How To Fix TRUST116 - Certificate has been included in the block list

The SAP error message TRUST116 indicates that a certificate has been included in the block list, which means that the system has identified the certificate as untrusted or potentially compromised. This can occur for various reasons, such as the certificate being expired, revoked, or not meeting the security policies defined in the SAP system.
Causes of TRUST116

Expired Certificate: The certificate may have reached its expiration date and is no longer valid.
Revoked Certificate: The certificate may have been revoked by the Certificate Authority (CA) due to security concerns.
Self-Signed Certificate: If the certificate is self-signed and not trusted by the system, it may be blocked.
Misconfiguration: There may be issues with the configuration of the trust store or the certificate chain.
Security Policies: The system's security policies may block certain types of certificates or those from untrusted sources.

Solutions for TRUST116


Check Certificate Validity:

Verify the expiration date of the certificate.
Check if the certificate has been revoked by consulting the Certificate Revocation List (CRL) or using Online Certificate Status Protocol (OCSP).



Update or Replace the Certificate:

If the certificate is expired or revoked, obtain a new certificate from a trusted Certificate Authority.
If using a self-signed certificate, consider replacing it with a CA-signed certificate.



Remove from Block List:

If you determine that the certificate is valid and should not be blocked, you can remove it from the block list in the SAP system.
This can typically be done through transaction code STRUST (Trust Manager) in SAP.



Review Trust Configuration:

Ensure that the trust configuration in the SAP system is set up correctly.
Check the SSL settings and ensure that the correct root and intermediate certificates are included in the trust store.



Consult Documentation:

Refer to SAP documentation for specific instructions on managing certificates and trust settings.
Check for any updates or patches that may address known issues related to certificate handling.



Related Information

Transaction STRUST: This transaction is used to manage SSL certificates and trust relationships in SAP systems.
Certificate Authorities: Ensure that the CA that issued the certificate is trusted by your SAP system.
Security Policies: Review your organization's security policies regarding certificate management and trust relationships.
SAP Notes: Check for relevant SAP Notes that may provide additional guidance or solutions for the TRUST116 error.

By following these steps, you should be able to resolve the TRUST116 error and ensure that your SAP system can properly trust the necessary certificates.