on 05-08-2010 2:37 PM
hi,
I am trying to define a HTTP connection to External Server.
When I tried to test my connection I get * HTTPIO_PLG_CANCELED*.
Please help me
Reg.
Reza
Hi Reza,
please check the contents of the icm log for the time you encountered the error as it should give further details.
regards,
Paul
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi p
Here is a part of dev_icm fil:
WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
X.509 cert data will be removed from header [http_plg.c 723]
[Thr 6068] ISC: created 400 MB disk cache.
[Thr 6068] ISC: created 50 MB memory cache.
[Thr 6068] HttpSubHandlerAdd: Added handler HttpCacheHandler(slot=0, flags=12293) for /:0
[Thr 6068] HttpExtractArchive: files from archive D:\usr\sap\EHD\DVEBMGS00\exe/icmadmin.SAR in directory D:/usr/sap/EHD/DVEBMGS00/data/icmanroot are up to date
[Thr 6068] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=1, flags=4101) for /sap/admin:0
[Thr 6068] CsiInit(): Initializing the Content Scan Interface
[Thr 6068] PC with Windows NT (mt,unicode,SAP_CHAR/size_t/void* = 16/64/64)
[Thr 6068] CsiInit(): CSA_LIB = "D:\usr\sap\EHD\DVEBMGS00\exe\sapcsa.dll"
[Thr 6068] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=2, flags=12293) for /:0
[Thr 6068] HttpSubHandlerAdd: Added handler HttpSAPR3Handler(slot=3, flags=1052677) for /:0
[Thr 6068] Started service 8000 for protocol HTTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 6068] Sat May 08 11:27:23 2010
[Thr 6068] *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds [icxxman.c 4606]
[Thr 6068] *** WARNING => IcmNetCheck: 1 possible network problems detected - please check the network/DNS settings [icxxman.c 4662]
[Thr 3808] Sat May 08 11:28:00 2010
[Thr 3808] *** ERROR => IcmConnConnect: No service for protocol HTTPS started [icxxconn.c 2205]
Any idea?
Pleas help me with this
Hi,
Goto TCode SMICM -> Goto->Services and check if the HTTPS service is present ,if not create a new HTTPS service from SMICM-> Goto -> Services -> Define (or Create).
Also, define the parameter icm/server_port_<n> in the instance profile as the service created above in SMICM will only remain until the system is restarted.
If you look into your instance profile, this parameter would have a few variants defined as follows:
icm/server_port_0 = PROT=HTTP, PORT=1080
icm/server_port_1 = PROT=HTTPS, PORT=1443
icm/server_port_2 = PROT=SMTP, PORT=1025
Create the parameter for HTTPS as above.
Hope this helps you.
Regards,
Shitij
Hi,
Service name would be HTTPS. If ur sys nr. is XX, then ur HTTP port no. is usually 8XX0 and the HTTPS port no. is 8XX1. This is in case the system is ABAP only installation. On the other hand, if it is ABAP+JAVA, then ur HTTP port becomes 5<XX>00 and HTTPS becomes 5<XX>01.
Also, remember to set the icm server port parameter for HTTPS.
Can u tell me what is the port no. for HTTP in ur system in SMICM?
Regards,
Shitij
Edited by: Shitij Bagga on May 8, 2010 10:17 PM
Hi,
No problem.
Create the service for HTTPS and give it port no. 8001. Then, from SMICM menu Administration, restart the ICM service.
Then, also set the following parameter in the instance profile:
icm/server_port_1 = PROT=HTTPS,PORT=8001.
The service that you are creating in SMICM will only last till you restart the system. The parameter will automatically create this service the automatically next time you restart the system.
Hope this helps. Do assign me p o i n t s if it does.
Thanks,
Shitij
Hi,
These changes are client independent. So it doesn't matter in which client you make this change.
Can you check your instance profile to see if there is any parameter for SMTP as well, just like you created for HTTPS? Chances are the <x> value in parameters icm/server_port_<x> might have conflicted.
Make sure there is no conflict of these parameters. I mean ensure that these 3 different protocols (HTTP, HTTPS, SMTP) are defined using different profile parameters:
icm/server_port_0 (for HTTP)
icm/server_port_1 (for HTTPS)
icm/server_port_2 (for SMTP)
You can even revert the changes you just made and go back and see the details of SMTP service and then set up these three parameters again. But usually, SMTP service has port no. 1025, but check your profile to see if theres been another setting for it.
I hope by now you've completely understood the role of this very important, yet simple parameter
Regards,
Shitij
Hi Shitij,
I did treid but still I get det same error, and from dev_icm Iget this error.
<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 5132] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 5132] Started service 1025 for protocol SMTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 5132] Sat May 08 22:38:38 2010
[Thr 5132] *** WARNING => IcmNetCheck: NiHostToAddr(www.doesnotexist.qqq.nxst) took 6 seconds [icxxman.c 4586]
[Thr 5132] Sat May 08 22:38:43 2010
[Thr 5132] *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds [icxxman.c 4606]
[Thr 5132] *** WARNING => IcmNetCheck: 2 possible network problems detected - please check the network/DNS settings [icxxman.c 4662]
[Thr 788] Sat May 08 22:39:22 2010
[Thr 788] *** ERROR => IcmConnConnect: No service for protocol HTTPS started [icxxconn.c 2205]
any idea?
Reg.
Reza
Hi,
This error is due to SSL settings being incomplete for HTTPS.
You need to have SAP Cryptographic Library installed on your system. For this, proceed as per the steps in this URL:
http://help.sap.com/saphelp_sm32/helpdata/en/7c/3f443c8c06702ee10000000a11405a/frameset.htm
Under Configuring SNC for Using the SAPCRYPTOLIB on the SAP Web AS, perform the steps:
1. Installing the SAP Cryptographic Library on the SAP Web AS (u need to download sapcryptolib files from service marketplace and place respective files in various folders at OF levl)
2. Setting the Trust Manager Profile Parameters (set parameters in profile and restart the system)
3. Creating the SNC PSE (simply create PSEs with default settings in STRUST transaction)
After this, this error should disappear.
Hi,
I gave u the link in the last step. Giving u detailed steps for SAPCRYPTOLIB installation here. Just download the package from service marketplace and install it as follows:
1. Install the SAPCRYPTOLIB on all application servers into the $DIR_EXECUTABLE directory. The library must not be older than version PL 10. Note 397175 describes the prerequisites for downloading the library. If you are using a 6.10 kernel, copy the license ticket SAPCRYPTOLIB (file "ticket") into the $DIR_INSTANCE/sec directory on all application servers. As of kernel release 6.20, the license ticket is automatically generated at the system start. On all application servers, set the environment variable (at OS level) SECUDIR to the directory $DIR_INSTANCE/sec. If you want to protect the PSEs (key files) with a password, set the environment variable USER on all UNIX systems to the name of the UNIX user under whom the SAP system is running.
2. Set the following profile parameters in the instance profile of all application servers and start the system:
ssf/name = SAPSECULIB
ssf/ssfapi_lib = <Path and file name of the SAPCRYPTOLIB>
sec/libsapsecu = <Path and file name of the SAPCRYPTOLIB>
ssl/ssl_lib = <Path and file name of the SAPCRYPTOLIB>
3. Call transaction STRUST (trust manager) to create the SSL server PSEs.
a) Create the default PSE (serves as a fallback for all instances without their own PSE).
Choose "Create" in the context menu of the "SSL server" node. As far as possible, the trust manager provides the correct entries so that you can then send the certificates to the SAP Trust Center Service for signing. In particular, set the following values:
Name = *.<WebAS domain>
Do not replace the "*" with a host name. The default PSE must also exist even if PSEs are created for all instances.
b) Create individual PSEs for all instances: A list of all active instances is displayed in a second dialog box. The default Distinguished Name (DN) contains the following entry:
CN = <host name>.<WebAS domain>
c) Create certificate requests for all instance PSEs. Expand the "SSL server" node in the tree control, double-click to load the instance PSE into the relevant node and select the "Generate certificate request" function. For the default PSE, you must only create a certificate request if there are instances without their own PSEs.
4. Create the SSL client PSE
5. Restart ICM.
Refer to the previously mentioned URL if you have any doubts. Can also refer to SAP Note # 510007.
Am afraid cannot provide more details on this cryptolib configuration than I already have.
Hi Shitij,
Sorry man but I have still det same problem, When I tried my connection on SM59 I get det same error :
HTTPIO_PLG_CANCELED Message no. SR000
this is from dev_im.
IcmWatchDogThread: watchdog started
[Thr 5860] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
X.509 cert data will be removed from header [http_plg.c 723]
[Thr 5860] ISC: created 400 MB disk cache.
[Thr 5860] ISC: created 50 MB memory cache.
[Thr 5860] HttpSubHandlerAdd: Added handler HttpCacheHandler(slot=0, flags=12293) for /:0
[Thr 5860] HttpExtractArchive: files from archive D:\usr\sap\EHD\DVEBMGS00\exe/icmadmin.SAR in directory D:/usr/sap/EHD/DVEBMGS00/data/icmanroot are up to date
[Thr 5860] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=1, flags=4101) for /sap/admin:0
[Thr 5860] CsiInit(): Initializing the Content Scan Interface
[Thr 5860] PC with Windows NT (mt,unicode,SAP_CHAR/size_t/void* = 16/64/64)
[Thr 5860] CsiInit(): CSA_LIB = "D:\usr\sap\EHD\DVEBMGS00\exe\sapcsa.dll"
[Thr 5860] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=2, flags=12293) for /:0
[Thr 5860] HttpSubHandlerAdd: Added handler HttpSAPR3Handler(slot=3, flags=1052677) for /:0
Reg.
Reza
[Thr 5860] Started service 8000 for protocol HTTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 5860] =================================================
[Thr 5860] = SSL Initialization on PC with Windows NT
[Thr 5860] = (701_REL,Jan 28 2010,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 5860] profile param "ssl/ssl_lib" = "D:\usr\sap\EHD\SYS\exe\uc\NTAMD64\sapcrypto.dll"
resulting Filename = "D:\usr\sap\EHD\SYS\exe\uc\NTAMD64\sapcrypto.dll"
[Thr 5860] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe
[Thr 5860] = current UserID: SAPEHD1\SAPServiceEHD
[Thr 5860] = found SECUDIR environment variable
[Thr 5860] = using SECUDIR=D:\usr\sap\EHD\DVEBMGS00\sec
[Thr 5860] *** ERROR => secudessl_Create_SSL_CTX(): PSE "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse" not found! [ssslsecu.c 1354]
[Thr 5860] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 4129 (0x00001021) = "The PSE does not exist"
[Thr 5860] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 5860] ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
ERROR in ssl_set_pse: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
ERROR in af_open: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
ERROR in secsw_open: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
ERROR in secsw_open_pse_or_extension: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
ERROR in sec_get_PSEtype: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
[Thr 5860] << -
End of Secude-SSL Errorstack -
[Thr 5860] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse" [ssslxxi.c 2278]
[Thr 5860] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 5860] =================================================
[Thr 5860] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 5860] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 5860] Sun May 09 14:45:13 2010
[Thr 5860] *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds [icxxman.c 4606]
[Thr 5860] *** WARNING => IcmNetCheck: 1 possible network problems detected - please check the network/DNS settings [icxxman.c 4662]
[Thr 5660] Sun May 09 14:58:30 2010
[Thr 5660] *** ERROR => IcmConnConnect: No service for protocol HTTPS started [icxxconn.c 2205]
Hi Reza,
As I see the error is:
ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLS.pse"
Basically, it is looking for SAPSSLS.pse file in the path of SECUDIR env. variable that you had set previously.
See whether this file exists or not at this path. Apparently, the file does not exist. In this case, you need to generate this file using sapgenpse program, which you had downloaded in the SAPCRYPTOLIB package. Follow the link below to generate the required link. Ignore any references to TREX on this page and just continue with the steps given. This should generate the .pse file:
http://help.sap.com/saphelp_NW70EHP1/helpdata/en/32/8fc83ea57b7f68e10000000a114084/content.htm
Also, if this still gives problems, would advise you to recheck the steps you have performed earlier for installing the cryptolib.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.