on 04-15-2011 8:28 AM
Hi All,
We have below mentioned land scape.
Portal ---> SAP Web Dispatcher -
> Two Application servers. We are planned to enable SSL at web dispatcher and terminates at webdispatcher. we have added parameters related to SSL, below find the profile parameters.
SAPSYSTEMNAME = WD1
SAPGLOBALHOST = etender
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386
DIR_EXECUTABLE = $(DIR_CT_RUN)
#----
Accesssability of Message Server
#----
rdisp/mshost = srm-clus-app.AAI.AERO
#ms/http_port = 50100
ms/http_port = 8100
ms/https_port = 1443
#----
Configuration for medium scenario
#----
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#----
SAP Web Dispatcher Ports
#----
icm/server_port_0 = PROT=HTTP,PORT=8100, TIMEOUT=600,PROCTIMEOUT=600
#icm/server_port_0 = PROT=HTTP,PORT=1080,TIMEOUT=30,PROCTIMEOUT=600
#wdisp/enable_sap_hostid = TRUE
wdisp/HTTP/esid_support=1
#wdisp/HTTP/jsessionid_tab_support=1
is/HTTP/default_root_hdl=abap
rdisp/TRACE = 3
DIR_INSTANCE = E:\SAP\SAPWebDisp
icm/server_port_1 = PROT=HTTPS, PORT=8200, TIMEOUT=600,PROCTIMEOUT=600
icm/HTTPS/verify_client = 0
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
ssl/ssl_lib = E:\SAP\SAPWebDisp\sapcrypto.dll
ssl/server_pse = E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
After that we have restarted web dispatcher. In Portal in the system configuration --> system property we have changed the propeties to https and the https port to 1443 for ITS and Web AS. When tested the connection tests its throwing test failed with following message.
An HTTP/S connection to https://etender.aai.aero:1443/sap/bc/gui/sap/its/webgui/ was not obtained successfully; this might be due to a closed port on the Firewall.
Then i went on to check wether the port 1443 is open or not . With telnet the port is not opened.
Please help me to enable SSL in web dispatcher.
Thanks & Regards,
Sreekanth
Hi,
After giving ntfs permission to the pse and creating cred_v2 everything is working fine.
Thanks,
Sreekanth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Oliver,
When i checked trace file i found the below error.
[Thr 3660] = found SECUDIR environment variable
[Thr 3660] = using SECUDIR=E:\SAP\SAPWebDisp\sec
[Thr 3660] *** ERROR => secudessl_Create_SSL_CTX(): PSE "E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse" not found! [ssslsecu.c 1354]
[Thr 3660] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1281 (0x00000501) = "open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned"
[Thr 3660] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 3660] ERROR in SSL_CTX_set_default_pse_by_name: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in ssl_set_pse: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in af_open: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in secsw_open: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in secsw_open_pse_or_extension: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in sec_get_PSEtype: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in aux_read_PSEFile: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
ERROR in aux_file2OctetString: (1281/0x0501) open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
[Thr 3660] << -
End of Secude-SSL Errorstack -
[Thr 3660] SapISSLDeleteCTX(): deleting SSL_CTX (cred "<NULL>",refcount=0)
[Thr 3660] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse" [ssslxxi.c 2278]
[Thr 876] NiSelISelectInt: 0 handles selected (0 buffered)
[Thr 876] SiSelNSelect: start select (timeout=100)
[Thr 3660] unload shared library (E:\SAP\SAPWebDisp\sapcrypto.dll), hdl 1
[Thr 3660] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 3660] =================================================
[Thr 3660] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 3660] NiHsLGetNodeAddr: found hostname 'etender.AAI.AERO' in cache
[Thr 3660] NiIGetNodeAddr: hostname 'etender.AAI.AERO' = addr 172.16.7.214
[Thr 3660] ->> SapSSLErrorName(rc=-40)
[Thr 3660] <<- SapSSLErrorName()==SSSLERR_PSE_ERROR
[Thr 3660] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 3660] NiWakeupExec: send wakeup signal to 64997 (sock 33036)
[Thr 3660] SemCleanupThr: DeAllocation of TLS (TlsGetValue) failed (rc=0)
[Thr 876] SiSelNNext: sock 33044 selected (revt=r--)
[Thr 876] NiSelIListInsert: add hdl 1 [1] to sel-list (0) of set0
[Thr 876] NiSelISelectInt: 1 handles selected (0 buffered)
But the pse is exist in the same folder and i have given the credentials for the PSE also with sapgenpse seclogin command.
And we dont have any fire wall between web dispatcher and SRM.
Please help me in this,
Thanks & Regards,
Sreekanth
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi again,
open("E:\SAP\SAPWebDisp\sec\etender.aai.aero.pse") returned : "Permission denied"
It seems that the windows user running the web dispatcher does not have the rights to read the PSE file.
Check the windows NTFS rights for the PSE file.
If it is not that, double check the credentials.
Regards,
Olivier
Hi,
Check the web dispatcher trace file.
Use the web dispatcher administration web pages.
Check if you used the right port for the message server from your SRM server.
If there is a firewall between the web dispatcher and the SRM servers, then open the ports (8100, 1443 and the SRM ICM ports).
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.