Hi Prakasu,

No..I have not done either of the three.

What RFC destination should I create (G type)?

What should I do in TCODE lpconfig ?

Did you gave the roles and permissions to key store view?

I am able to view the Keystore in the visual admin. I am also able to verify that the https is working with the CA that I had used.

The error is thrown by the receiver RNIF adapter. The error message is from the RWB (Adapter engine).

Problem not resolved yet. Any inputs?

Thanks

Karthik

Hi,

1. Create a RFC destination G type with your xi system host and port(java) with path /wssproc/ssl?style=document.

2.Assign the RFC using lpconfig t.code .

proxy class:CO_WSSEWSSPROCESSOR_VI_DOCUMEN

Logical port:Basic

In call parameter add the RFC destination.Save the settings and activate it.

After that try.

Regards,

Prakasu.M

Hi Prakasu,

I did everything as per your instructions, but it didn't solve the problem. I'm still getting the same error in the Adapter engine RWB.

The keystore service_ssl has not been initialized(loaded) -

RemoteException in Method: getLocalJ2EEKeyStore(). The JNDI Look-Up for the Keystore failed.

Message processing caused failure . -

BTD handler indicated processing error

Exception caught by adapter framework: null

Any other ideas?

Thanks

Karthik

Hi,

did you added your https java port in rz10 parameter?

Regards,

Prakasu.M

I think I messed up something here.

In Visual Admin --> Cluster --> Server --> SSL Provider --> under Runtime pane --> Dispatcher --> Configuration

I do not see any hosts/ports under Active sockets. I remember I used to have 2 rows in there. I'm not sure if I broke something here.

I stopped both the SSL provider and Key storage services and restarted Key storage first and then SSL provider, but still I do not see any listing in the configuration pane.

How do I get this working?

Prakasu - yes we do maintain https port in rz10. Should the port number match some port number from somewhere else? Meaning in rz10 we have 8080 as https port. Should 8080 match anything else?

Thanks

Karthik

hi,

8080 is a ABAP stack https port.For java stack you need to configure if your instance is 00 then,

50001(https port) like.After that in the ssl_provider select the active sockets,select the 50001 and add the ssl certificate in server creadentials .

In the service select ssl and give always.This is specific settings need to be done for SSL enabling in Java stack.

Regards,

Prakasu.M

Prakasu,

Sorry to bug you again. I'm missing something here.

1. I need to maintain https parameter in rz10. I have a parameter

icm/server_port_1 = PROT=HTTPS,PORT=8080,HOST=sapxid.abc.com,TIMEOUT=30,PROCTIMEOUT=3000

Is there any other parameter I need to maintain in rz10.

2. "For java stack you need to configure if your instance is 00 then,50001(https port) like" - how do I do this? Is this done in rz10? If so what is the parameter name?

3. Currently, I do not see any sockets in SSL_Provider. The configuration pane is empty with Active sockets and New sockets radio buttons. There used to be 2 rows here..but its gone now..maybe I changed something else and that caused this to go off.

Please reply.

Thanks

Karthik

Hi,

Check the link..

[http://www.i-barile.it/SDN/EnablingSSL&ClientCertificatesOnTheSAPJ2EEEngine.pdf]

This pdf for client certificate authentication using ssl.It will covers the ssl enabling also.

You must enable ssl port for java. Parameter is

Like,

icm/HTTP/j2ee_0 = PREFIX=/, CONN=0-10, PORT=50000,SPORT=50003, SSLENC=1,TYPE=1

Sport is the HTTPS port parameter.

Check the below link for more details...

[http://help.sap.com/saphelp_nw70/helpdata/EN/20/d0f83b4a91ce5ce10000000a11402f/content.htm]

Regards,

Prakasu.M

ta

Thaat was some very useful information Prakasu. But it still didn't solve the problem. I set the parameter in rz10.

Still getting the same error. Its saying keystore not accessible while look up.

RemoteException in Method: getLocalJ2EEKeyStore(). The JNDI Look-Up for the Keystore failed.

Any other thoughts??

Thanks

Karthik

This is the error I'm getting in Adapter monitoring -

Security Settings > Current certificate configured for signing:

ERROR: Keystore 'service_ssl' is not available in J2EE engine

Security Settings > Partner certificate configured for signing:

ERROR: Keystore 'service_ssl' is not available in J2EE engine

I'm able to choose the keystore in the communication channel. For some reason, J2EE engine is not able to view the key stores.

Any suggestions??

Thanks

Karthik

I've made some headway. I typed in the value DEFAULT for keystore view and used my private key.

I have another issue now. On Adapter Monitoring I get the following error

ERROR: XIAFUSER user is not configured for keystore 'DEFAULT'

How do I configure user XIAFUSER to keystore 'DEFAULT'?

Thanks

Karthik

Hi,

You need to assign the role for that.Do the following.

security provider--keystore.default--securityroles--in users add xiafuser,xiappluser
 security provider--sap.com/tc~sec~wssec~app*wssprocess.jar--securityroles--in users add  
 xiafuser,xiappluser

Regards,

Prakasu.M

Thanks Prakasu. I found documentation for those steps..and was able to solve the problem.

Appreciate your help.

Karthik

Hi Karthik,

You have mentioned that you have found documentation for those steps and resolved the issue.

Could you please provide me with the documentation.Even i am facing with similar error.

Please help

Thanks

Padmaja