on 09-19-2010 4:54 PM
HI Alle,
I having issues with our SSL connection to the Web dispatcher with SAP Web AS. Below is the error in the log files form dev_webdisp:
Started service 80 for protocol HTTP on host "wdpeht1"(on all adapters) (processing timeout=120, keep_alive_timeout=30)
[Thr 368] =================================================
[Thr 368] = SSL Initialization on PC with Windows NT
[Thr 368] = (701_REL,Jan 28 2010,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 368] profile param "ssl/ssl_lib" = "E:\usr\sap\WDP\W00\sec\sapcrypto.dll"
resulting Filename = "E:\usr\sap\WDP\W00\sec\sapcrypto.dll"
[Thr 368] profile param "ssl/server_pse" = "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
resulting Filename = "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
[Thr 368] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe
[Thr 368] = current UserID: WDPEHT1\SAPServiceWDP
[Thr 368] = found SECUDIR environment variable
[Thr 368] = using SECUDIR=E:\usr\sap\WDP\W00\sec
[Thr 368] * ERROR => secudessl_Create_SSL_CTX(): PSE "E:\usr\sap\WDP\W00\sec\SAPSSL.pse" not found! [ssslsecu.c 1354]
[Thr 368] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 4129 (0x00001021) = "The PSE does not exist"*
[Thr 368] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 368] ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
ERROR in ssl_set_pse: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
ERROR in af_open: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
ERROR in secsw_open: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
ERROR in secsw_open_pse_or_extension: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
ERROR in sec_get_PSEtype: (4129/0x1021) The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
[Thr 368] << -
End of Secude-SSL Errorstack -
[Thr 368] * ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "E:\usr\sap\WDP\W00\sec\SAPSSL.pse" [ssslxxi.c 2278]*
[Thr 368]* ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 368] =================================================
[Thr 368] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR*
[Thr 368] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 2128] IcmCreateWorkerThreads: created worker thread 0
Regards
Hi,
>The PSE does not exist : "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
Does it exist ? If yes, check it !
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Olivier,
Thanks for replay,
The PSE does exist in my SEC "E:\usr\sap\WDP\W00\sec\SAPSSL.pse" .
I did tried Again I get this error. I think I missing som parameter
= SSL Initialization on PC with Windows NT
[Thr 2292] = (701_REL,Jan 28 2010,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)
[Thr 2292] profile param "ssl/ssl_lib" = "E:\usr\sap\WDP\W00\sec\sapcrypto.dll"
resulting Filename = "E:\usr\sap\WDP\W00\sec\sapcrypto.dll"
[Thr 2292] profile param "ssl/server_pse" = "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
resulting Filename = "E:\usr\sap\WDP\W00\sec\SAPSSL.pse"
[Thr 2292] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe
[Thr 2292] = current UserID: WDPEHT1\SAPServiceWDP
[Thr 2292] = found SECUDIR environment variable
[Thr 2292] = using SECUDIR=E:\usr\sap\WDP\W00\sec
[Thr 2292] -*ERROR => secudessl_Create_SSL_CTX(): PSE "E:\usr\sap\WDP\W00\sec\SAPSSL.pse" not found! [ssslsecu.c 1354]
[Thr 2292] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1281 (0x00000501) = "open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned"*-
[Thr 2292] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2292] -*ERROR in SSL_CTX_set_default_pse_by_name: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"*-
-*ERROR in ssl_set_pse: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
ERROR in af_open: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"*-
ERROR in secsw_open: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
ERROR in secsw_open_pse_or_extension: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
ERROR in sec_get_PSEtype: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
ERROR in aux_read_PSEFile: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
ERROR in aux_file2OctetString: (1281/0x0501) open("E:\usr\sap\WDP\W00\sec\SAPSSL.pse") returned : "Permission denied"
[Thr 2292] << -
End of Secude-SSL Errorstack -
[Thr 2292] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "E:\usr\sap\WDP\W00\sec\SAPSSL.pse" [ssslxxi.c 2278]
[Thr 2292] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 2292] =================================================
[Thr 2292] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 2292] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
Her is my profile parameter for https.
h6*#Https parameters for Web dispatcher E:\usr\sap\WDP\W00\sec
#----
#icm/server_port_0 = PROT=HTTPS,PORT=443$$
DIR_INSTANCE = E:\usr\sap\WDP\W00\sec
ssl/ssl_lib = E:\usr\sap\WDP\W00\sec\sapcrypto.dll
ssl/server_pse = E:\usr\sap\WDP\W00\sec\SAPSSL.pse
wdisp/ssl_cred = E:\usr\sap\WDP\W00\sec\SAPSSL.pse
ssf/ssfapi_lib = E:\usr\sap\WDP\W00\sec\sapcrypto.dll
sec/libsapsecu = E:\usr\sap\WDP\W00\sec\sapcrypto.dll
ssf/name = SAPSECULIB
wdisp/ssl_encrypt = 0
icm/server_port_1=PROT=HTTPS, PORT=8400, TIMEOUT=120
###icm/server_port_1=PROT=HTTPS, PORT=44302, TIMEOUT=900 (old)
########icm/server_port_0 = PROT=HTTP,PORT=80, TIMEOUT=120
icm/HTTPS/verify_client=0
wdisp/add_client_protocol_header = true
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/ssl_auth= 0
#........................................
ms/https_port = 8400
wdisp/HTTP/use_pool_for_new_conn=1
wdisp/HTTPS/dest_logon_group = HTTPS
#wdisp/server_info_protocol = https
#wdisp/group_info_protocol = https
#wdisp/url_map_protocol = https
wdisp/ssl_ignore_host_mismatch = fals
icm/HTTPS/forward_ccert_as_header = true
icm/HTTPS/trust_client_with_issuer = CN = SAP CA,*
icm/HTTPS/trust_client_with_subject = CN = sapwebdisp,*h6
Regards
>sapgenpse get_pse -p SAPSSL.pse -x ssipin -r SAPSSL.req "CN=wdpeht1.ssi.ad, OU=ssi, OU=SAP
>I did not set a password on the SAPSSL.pse file.
Sorry, yes you did and the password (pin) is "ssipin".
So did you create the manadatory credentials to open the PSE file ? (sapgenpse seclogin ....) It seems not to me...
check [http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/9a9a6b48c673e8e10000000a42189b/frameset.htm]
Regards,
Olivier
User | Count |
---|---|
84 | |
10 | |
9 | |
8 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.