SAP Knowledge Base Article - Preview

2936528 - Message: The digital signature for this certificate cannot be verified showing in transaction SSO2

Symptom

HTTP Response 401 is showing when you configure the authentication with the Logon Ticket or Assertion Ticket.
In the ticket accepting ABAP system, the following message is showing for ticket issuing system when execute transaction SSO2.

SAP System <ticket issuing system> Client ***
Owner CN=***
Issuer CN=***
The digital signature for this certificate cannot be verified.

Even you have performed the steps correctly to enable the Single Sign-on Authentication between ticket issuing system and accepting system. 
Access Control List(ACL) is also maintained correctly.

Please note all the steps you have performed are on the System PSE in ticket accepting system.


In the SEC_TRACE_ANALYZER trace log(Note: 2181120) collected in the ticket accepting system,showing the following information:

===================================================
N  mySAP: Got the following SSF Params:
N         DN      =CN=***
N         Profile =/usr/sap/***/D*/sec/<ticket verification PSE name>.pse     >>>>>>>>>>>>SSF Profile Name
N         PAB     =/usr/sap/***/D*/sec/<ticket verification PSE name>.pse   >>>>>>>>> >>>Private Address Book

N  *** ERROR => SsfVerify failed (see note 1055856). [ssoxxsgn.c   152]
N  *** ERROR => ValidateTicket failed with rc = 5 and ssf_rc = 27.
===================================================

Below are the common scenarios for the authentication with Logon Ticket,for your reference.

Java(ticket issuing system) and ABAP system (ticket accepting system)
Enabling Single Sign-on Authentication

ABAP(ticket issuing system) and ABAP system (ticket accepting system),We could take Fiori SSO configuration as example.
Please see note :2485474 - How to configure SSO from Fiori Launchpad to a back-end system with logon ticket

Please note that this KBA is intended to share some workaround suggestions for the symptom.


Read more...

Environment

SAP Netweaver Systems

Product

SAP NetWeaver 2004 ; SAP NetWeaver 7.0 ; SAP NetWeaver 7.1 ; SAP NetWeaver 7.2 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.0 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

HTTP Response 401 ,  SsfVerify failed ,Ticket validation failed , SSO2 , The digital signature for this certificate cannot be verified , assertion ticket, logon ticket, ACL , KBA , BC-SEC-LGN , Authentication , BC-JAS-SEC-LGN , Logon, SSO , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.