Post on 04-Dec-2015
description
SAP Note
Header Data
Symptom
When you log on using a "SAP Logon Ticket", the system rejects the logon (see Note 177895) and issues the following error message: "A logon ticket that could not be interpreted was received (syntax)" Previously, the ticket-based logon had correctly worked for approximately one year. Therefore, this is not a configuration problem.
Other Terms
MYSAPSSO2, workplace, SSO, Single Sign-On, ticket, logon, certificate, CA, Certification Authority, process flow, validity
Reason and Prerequisites
You use a certificate that was issued by SAP_CA (see also Note 389186). These certificates are issued with a validity period of only one year. Logon tickets are still issued after the validity period expires. However, when the system checks the logon tickets that it receives, the error that is mentioned above is triggered. This problem is not limited to CA certificates. However, self-signed certificates are generated with longer validity periods (up to the year 2038).
Solution
You must request the certificate again. To do this, you must use transaction PSEMAINT (or STRUST in newer releases) to generate a new PSE (with the same name) and resend a certificate request to SAP. Alternatively, you can send the certificate request to a different Certification Authority (CA).
Other Attributes
Validity
This document is not restricted to a software component or software component version
References
This document refers to:
SAP Notes
499386 - Invalid logon ticket for CA certificates
Version 4 Validity: 23.03.2007 - active Language English
Released On 23.03.2007 14:32:31
Release Status Released for Customer
Component BC-SEC-SSF Secure Store and Forward
BC-SEC Security
EP-PIN-SEC-TIC Ticket
Priority Correction with high priority
Category Help for error analysis
PSEMAINT
SSO2
STRUST
912229 WEBAS Java: SSO Public Key Certificate expires every 2 years
588297 Warnings about security certificates in the system log
Other Components
Transaction codes
This document is referenced by:
SAP Notes (3)
572035 Warning about expired security certificates
389186 Services rendered by the SAP Trust Center Service
177895 Refitting the mySAP.com Single Sign-On capability
177895 Refitting the mySAP.com Single Sign-On capability
389186 Services rendered by the SAP Trust Center Service
572035 Warning about expired security certificates