SAP Knowledge Base Article - Preview

2942034 - "received a fatal TLS certificate unknown alert message from the peer"

Symptom

The following trace entries are observed at the trace file of the ICM or Web Dispatcher:

[Thr 12428] Fri Jun 26 20:18:38:820 2020
[Thr 12428] SSL_get_state()==0x1180 "TLS read client certificate A"
[Thr 12428] *** ERROR during secussl_read() from SSL_read()==SSL_ERROR_SSL
[Thr 12428] srv SSL session PSE "C:\usr\sap\<SID>\<instance>\sec\SAPSSLS.pse"
[Thr 12428] session ciphersuites=135:PFS:HIGH::EC_P256:EC_HIGH
[Thr 12428] Server SSL_CTX 000001CC4D900FB0 pvflags=897 (TLSv1.2,TLSv1.1,TLSv1.0,BC)
[Thr 12428] TLSextSNI server_name="<your SAP fully qualified hostname>"
[Thr 12428] secussl_read: SSL_read() failed (536875078/0x20001046)
[Thr 12428] => "received a fatal TLS certificate unknown alert message from the peer"
[Thr 12428] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 12428] 0x20001046 | SAPCRYPTOLIB | SSL_read
[Thr 12428] SSL API error
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_accept
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] 0xa0600263 | SSL | ssl3_read_bytes
[Thr 12428] received a fatal TLS certificate unknown alert message from the peer
[Thr 12428] << ---------- End of Secu-SSL Errorstack ----------
[Thr 12428] SSL NI-hdl 50: local=<IP address of SAP>:<HTTPS port> peer=<client IP address>:<random port>
[Thr 12428] <<- ERROR: SapSSLSessionStartNB(sssl_hdl=1cc4ddd58f0)==SSSLERR_SSL_READ
[Thr 12428] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStartNB returned (-58): SSSLERR_SSL_READ [icxxconn.c 2442]


Read more...

Environment

  • Product independent
  • Release independent
  • Client/Server Technology - ICM (Internet Communication Manager)
  • Client/Server Technology - Web Dispatcher

Product

SAP NetWeaver all versions

Keywords

SSL , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.