on 10-08-2012 2:01 PM
Dear Experts,
Basically my scenario communicate from Web service(online payments) to SAP ISU, sender side using SOAP adapter and receiver side using proxy(XI receiver adapter addressing type is HTTP destination).The interface working very fine at production system. Now we are implementing for SSL sap pi.
All interfaces communicate like PROXY to SOAP (SYN/ASYN communications) and SOAP to PROXY communications (for online payment).
Network team provide certification key that key we are deploy on directly on production server its working fine for SAP EP(potal). The same way if we ll deploying in SAP PI
system level. Is it working or not?
Why i am asking this doubt .if any parameters adding Tcode RZ10 in Instance profile below mentions list and Restart SAP PI SAP MMC instance after that ABAP stack only working, java stack not working in process list disp+exe showed yellow color there some j2ee failuredispaled.
This is the 'Developer Trace':
WARNING => DpNetCheck: NiAddrToHost(1.0.0.0) took
6 seconds
***LOG GZZ=> 2 possible network problems detected
- check tracefile and adjust the DNS settings
Error
No 10054
Error Text
WSAECONNRESET: Connection reset by peer
(#-----------------------------------------------------------------------
# SSL parameters
#-----------------------------------------------------------------------
ssl/ssl_lib =
$(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL) or
G:usr/sap/PD1/SYS/exe/run/libsapcrypto.dll
sec/libsapsecu = $(ssl/ssl_lib)
ssf/name = SAPSECULIB
ssf/ssfapi_lib = $(ssl/ssl_lib)
ICM/HTTPS/verify_client = 1
RDISP/start_icman = TRUE
icm/server_port_0 = PROT=HTTPs,PORT=50213,EXTBIND=1,TIMEOUT=3600,PROCTIMEOUT=900
login/create_sso2_ticket = 1
login/create_sso2_ticket = 2)
and update SAP environment variable with the following value with user SIDADM.
SECUDIR=/usr/sap/<SID>/<Instance>/sec; export SECUDIR
SMICM:HTTP:50200 sapdevpi1 active and HTTPs:50213 also active mode there is no active problem. If selected any service has been successfully .
At NWA:
Create
Private key and Certificates and generate CSR certificate these are steps dome after that restarted java j2ee instance here also its working fine all status green show started .Basically I am not aware of configuration for ssl just reading blog I was deployed .
My doubts:
Actually that certificate key related production system but i am using development system level. So if i used same key in development .is it working possible or not?.
Some of the SDN blogs suggested parameters adding instance profile and some of sdn persons suggested default profile adding ssl related parameters . my question which is right one?.
If SSL implemented SAP PI level. how to connected third party systems(webservices ) with sap ISU(ECC) system.
Now working URL for
saop sender cc with out SSL:
IF SSL
implementation done the URL looks like: is it fine ?
https://sapdevpi1:50213/XISOAPAdapter/MessageServlet?senderParty=&senderService=WS_DV&receiverParty=... but here one doubt WSDL file imported from ID so default start with HTTP url generated.but If need to connected Https by
using SSL we need physically change URL or not ?.This is about conncetion from third party systems.
Coming to the SAP PI all(dir/sld/rwb) URL open with https://sapdevpi1:50213/dir/start/index.jsp
Finally I am very much confusion .......dear experts anybody could help .
Thnaks & Regards,
Sridhar Nalla.
Can you first check if the SSL ports have successfully been started on your java stack?
You can check this by using the tool jsmon pf=<instance profile>
In jsmon enter display ports
The ports mentioned by you are both http 50200 and 50213. The default java port 5XX01 (ends with 01) is https and the 5XX14 (ends with 14) uses https.
Please also check the SSL configuration in the NWA if this has been setup correctly.
Kind regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mark,
NWA side i was configuration all are green status diibsplayed.SMICM https activate.
Now All URLs(SXMB_IFR,RWB,Communication channel monitoring) open with HTTPs its very fine but The problem is if execute Inbound interface from third party to SAP some error getting(sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ) and more now another problem coming At NWA---->operation management---->system under i press start and stop botton after that there is no start JAVA EE INATANCE only host and instance is there and status yellow(warning showing) other java ee service and java ee applications are working status id green.my doubt is why this type of happens? and due to this java ee instance down ,if i sysnchronoues outbound interface from SAP to third party systems in sxmb_moni this error getting
- <!--
Call Adapter
<SAP:Category>XIServer</SAP:Category>
<SAP:Code area="INTERNAL">CLIENT_RECEIVE_FAILED</SAP:Code>
<SAP:P1>400</SAP:P1>
<SAP:P2>ICM_HTTP_CONNECTION_FAILED</SAP:P2>
<SAP:P3>(See attachment HTMLError for details)</SAP:P3>
<SAP:P4 />
<SAP:AdditionalText />
<SAP:Stack>Error while receiving by HTTP (error code: 400 , error text: ICM_HTTP_CONNECTION_FAILED) (See attachment HTMLError for details)</SAP:Stack>
<SAP:Retry>A</SAP:Retry> o
Already i discuss with my basis teamar they saying due to SSL configuration this type of error getting.but some icm related connection missing .and i was check all rfc connection fine and SLDCHECK ,SLDAPICUST also working fine.
please give me any suggestion without restart system .i want to start java ee instance or how to up java ee inatance?
Thanks & Regards,
Sridhar Nalla.
Hi Mark,
Yes its conneced using HHTPs for all URL related opening for SAP PI side.
the above url open at Internet explorer below message is displayed.
Servlet com.sap.aii.adapter.soap.web.MessageServlet (Version $Id: //tc/xpi.adapters/NW711_06_REL/src/_soap_application_web_module/webm/api/com/sap/aii/adapter/soap/web/MessageServlet.java#3 $) bound to /MessageServlet
Classname ModuleProcessor: null
Lookupname for localModuleProcessorLookupName: localejbs/ModuleProcessorBean
Lookupname for remoteModuleProcessorLookupName: null
ModuleProcessorClass not instantiated
ModuleProcessorLocal is Instance of $Proxy97
ModuleProcessorRemote not instantiated
.
SMICM:ICM monitor trace level error message dispalyed.
[Thr 2500] Tue Oct 09 10:14:56 2012
[Thr 2500] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
[Thr 14232] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
[Thr 10608] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
[Thr 1944] Tue Oct 09 10:14:57 2012
[Thr 1944] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
[Thr 7948] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
[Thr 9724] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1689]
Thanks & Regards,
Sridhar Nalla.
The icm trace indicates that you are trying to establish an http connection over the https port.
See below comment of note 1318906:
*** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-25): SSSLERR_NO_SSL_REQUEST [icxxconn.c 1673]
Reason:An external client (for example, a Web browser) attempts to open an unsecured connection (HTTP), even though the ICM port is secured by SSL.
Solution:Configure the external client so that it sets up secure connections (HTTPS) for the ICM. When you do this, take note of the configuration options in the user guide of the provider of the client you are using.
Kr. Mark
Hi Mark ,
Im sorry for late replay ,Actually for last couple of days i am looking production issues.finally sapmmt up and running but when even sysnchronoues from spa ecc to third party now this issue getting at SAP PI Tcode: sxmb_moni below error getting
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> - <!--
--> Call Adapter
</SAP:Error>
actually this type of error so many times getting development and production system that time .some times i did reprocess message again , resgister queues and activate,increase http service processing time .these are steps already i did but no luck still,all connction fine for relatedd RFCs, morever all inbound related interfaces working very fine .
http://scn.sap.com/thread/2152576
http://scn.sap.com/message/13538803
http://scn.sap.com/thread/3238888
Thanks & Regards,
sridhar Nalla.
Im sorry for late replay ,Actually for last couple of days i am looking production issues.finally sapmmt up and running but when even sysnchronoues from spa ecc to third party now this issue getting at SAP PI Tcode: sxmb_moni below error getting
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?> - <!--
--> Call Adapter
- <SAP:Error SOAP:mustUnderstand="" xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
<SAP:Code area="INTERNAL">CLIENT_RECEIVE_FAILED</SAP:Code>
<SAP:P1>110</SAP:P1>
<SAP:P2>HTTPIO_PLG_CANCELED</SAP:P2>
<SAP:P3 />
<SAP:P4 />
<SAP:AdditionalText />
<SAP:Stack>Error while receiving by HTTP (error code: 110 , error text: HTTPIO_PLG_CANCELED)</SAP:Stack>
<SAP:Retry>A</SAP:Retry>
</SAP:Error>
actually this type of error so many times getting development and production system that time .some times i did reprocess message again , resgister queues and activate,increase http service processing time .these are steps already i did but no luck still,all connction fine for relatedd RFCs, morever all inbound related interfaces working very fine .The following below links but no luck.still same problem im getting
http://scn.sap.com/thread/2152576
http://scn.sap.com/message/13538803
http://scn.sap.com/thread/3238888
Thanks & Regards,
sridhar Nalla.
User | Count |
---|---|
93 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.