- An outgoing SSL connection from the Netweaver Application Server Java fails.
- When the issue is reproduced with tracing activated as documented in KBA 1799620 - Logs required for analysis of SSL related issues - Netweaver AS Java as SSL client, the following traces can be found
Extension error: keyusage does not allow certificate signing
ssl_debug(n): Sending alert: Alert Fatal: bad certificate
ssl_debug(n): Shutting down SSL layer...
ssl_debug(n): SSLException while handshaking: Peer certificate rejected by ChainVerifier
ssl_debug(n): Closing transport...
Note: The error 'Peer certificate rejected by ChainVerifier' is written whenever there is a failure to verify the certificate or certificate chain sent by the server to which the outbound SSL connection attempt is made, and can occur for many different reasons. This document is only written for the very specific case where when the issue is reproduced with tracing activated, 'Extension error: keyusage does not allow certificate signing' can be found.
- SAP NetWeaver 7.0
- SAP enhancement package 1 for SAP NetWeaver 7.0
- SAP enhancement package 2 for SAP NetWeaver 7.0
- SAP enhancement package 3 for SAP NetWeaver 7.0
- SAP NetWeaver 7.3
- SAP enhancement package 1 for SAP NetWeaver 7.3
- SAP NetWeaver Composition Environment 7.1
- SAP enhancement package 1 for SAP NetWeaver Composition Environment 7.1
- SAP NetWeaver Composition Environment 7.2
iaik , KBA , BC-JAS-SEC-CPG , Cryptography , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.