SAP Knowledge Base Article - Preview

2685317 - SSO Login to CDT with multiple Client Certificates don't work


  • You want to use SSO and have two certificate issuers and both use the same CN as the certificate name
  • Because of Skype Clients running on some PCs you have set the registry key on each SAP CCtr Server as per KBA 2174821:
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL -> SendTrustedIssuerList = 1"
  • Agents are unable to use the SSO certificate, unless other certificates are uninstalled
  • Your agents are also using other systems that require Certificates like Lync/Skype
  • In the AS logs similar entries can be observed:
    • TRC> AuthenticationService: Start validating user  []
    • TRC> AuthenticationService: User with 'certificate [, issuer=CA-SERVERNAME' not authenticated.



SAP Contact Center


SAP Contact Center, on-premise edition 7.0 ; SAP Contact Center, on-premise edition all versions


CCtr, SCC, CCI, CRM-CCI, SAP Business Communication Management 7, Certificate Authority, Mix Certificates, Windows Server 2012 2012R2 SSO certificate chain multiple CA trust, skype, multi certificates , KBA , CRM-CCI , Contact Center Infrastructure , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.