KB Article #173087
Problem SSL CFT - GW : LOCAL CAID=NULLCERT, CERTID=NULL
Problem
-- SSL transfer problem between Transfer CFT and Gateway
-- The transfer reaches the step where the client (Transfert CFT) checks its PKI database to find the certificate to be transmitted to the server (Gateway)
-- The following message appears in SSL trace on CFT side:
13/03/11 09:47:08 CFTY02Z >> CTX=200006 Client certificate not found (LOCAL CAID=NULLCERT, CERTID=NULL)
13/03/11 09:47:08 CFTY02Z >> CTX=200006 cftpki() _ PKII PHASE=GETCERT CR=0 REASON=48
13/03/11 09:47:08 CFTY02Z >> CTX=200006 UNKNOWN CA : DN=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/
13/03/11 09:47:08 CFTY23I CTX=200006 Client certificate ID=NULL ROOTID=NULLCERT
Resolution
The solution has to be implemented on Gateway side.
In Synchrony Gateway Navigator go to:
Security Management ->
Transfer Security Manager ->
Security Profile -> TLS Profile
Right click on the concerned TLS profile ->
Modify ->
Accepted authorities (server only) -> Check the box next to the partener's root certificate