How To Fix TRUST126 - Certificate range is already in the block list

The SAP error message TRUST126 indicates that a certificate is in the block list, which means that the system has identified it as untrusted or invalid for some reason. This can happen for various reasons, such as the certificate being expired, revoked, or not meeting the security policies defined in your SAP system.
Cause:

Expired Certificate: The certificate may have reached its expiration date.
Revoked Certificate: The certificate may have been revoked by the Certificate Authority (CA).
Security Policy Violation: The certificate may not meet the security requirements set in the SAP system.
Incorrect Configuration: The certificate may not be properly configured in the SAP Trust Manager (transaction code STRUST).
Certificate Chain Issues: There may be issues with the certificate chain, such as missing intermediate certificates.

Solution:


Check Certificate Validity:

Use transaction code STRUST to view the certificate details.
Check the validity period and ensure it is not expired.



Update or Replace the Certificate:

If the certificate is expired or revoked, obtain a new certificate from the CA and import it into the SAP system.
Ensure that the new certificate is properly configured in the Trust Manager.



Review the Block List:

In transaction STRUST, navigate to the "SSL Client (Anonymous)" or "SSL Server" tab (depending on your use case).
Check the block list for the specific certificate and remove it if necessary. Be cautious when removing certificates from the block list, as this can have security implications.



Check Certificate Chain:

Ensure that all necessary intermediate certificates are present in the Trust Manager.
Import any missing intermediate certificates to complete the chain.



Adjust Security Policies:

Review the security policies in your SAP system to ensure that they align with the certificates being used.
Adjust the policies if necessary to allow the use of the certificate.



Consult Documentation:

Refer to SAP Notes and documentation related to the specific version of your SAP system for any additional guidance or updates regarding certificate management.



Related Information:

Transaction STRUST: This is the main transaction for managing SSL certificates in SAP.
SAP Notes: Search for relevant SAP Notes that may provide additional context or solutions for the TRUST126 error.
Certificate Authorities: Ensure that you are using a trusted CA for your certificates, and verify their policies regarding certificate issuance and revocation.

If the issue persists after following these steps, consider reaching out to your SAP Basis team or SAP support for further assistance.