendix A: Troubleshooting Satellite System connection issues
    • SAPControl connections
    • Database connection
    • JAVA connection
    • HTTPS certificate errors
  • Appendix B: Installation database libraries
    • IBM DB2
    • MSSQL
    • MaxDB
    • Oracle
    • SAP Sybase
    • SAP HANA
  • Appendix C: satellite system Communication Ports
  • Appendix D: Protect4S VM SICF Services
  • Appendix E: using a server group
  • Appendix F System context
  • Appendix G DNS resolving
  • Appendix H Dump in Scan subsciptions
  • Appendix I HTTPURLLOC table
  • Appendix J - Risk Matrix
  • Appendix K - Short dump function module "PFL_GET_SINGLE_PARAMETER" not found
  • FAQs
    • General
    • Installation
    • Configuration
    • Projects and scans
  • Contact us
Powered by GitBook
On this page

Was this helpful?

  1. Appendix A: Troubleshooting Satellite System connection issues

HTTPS certificate errors

PreviousJAVA connectionNextAppendix B: Installation database libraries

Last updated 2 years ago

Was this helpful?

If the following errors occur it is in most cases because the certificates of the to-be-scanned satellite system are not trusted (not imported in transaction STRUST) in the system running Protect4S VM.

  • "SSSLERR_PEER_CERT_UNTRUSTED"

  • "SSSLERR_SERVER_CERT_MISMATCH"

  • "ICF Error when creating object - Argument not found"

  • or other certificate related errors

To solve this please follow the below steps.

Get the certificate(s) from the Satellite system by them for example from the browser

  1. Use your Internet browser to connect to the required satellite destination address 'https://...'

  2. As soon as the connection has been established, display the security details (usually, by double clicking the lock symbol)

  3. Display the certificate of the server

  4. Export the server certificate into a file (for example, in the format 'Base64')

  5. If necessary, open the certificate or the certificates of the certificate chain from the certificate hierarchy, and also export this certificate or these certificates

Import the certificates in STRUST

  1. In the Protect4S central system call transaction STRUST and double-click on SSL client (Standard) in the left tree view of PSEs (also called "SAPSSLC.pse")

  2. From Menu, choose Certificate->Import. In the File tab enter the filename of the downloaded cert into the field File path, or use the selection help at the end of that field for an Open File popup window of the OS

  3. When the proper certificate appears in the certificate details view in the lower right area of transaction STRUST, press the Add to Certificate List button on the bottom.

  4. Save the changes to the PSE with Save button

  5. Redo steps 1-4 for SSL client (Anonymous) PSE (also called "SAPSSLA.pse")

Newer Releases of SAP Netweaver (702 and 710+) will automatically reload the SSL PSE after saving the change. If the error PEER_CERT_UNTRUSTED persists, please try manually restarting the icman process. For old Netweaver Releases (6xx, 700 and 701) you will always have to manually restart the icman process for the PSE change to take effect. Use transaction SMICM and from Menu "Administration"->"ICM"->"Exit Soft"->"Global" to manually restart the icman process.

For specific "ICF Error when creating object - Argument not found":

Make sure the HTTPS service on the VM system is active in SMICM and that PSE keystore "SSL client SSL Client (Anonymous)" is activated in STRUST.

References with more information:

SAP Wiki: SAP Note: SAP Note: SAP Note: SAP Note:

downloading
How to troubleshoot SSSLERR_PEER_CERT_UNTRUSTED
2461900 - SSSLERR_PEER_CERT_UNTRUSTED error in dev_icm trace
1094342 - ICM trace contains verification of the server's certificate
510007 - Setting up SSL on Web Application Server ABAP
2469949 - ICF Error when creating HTTP client object by Config for URL