Hi,

thanks for your answers.

The Parameters are set to the following:

icm/HTTPS/verify_client = 1

icm/server_port_1 PROT=HTTPS, PORT=443,TIMEOUT=900

I checked another SAP System and it has the same settings. But there I don't get the popup for the certificate.

If I understand the Parameter icm/HTTPS/verify_client = 1 right, it is possible to log on with a client certificate. But if you don't have one you can logon with the default settings. Where can I set the default settings? Is this point logon procedure in the TA: SICF under the logon data off the service?`

Best regards,

Tim

> Where can I set the default settings? Is this point logon procedure in the TA: SICF under the logon data off the service?`

Yes, please check that as well!

Note that unlike SM59, the SICF logon data is a hierarchy with inheritance to sub-nodes unless these have their own settings. It could be that no entries are made for the service, and a hiigher node on the virtual host is pointing into nirvana.

Sounds reasonable.

Cheers,

Julius

I checked all nodes above the service I try to logon. All nodes are set to the standard log in procedure.

Maybe I forgott any parameter in the proxy coniguration.

a little summary of the settings:

ProxyPreserveHost On

SSLEngine on

SSLCertificateKeyFile ...

SSLCertificateFile..

RewriteEngine On

Rewrite Rules....

ProxyRequests Off

ProxyPassReverse....

Do I need the syntax SLProxyEngine on? Is there any missing syntax for my scenario?

BR

Tim

Edited by: Tim Kannegießer on Nov 4, 2009 2:27 PM

<snip>

Edited by: Julius Bussche on Nov 4, 2009 2:48 PM

Tim,

Could you please reformat your last message in order for us to be able to read it ?

You may have to split it in 2 messages because the forum software is broken...

Regards,

Olivier

of course sorry.

[Thr 1048] Wed Nov 04 14:25:36 2009

[Thr 1048] NiSelISelectInt: 0 handles selected (0 buffered)

[Thr 1048] IcmCheckForBlockedThreads: check for blocked SSL-threads

[Thr 1048] IcmWatchDogThread: check ni handles (timeout=10000)

[Thr 1048] SiSelNFCSelect: start select (timeout=10000)

[Thr 2940] Wed Nov 04 14:25:42 2009

[Thr 2940] SiSelNSelect: of 1 sockets 0 selected

[Thr 2940] IcmProxyWatchDog: check sockets (timeout=10000)

[Thr 2940] SiSelNSelect: start select (timeout=10000)

[Thr 1048] Wed Nov 04 14:25:46 2009

[Thr 1048] NiSelISelectInt: 0 handles selected (0 buffered)

[Thr 1048] IcmQueueAppend: queuelen: 1

[Thr 1048] IcmCreateRequest: Appended request 326

[Thr 1048] IcmWatchDogThread: check ni handles (timeout=10000)

[Thr 1048] SiSelNFCSelect: start select (timeout=10000)

[Thr 3876] IcmWorkerThread: worker 7 got the semaphore

[Thr 3876] REQUEST:

Type: SCHEDULER Index = 325

[Thr 3876] IcmGetSchedule: found slot 0

[Thr 3876] IcmAlReportData: Reporting data to CCMS Alerting Infrastruct

[Thr 3876] NiIGetServNo: servicename '8000' = port 1F.40/8000

[Thr 3876] IcmConnCheckStoredClientConn: check for client conn timeout

[Thr 3876] IcmConnCheckStoredClientConn: next client timeout check in 6

[Thr 3876] NiIGetServNo: servicename '8000' = port 1F.40/8000

[Thr 3876] IcmGetServicePtr: new serv_ref_count: 2

PlugInHandleAdmMessage: request received:

PlugInHandleAdmMessage: opcode: 136, len: 528, dest_type: 2, subh

HttpSubHandlerCall: Call Handler: HttpCacheHandler, task=4, heade

HttpCacheHandler: 4 0 0000000000969AB0 0000000000000000

SCACHE: adm request received:

SCACHE: opcode: 136, len: 528, dest_type: 2, dest:

MTX_LOCK 3038 0000000001591630

MTX_UNLOCK 3051 0000000001591630

IctCmGetCacheInfo#428 -> 0

IcmNetBufWrapBuf: allocated netbuf: 0000000001563650, blocks used

IcmNetBufWrapBuf: allocated netbuf: 0000000001563650

IcmNetBufFree: free netbuf: 0000000001563650 out of 1 used

IcmConnFreeContext: context 3 released

IcmServDecrRefCount: mydomain.de:8000 - serv_ref_count

IcmGetSchedule: next schedule in 30 secs

IcmWorkerThread: Thread 7: Waiting for event

Wed Nov 04 14:25:52 2009

SiSelNSelect: of 1 sockets 0 selected

IcmProxyWatchDog: check sockets (timeout=10000)

SiSelNSelect: start select (timeout=10000)

Edited by: Tim Kannegießer on Nov 4, 2009 2:33 PM

Hi,

I changed the paramter icm/HTTPS/verify_client to 0. Now the popup don't appear. But the connection via proxy work not yet.

Best regards,

Tim

Tim,

I think that the problem may be in your Apache configuration file.

Did you increase the ICM trace level during a test ?

You should also set these Apache directives to debug.

RewriteLog /var/log/apache2/rewrite.log

RewriteLogLevel 9

Regards,

Olivier

Hi,

I checked the firewall again with the network guys. And now we solved the basic communication problem.

But now I get the following error:

[client XXX] SSL library error 1 in handshake (server sapserver:443)

[Thu Nov 05 08:47:33 2009] [info] SSL Library Error: 336151574 error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown

[Thu Nov 05 08:47:33 2009] [info] [client XXX] Connection closed to child 63 with abortive shutdown (server sapserver:443)

Do I have to implement the certificate from the SAP System in the Apache? If yes how can I do this? It seems that the apache don't trust this certificate.

BR

Tim