How To Fix STRUSTCR034 - Retrieval of CRL failed or trust configration is missing

The SAP error message STRUSTCR034 indicates that there is an issue with the retrieval of the Certificate Revocation List (CRL) or that the trust configuration is missing in the SAP system. This error typically occurs in the context of SSL/TLS communication, where the system is trying to validate the certificates used for secure connections.
Causes:

Missing or Incorrect Trust Configuration: The trust configuration in the STRUST transaction may not be set up correctly, meaning that the system does not know which Certificate Authorities (CAs) to trust.
CRL Retrieval Issues: The system may be unable to retrieve the CRL from the specified URL due to network issues, incorrect URL, or the CRL being unavailable.
Expired or Invalid Certificates: The certificates being used may have expired or may not be valid, leading to issues in establishing trust.
Firewall or Proxy Issues: Network configurations such as firewalls or proxies may be blocking access to the CRL distribution point.

Solutions:


Check Trust Configuration:

Go to transaction STRUST in your SAP system.
Ensure that the correct root CA certificates are imported into the "SSL Client (Standard)" or "SSL Server (Standard)" section, depending on your use case.
Verify that the trust configuration is complete and that the necessary certificates are present.



Verify CRL URL:

Check the CRL distribution point specified in the certificate. You can do this by examining the certificate details in STRUST.
Ensure that the URL is accessible from the SAP server. You can test this by trying to access the URL from a web browser or using command-line tools like curl or wget.



Network Configuration:

Ensure that there are no firewall or proxy settings blocking access to the CRL URL.
If a proxy is required, configure the SAP system to use the proxy settings correctly.



Update Certificates:

If the certificates are expired or invalid, obtain new certificates from the relevant Certificate Authority and import them into the SAP system using STRUST.



Check SAP Notes:

Look for relevant SAP Notes that may address specific issues related to CRL retrieval or SSL configuration. SAP Notes can provide patches or additional configuration steps.



Test SSL Connection:

Use tools like OpenSSL to test the SSL connection and verify that the certificates are being presented correctly and that the CRL can be retrieved.



Related Information:

Transaction STRUST: This transaction is used to manage SSL certificates and trust relationships in SAP.
Certificate Authorities (CAs): Ensure that you are using trusted CAs for your certificates.
SSL Configuration: Familiarize yourself with SSL configuration in SAP, including the use of STRUST and the importance of CRLs in maintaining secure communications.
SAP Security Guides: Refer to SAP security guides for best practices on SSL and certificate management.

By following these steps, you should be able to resolve the STRUSTCR034 error and ensure that your SAP system can successfully retrieve the CRL and establish secure connections.