SAP Knowledge Base Article - Preview

2685317 - SSO Login to CDT with multiple Client Certificates don't work

Symptom

  • You want to use SSO and have two certificate issuers and both use the same CN as the certificate name
  • Because of Skype Clients running on some PCs you have set the registry key on each SAP CCtr Server as per KBA 2174821:
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL -> SendTrustedIssuerList = 1"
  • Agents are unable to use the SSO certificate, unless other certificates are uninstalled
  • Your agents are also using other systems that require Certificates like Lync/Skype
  • In the AS logs similar entries can be observed:
    • TRC> AuthenticationService: Start validating user  [user.name@company.com]
    • TRC> AuthenticationService: User with 'certificate [subject=user.name@company.com, issuer=CA-SERVERNAME' not authenticated.

Read more...

Environment

SAP Contact Center

Product

SAP Contact Center, on-premise edition 7.0 ; SAP Contact Center, on-premise edition all versions

Keywords

CCtr, SCC, CCI, CRM-CCI, SAP Business Communication Management 7, Certificate Authority, Mix Certificates, Windows Server 2012 2012R2 SSO certificate chain multiple CA trust, skype, multi certificates , KBA , CRM-CCI , Contact Center Infrastructure , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.