Diagnostics Agent cannot connect to the Solman using certificate based method - Solman 7.10 SP11/SP12/SP13

After having updated the SAP Solution Manager 7.10 system to SP11/SP12/SP13/SP14 the Diagnostics Agents no longer connect to the Solution Manager, in case the certificate based authenticationis used.
Additionally, in the Agent Administration UI -> Tab “Non-authenticated agents”, the following error is shown:
Registration error
J2EE connection user : CN=SMD_AGT,OU=SAP AGS,O=SAP,C=DE
Authentication method: certificate

Exception during getInitialContext operation. Wrong security
principle/credentials. [Root exception is
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.]
The following picture describes the issue:

  • SAP Solution Manager 7.10 SP11, SP12, SP13 and SP14.
  • SAP Solution Manager Diagnostics

Reproducing the Issue
  1. Enable the SMDAgents authentication via Certificates method
  2. Runs Solution Manager 7.1 SP11, SP12 SP13 or SP14 (eventually after an update from 7.1 SP05 and higher)
  3. Applied NW J2EE patches, like requested in the Solution Manager SAP notes (1953075 or 2020219)
  4. As a consequence, all Diagnostics Agents are now off-line.

A security fix present in the latest patch levels of the NetWeaver Java stack (SP14 patch 3 and above) introduced a disruptive change in the way certificate authentication is performed. This non-backward compatible change prevents Diagnostics Agent to
authenticate when they are using certificates.

http://service.sap.com/sap/support/notes/2013578 (S-User required) for SAP Note 2013578 / OSS Note 2013578