- You want to use SSO and have two certificate issuers and both use the same CN as the certificate name
- Because of Skype Clients running on some PCs you have set the registry key on each SAP CCtr Server as per KBA 2174821:
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL -> SendTrustedIssuerList = 1"
- Agents are unable to use the SSO certificate, unless other certificates are uninstalled
- Your agents are also using other systems that require Certificates like Lync/Skype
- In the AS logs similar entries can be observed:
- TRC> AuthenticationService: Start validating user [email@example.com]
- TRC> AuthenticationService: User with 'certificate [firstname.lastname@example.org, issuer=CA-SERVERNAME' not authenticated.
SAP Contact Center
CCtr, SCC, CCI, CRM-CCI, SAP Business Communication Management 7, Certificate Authority, Mix Certificates, Windows Server 2012 2012R2 SSO certificate chain multiple CA trust, skype, multi certificates , KBA , CRM-CCI , Contact Center Infrastructure , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.