on 05-14-2009 1:13 AM
Hello Experts,
I'm running into a weird error which reads -
The keystore service_ssl has not been initialized(loaded) -
I followed all instructions to create a Key value pair and have placed it under service_ssl view in Key Storage under Cluster in Visual Admin.
I checked accessing the https url for XI server to test if the CA was working fine and that worked fine.
I'm trying to do a File to RNIF scenario (for testing RNIF adapter)..and running into this issue.
Have anybody come across this error? How do I activate Key storage view?
Thanks in advance.
Karthik
Hi,
Did you created a RFC deatination with G type?
Did you activated the RFC destination in lpconfig Transaction code?
Did you gave the roles and permissions to key store view?
Regards,
Prakasu.M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Prakasu,
No..I have not done either of the three.
What RFC destination should I create (G type)?
What should I do in TCODE lpconfig ?
Did you gave the roles and permissions to key store view?
I am able to view the Keystore in the visual admin. I am also able to verify that the https is working with the CA that I had used.
The error is thrown by the receiver RNIF adapter. The error message is from the RWB (Adapter engine).
Problem not resolved yet. Any inputs?
Thanks
Karthik
Hi,
1. Create a RFC destination G type with your xi system host and port(java) with path /wssproc/ssl?style=document.
2.Assign the RFC using lpconfig t.code .
proxy class:CO_WSSEWSSPROCESSOR_VI_DOCUMEN
Logical port:Basic
In call parameter add the RFC destination.Save the settings and activate it.
After that try.
Regards,
Prakasu.M
Hi Prakasu,
I did everything as per your instructions, but it didn't solve the problem. I'm still getting the same error in the Adapter engine RWB.
The keystore service_ssl has not been initialized(loaded) -
RemoteException in Method: getLocalJ2EEKeyStore(). The JNDI Look-Up for the Keystore failed.
Message processing caused failure . -
BTD handler indicated processing error
Exception caught by adapter framework: null
Any other ideas?
Thanks
Karthik
I think I messed up something here.
In Visual Admin --> Cluster --> Server --> SSL Provider --> under Runtime pane --> Dispatcher --> Configuration
I do not see any hosts/ports under Active sockets. I remember I used to have 2 rows in there. I'm not sure if I broke something here.
I stopped both the SSL provider and Key storage services and restarted Key storage first and then SSL provider, but still I do not see any listing in the configuration pane.
How do I get this working?
Prakasu - yes we do maintain https port in rz10. Should the port number match some port number from somewhere else? Meaning in rz10 we have 8080 as https port. Should 8080 match anything else?
Thanks
Karthik
hi,
8080 is a ABAP stack https port.For java stack you need to configure if your instance is 00 then,
50001(https port) like.After that in the ssl_provider select the active sockets,select the 50001 and add the ssl certificate in server creadentials .
In the service select ssl and give always.This is specific settings need to be done for SSL enabling in Java stack.
Regards,
Prakasu.M
Prakasu,
Sorry to bug you again. I'm missing something here.
1. I need to maintain https parameter in rz10. I have a parameter
icm/server_port_1 = PROT=HTTPS,PORT=8080,HOST=sapxid.abc.com,TIMEOUT=30,PROCTIMEOUT=3000
Is there any other parameter I need to maintain in rz10.
2. "For java stack you need to configure if your instance is 00 then,50001(https port) like" - how do I do this? Is this done in rz10? If so what is the parameter name?
3. Currently, I do not see any sockets in SSL_Provider. The configuration pane is empty with Active sockets and New sockets radio buttons. There used to be 2 rows here..but its gone now..maybe I changed something else and that caused this to go off.
Please reply.
Thanks
Karthik
Hi,
Check the link..
[http://www.i-barile.it/SDN/EnablingSSL&ClientCertificatesOnTheSAPJ2EEEngine.pdf]
This pdf for client certificate authentication using ssl.It will covers the ssl enabling also.
You must enable ssl port for java. Parameter is
Like,
icm/HTTP/j2ee_0 = PREFIX=/, CONN=0-10, PORT=50000,SPORT=50003, SSLENC=1,TYPE=1
Sport is the HTTPS port parameter.
Check the below link for more details...
[http://help.sap.com/saphelp_nw70/helpdata/EN/20/d0f83b4a91ce5ce10000000a11402f/content.htm]
Regards,
Prakasu.M
ta
Thaat was some very useful information Prakasu. But it still didn't solve the problem. I set the parameter in rz10.
Still getting the same error. Its saying keystore not accessible while look up.
RemoteException in Method: getLocalJ2EEKeyStore(). The JNDI Look-Up for the Keystore failed.
Any other thoughts??
Thanks
Karthik
This is the error I'm getting in Adapter monitoring -
Security Settings > Current certificate configured for signing:
ERROR: Keystore 'service_ssl' is not available in J2EE engine
Security Settings > Partner certificate configured for signing:
ERROR: Keystore 'service_ssl' is not available in J2EE engine
I'm able to choose the keystore in the communication channel. For some reason, J2EE engine is not able to view the key stores.
Any suggestions??
Thanks
Karthik
I've made some headway. I typed in the value DEFAULT for keystore view and used my private key.
I have another issue now. On Adapter Monitoring I get the following error
ERROR: XIAFUSER user is not configured for keystore 'DEFAULT'
How do I configure user XIAFUSER to keystore 'DEFAULT'?
Thanks
Karthik
Hi Karthik,
Have you checked out this link
http://help.sap.com/saphelp_nw04s/helpdata/en/3f/c890769c874b41b086e22aa553c565/frameset.htm
also
/message/247547#247547 [original link is broken]
/message/808903#808903 [original link is broken]
Please check if it helps
Best Regards
Edited by: Prakash Bhatia on May 14, 2009 5:09 AM
Edited by: Prakash Bhatia on May 14, 2009 5:10 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.