Misleading log error messages “Client certificate error.”
[authentication] [certificate] [engine] [error log] [http] [ie4 error log.txt] [J2EE] [php error log] [server] [SSL] [var log messages]
Related:
- Misleading log error messages “Cannot get aliases for …”Symptom In the default trace files the following error messages...
- Hom./Het.System Copy SAP Web AS 6.40 SR1 JavaSymptom *********************************************************************** * Homogeneous and Heterogeneous System Copy * for...
- Performance problems with https requests.Symptom In most of the cases the issues are created...
- Creating plug-in trace files for troubleshootingSymptom This note describes different options to create plug-in trace...
- FAQ XI 3.0/ PI 7.0/ PI 7.1/ PI 7.11/ PI 7.2 RFC AdapterSymptom FAQ XI 3.0 RFC Adapter, PI 7.0 RFC Adapter,...
- SAP NetWeaver AS Java 6.40 SP24 – List of correctionsSymptom You want to know which changes have been done...
- SAP NetWeaver AS Java 7.01 (EhP1) SP04- List of correctionsSymptom List of Corrections for SP04 of the NW701 (EhP1)...
- SAP NetWeaver 7.01 SPS03: Release Information JSPMSymptom This SAP Note describes all changes and fixes for...
Symptom
In the default trace files the following error messages appear even when there is no real error observed:
Client certificate error.IP address
[EXCEPTION]
{0}#1#javax.net.ssl.SSLPeerUnverifiedException: Peer identity not verified
at com.sap.bc.proj.jstartup.fca.FCAConnection.getPeerCertificateChain(FCAConnection.java:452)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:423)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:250)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:45)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:109)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:314)
Other terms
j2ee engine, http server, SSL, certificate, authentication
Reason and Prerequisites
The above errors can be written to the default traces in the case when the client makes HTTPS requests without sending a client certificate to the server, which is not always an error: for example the client uses different type of authentication than certificate-based; or when the client does need to authenticate but only to use SSL encrypted communication.
Solution
In versions 711 SP02 and later, the log severity of this message is decreased to warning and is not written by default in the trace files.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}