cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS Configuration error.

former_member182205
Participant

on ‎06-17-2010 1:52 PM

0 Kudos

Hi,

for configuring https in ABAP stack of portal, i have added some profile parameters in RZ10 transaction, and in one of the profile parameter icm/server_port_2 I have given this value PROT=HTTPS,PORT=443,TIMEOUT=180 . I have restarted the portal server

Than i went to the transaction SMICM --> Goto --> Services. And when I select HTTPS and click on Service --> Activate, it is giving the following error:

Operation failed (rc=1)

Message no. ICM006

than I went back to rz10 and change the port value from 443 to 50001 and again restarted the portal server and again went to the transaction SMICM --> Goto --> Services. And when I select HTTPS and click on Service --> Activate, it still giving the following error:

Operation failed (rc=1)

Message no. ICM006

What could be the problem

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (5)

Answers (5)

Former Member
‎06-23-2010 8:07 AM
0 Kudos

you can restart the ICM, smicm->administration->Exit Soft and then try to activate the port. if same problem then try to change the port number and see if its working for other port numbers.

Remember if you do any changes you need to restart ICM.

Thx

Show replies
Show replies
former_member182205
Participant
‎06-23-2010 9:34 AM
0 Kudos

Hi Shazad,

I have changed the port from 50001 to 443 in the profile parameter in RZ10. I have restarted the server also.

Now when i try to activate https in SMICM transaction its giving error and when i go to trace file and checked its showing this error:

[Thr 1080281408] *** ERROR => NiIBindSocket: SiBind failed for hdl 8 / sock 24

(SI_EADDR_NAVAIL/13; I4; ST; 0.0.0.0:443) [nixxi.cpp 3227]

[Thr 1080281408] *** ERROR => IcmBindService: You might not have the permissions to bind the service: epds.spm.com

[Thr 1080281408] *** ERROR => IcmBindService: NiBuf2Listen failed for host epds.spm.com:443 (rc=-16): NIEMYHOST

[Thr 1080281408] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 443, 2(rc=-1) [icxxmsg_mt.c 1872]

what could be the possible reason, what permission is missing..

former_member182205
Participant
‎06-23-2010 10:39 AM
0 Kudos

Hi Shazad

I have changed the https port to 8001 in the profile parameter in RZ10 transaction that is now my profile parameter looks like :

icm/server_port_2 PROT=HTTPS,PORT=8001,TIMEOUT=180

I have restarted the server and try to activate https service in SMICM transaction. This time I got success, HTTPS service got activated, i tried to access default BSP page (https://xyz.mycompany.com:8001/sap/bc/bsp/sap/it00/default.htm) to check whether HTTPS is activated properly or not and that page is coming up properly thats shows https service is activated properly in my ABAP stack of portal. Issue was port, i think 8001 port is by default https port in WAS ABAP.

But my problem is. I am configuring ADS into my portal. MY portal is dual stack thats is java+ ABAP installed on same machine.

MY ADS is installed on java stack. I have created RFC destination in SM59 in abap stack of portal.

my https port for java stack is 50001 that is we are accessing portal with the url: https://xyz.compzny.com:50001/irj/portal

xyz = my portal host name.

but in ABAP stack of portal i have configured https with 8001 port. now in SM59 transaction i have created a rfc destination with name ADS under HTTP Connection to External Server node and in that destination when i go to Logon& Security TAB and change SSL to Active and put SSL client certificate to anonymous or default and in Technical Settings TAB when i put port as 50001 (we have to put port of the java stack as ADS in installed on java stack) and save it and test it its giving me error

ICM_HTTP_SSL_ERROR

Message no. SR000

Why I am getting this error ??

Also when i change the port to 50000 in Technical Settings TAB and make SSL inactive in Logon& Security TAB in SM59 transaction and test the connection its coming proper, no error, testing is successful. So why I am not getting success in testing for 50001 port and SSL. please let me know.

50000 is my portal HTTP port

50001 is my portal HTTPS port

8000 is my HTTP port of ABAP stack of portal

8001 is my HTTPs port of ABAP stack of portal

Former Member
‎06-23-2010 11:27 AM
0 Kudos

So HTTPs for ABAP is working fine for you and I think its better if you raise new question with regarding to https prob with Java and ADS.

For Ref:

Thanks

former_member182205
Participant
‎06-23-2010 7:17 AM
0 Kudos

Its not answered still

Show replies
Show replies
Former Member
‎06-18-2010 5:20 AM
0 Kudos

Hi Rahul,

Please verify whether you have followed the complete steps for HTTPS configuration in this order:

1. Installing the SAP Cryptographic Library on the AS ABAP

http://help.sap.com/saphelp_nw70/helpdata/en/96/709b3ad94e8a3de10000000a11402f/content.htm

2. Setting the Profile Parameters for Using SSL

http://help.sap.com/saphelp_nw70/helpdata/en/85/46453c3ff4110ee10000000a11405a/content.htm

3. Creating the SSL Server PSE

http://help.sap.com/saphelp_nw70/helpdata/en/20/37c33ae8361838e10000000a11402f/content.htm

And finally, you can test the configuration:

http://help.sap.com/saphelp_nw70/helpdata/en/2f/18453caff4f703e10000000a114084/content.htm

Regards,

Shitij

Show replies
Show replies
former_member182205
Participant
‎06-23-2010 6:29 AM
0 Kudos

Hi Shitij,

As per your suggestion I have followed step 1 and step 2 out of 4 steps(links) you have asked me to check.

After completing step 2 when we go to SMICM transaction and try to

activate the https, its giving the error "Operation failed (rc=1)

Message no. ICM006".

We have added the following profile parameter in transaction rz10

DIR_INSTANCE = /usr/sap/EPD/DVEBMGS00

icm/server_port_2 = PROT=HTTPS,PORT=50001,TIMEOUT=180

sec/dsakeylengthdefault = 1024

ssf/ssfapi_lib = /usr/sap/EPD/SYS/exe/run/linux-x86_64-

glibc2.3/libsapcrypto.so

sec/libsapsecu = /usr/sap/EPD/SYS/exe/run/linux-x86_64-

glibc2.3/libsapcrypto.so

ssl/ssl_lib = /usr/sap/EPD/SYS/exe/run/linux-x86_64-

glibc2.3/libsapcrypto.so

ssf/name = SAPSECULIB

we have installed sapcryptography file from sap service market place,

and the file name is 90000115.CAR. we have uncar that file and copied

libsapcrypto.so in the path /usr/sap/EPD/SYS/exe/run/linux-x86_64-

glibc2.3/libsapcrypto.so

we have restared the server also.

after doing all this when we go to SMICM transactiuon and try to

activate the https, its giving the error "Operation failed (rc=1)

Message no. ICM006".

please suggest what is the error now ? We have installed out portal server on linux machine.

former_member182205
Participant
‎06-23-2010 7:13 AM
0 Kudos

Hi Shitij,

I went to STRUST transaction and i have created the node that is in transaction STRUST I have selected the System PSE node and click on create and a sub node with green color indication is created.

like wise I have clicked on create button on all the nodes available in the left pane in transaction STRUST, and in all the Nodes a sub node with green color indication is created.

and than I went to transaction SMICM and try to activate https service, its still giving error Operation failed (rc=1)

Message no. ICM006

I have seen the trace fiel also, and this is the trace file output.

[Thr 1099946304] Wed Jun 23 11:04:45 2010

[Thr 1099946304] =================================================

[Thr 1099946304] = SSL Initialization on AMD/Intel x86_64 with Linux

[Thr 1099946304] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

[Thr 1099946304] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

resulting Filename = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

[Thr 1099946304] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe

[Thr 1099946304] = current UserID: "epdadm", env-var USER="epdadm"

[Thr 1099946304] = using SECUDIR=/usr/sap/EPD/DVEBMGS00/sec

[Thr 1099946304] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" not found! [ssslsecu_m

[Thr 1099946304] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed

secude_error 4129 (0x00001021) = "The PSE does not exist"

[Thr 1099946304] >> Begin of Secude-SSL Errorstack >>

[Thr 1099946304] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" not found! [ssslsecu_m

[Thr 1099946304] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed

secude_error 4129 (0x00001021) = "The PSE does not exist"

[Thr 1099946304] >> Begin of Secude-SSL Errorstack >>

[Thr 1099946304] ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SA

ERROR in ssl_set_pse: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

ERROR in af_open: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

ERROR in secsw_open: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

ERROR in secsw_open_pse_or_extension: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

ERROR in sec_get_PSEtype: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

[Thr 1099946304] << End of Secude-SSL Errorstack

[Thr 1099946304] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential

for "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" [ssslxxi_mt.c 2278]

[Thr 1099946304] *** ERROR => Initialization of SSL library failed NO SSL available!

[Thr 1099946304] =================================================

[Thr 1099946304] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR

[Thr 1099946304] *** ERROR => IcmIActivateService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 737]

[Thr 1099946304] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 50001, 2(rc=-14) [icxxmsg_mt.c 1872]

[Thr 1099417920] Wed Jun 23 11:12:22 2010

[Thr 1099417920] =================================================

[Thr 1099417920] = SSL Initialization on AMD/Intel x86_64 with Linux

[Thr 1099417920] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

[Thr 1099417920] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

resulting Filename = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

[Thr 1099417920] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe

[Thr 1099417920] = current UserID: "epdadm", env-var USER="epdadm"

[Thr 1099417920] = using SECUDIR=/usr/sap/EPD/DVEBMGS00/sec

[Thr 1099417920] = Success SapCryptoLib SSL ready!

[Thr 1099417920] =================================================

[Thr 1099417920] *** ERROR => NiIBindSocket: SiBind failed for hdl 7 / sock 24

(SI_EPORT_INUSE/98; I4; ST; 0.0.0.0:50001) [nixxi.cpp 3227]

[Thr 1099417920] *** ERROR => IcmBindService: NiBuf2Listen failed for host epdsrv.spmcil.com:50001 (rc=-4): NIESERV_USED [icxxse

[Thr 1099417920] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 50001, 2(rc=-1) [icxxmsg_mt.c 1872]

Former Member
‎06-17-2010 4:34 PM
0 Kudos

Rahul-

We need to activate the service in Tcode- SICF.

Thanks,

George Rayi

Show replies
Show replies
Former Member
‎06-17-2010 4:29 PM
0 Kudos

For configuring HTTPs follow the below steps:

1. Download the SAP Cryptographic file from service market place.

2. extract it and copy it to your kernel dir (/sapmnt/SID/exe)

3. set the following parameter in RZ10

icm/HTTPS/verify_client 1

ssf/name SAPSECULIB

sec/libsapsecu /sapmnt/SID/exe/libsapcrypto.so

ssf/ssfapi_lib /sapmnt/SID/exe/libsapcrypto.so

ssl/ssl_lib /sapmnt/SID/exe/libsapcrypto.so

icm/server_port_1 PROT=HTTPS,PORT=8200,TIMEOUT=900

4. Restart the server and then go to smicm and activate the port.

For information on parameter you can check in market place.

Thanks

Shaz

Show replies
Show replies
former_member182205
Participant
‎06-18-2010 10:45 AM
0 Kudos

Hi Shazad,

I have added the following parameters in RZ10 transaction: my portal server is installed on linux machine

DIR_EXECUTABLE ........................................... $(DIR_INSTANCE)/exe

DIR_INSTANCE............................................... /usr/sap/EPD/DVEBMGS00

icm/server_port_2............................................. PROT=HTTPS,PORT=443,TIMEOUT=180

sec/dsakeylengthdefault.....................................1024

sec/libsapsecu..................................................../usr/sap/EPD/SYS/exe/uc/linuxx86_64/linux-x86_64-glibc2.3/sapcrypto.lst

ssf/ssfapi_lib....................................................../usr/sap/EPD/SYS/exe/uc/linuxx86_64/linux-x86_64-glibc2.3/sapcrypto.lst

ssl/ssl_lib.........................................................../usr/sap/EPD/SYS/exe/uc/linuxx86_64/linux-x86_64-glibc2.3/sapcrypto.lst

ssf/name............................................................SAPSECULIB

Are the above parameters correct ??

My basis person telling that he has already set the environment variable for $(DIR_INSTANCE properly thats.

Also when i went to trace file under SMICM i am getting the following error:

[Thr 1129797952] =================================================

[Thr 1129797952] = SSL Initialization on AMD/Intel x86_64 with Linux

[Thr 1129797952] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void = 16/*

[Thr 1129797952] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/uc/linux

resulting Filename = "/usr/sap/EPD/SYS/exe/uc/linuxx86_64/linux-x86_

*[Thr 1129797952] *** ERROR => DlLoadLib: dlopen()= /usr/sap/EPD/SYS/exe/uc/linu*

*[Thr 1129797952] *** ERROR => secudessl_LoadLibrary(): Unable to load "/usr/sap*

*[Thr 1129797952] *** ERROR => Loading of SSL library failed NO SSL available*

[Thr 1129797952] =================================================

[Thr 1129797952] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_LIB_NOT_FOUND

*[Thr 1129797952] *** ERROR => IcmAddService: SapSSLInit (rc=-1): SSSLERR_LIB_NO*

[Thr 1129797952] IcmNetCheck: network check passed without detecting problems

[Thr 47913668427856] Thu Jun 17 17:34:23 2010

[Thr 47913668427856] HttpSAPR3SetParam: switch j2ee http port from to: 50000

[Thr 47913668427856] HttpSAPR3SetParam: switch j2ee https port from to: 50001

[Thr 47913668427856] Thu Jun 17 17:34:56 2010

[Thr 47913668427856] HttpSAPR3SetParam: Switched j2ee status to: 1

[Thr 1108818240] Thu Jun 17 17:35:29 2010

[Thr 1108818240] =================================================

[Thr 1108818240] = SSL Initialization on AMD/Intel x86_64 with Linux

[Thr 1108818240] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void = 16/*

[Thr 1108818240] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/uc/linux

resulting Filename = "/usr/sap/EPD/SYS/exe/uc/linuxx86_64/linux-x86_

*[Thr 1108818240] *** ERROR => DlLoadLib: dlopen()= /usr/sap/EPD/SYS/exe/uc/linu*

*[Thr 1108818240] *** ERROR => secudessl_LoadLibrary(): Unable to load "/usr/sap*

*[Thr 1108818240] *** ERROR => Loading of SSL library failed NO SSL available*

[Thr 1108818240] =================================================

[Thr 1108818240] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_LIB_NOT_FOUND

*[Thr 1108818240] *** ERROR => IcmIActivateService: SapSSLInit (rc=-1): SSSLERR_*

*[Thr 1108818240] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed fo*

[Thr 1104591168] Thu Jun 17 17:36:06 2010

[Thr 1104591168] =================================================

Former Member
‎06-18-2010 4:05 PM
0 Kudos

Hi Rahul,

ERROR => Loading of SSL library failed NO SSL available

As I said, please verify that all steps in the links I provided to you are completed.

This error also tells you that the SSL configuration is not properly done.

Regards,

Shitij

Ask a Question