Hello,
I am facing a problem when I try to forward a certificate to a content server (transaction OAHT)
The system QAS was created as system copy from our productive system PRD.
When I try to send the certifcate I get the error message "SSF kernel error: Signer error"
I deleted re-created the System PSE in transaction STRUST - did not help, too.
When I check this in transaction SSO2, I find a strange thing.
In section Certificate List I find following entry
The Certificate List Is Used To Verify the Digital Signature for the Logon Ticket
/usr/sap/QAS/DVEBMGS01/sec//usr/sap/PRD/DVEBMGS00/sec/SAPSYS.pse
This path above is definetely wrong. The correct path would be /usr/sap/QAS/DVEBMGS01/sec/
Does anybody know where this path is defined?
SECUDIR as environment varaiable is set correctly; the profile parameters are also OK.
In the trace file I can find entries like
N krn_SsfV2_para_GetProfile: SsfOpenProfile failed with rc=23 N *** ERROR => <== krn_SsfV2_para_GetProfile()==208 (SSF_KRN_INPUT_DATA_ERROR) SsfOpenProfile failed [ssfxxkrn.c 1509] N *** ERROR => <== krn_Ssf_GetOwnCertificate()==208 (SSF_KRN_INPUT_DATA_ERROR) [ssfxxkrn.c 1509] N krn_SsfV2_para_GetProfile: SsfOpenProfile failed with rc=23 N *** ERROR => <== krn_SsfV2_para_GetProfile()==208 (SSF_KRN_INPUT_DATA_ERROR) SsfOpenProfile failed [ssfxxkrn.c 1509] N *** ERROR => <== krn_Ssf_GetOwnCertificate()==208 (SSF_KRN_INPUT_DATA_ERROR) [ssfxxkrn.c 1509] N *** ERROR => <== krn_SsfSign()==205 (SSF_KRN_SIGNER_LIST_ERROR) [ssfxxkrn.c 1509]
I checked lots of similiar issues in different threads here, but nothing helps.
Any ideas?
Thank you
Philipp
Edited by: Philipp Schweizer on Mar 3, 2011 10:48 AM
Edited by: Philipp Schweizer on Mar 3, 2011 10:49 AM