on 07-17-2013 8:55 PM
Greetings,
As the subject implies, I am trying to enable SSL on my instance. I have two very good articles I am reading:
http://help.sap.com/saphelp_nw73/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm
However, I am having an issue creating the SSL Server PSE.
I am reading this:
http://help.sap.com/saphelp_nw73/helpdata/en/49/2371abbf5a1902e10000000a42189c/content.htm
I am able to right click on "SSL server Standard" and "Create". Once this is created, the right side of screen containing the certificate information is blank.
Following the next step, which is to export, appears to be in vain.There isn't a certificate to click, so I cannot export.
I'm not sure what, but something is not creating correctly.
HTTPS cannot be enabled. I review the ICM monitor logs, and I have errors:
[Thr 4332] *** ERROR => secudessl_Create_SSL_CTX(): PSE "K:\usr\sap\TB2\DVEBMGS00\sec\SAPSSLS.pse": unable to use! [ssslsecu.c 1848]
[Thr 4332] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 4332] secude_error 4130 (0x00001022) = "Object Cert doesn't exist"
So, I'm not really sure what to do from here. It appears that a cert is not being made that should be.
Thanks
Hello ,
Do you have SECUDIR environment variable set ? set it to sec directory and try.
Thanks
Dev
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Rishi,
I am following that documentation.
1. SSL server PSE node.
2. For each unique SSL server PSE (each server-specific PSE or a single system-wide PSE):
1. Select the application server.The application server's certificate appears in the PSE maintenance section in the Owner field.
Step 2.1: When I select the application server the server's certificate does not appears in the PSE maintenance section. The entire display is blank.
So, therefore I cannot do the next step:
2. In the PSE maintenance section, choose (Create Certificate Request).A dialog appears showing the certificate request.
Clicking on "Create Certificate Request" doesn't do anything. The button seems to have no effect. Probably because there is something missing.
Devpriy,
It was not set, but setting it did not make a difference for this specific issue.
condensed without the comments:
icm/HTTPS/verify_client = 2
icm/server_port_1 = PROT=HTTPS,PORT=8001
icm/keep_alive_timeout = 3600
SAPLOCALHOSTFULL = v-tb2tp2sap.ctg.com
icm/host_name_full = v-tb2tp2sap.ctg.com
gw/max_overflow_size = 25000000
gw/max_conn = 2000
rdisp/max_wprun_time = 3600
em/blocksize_KB = 4096
rdisp/plugin_auto_logout = 3600
rtbb/max_tables = 500
rtbb/buffer_length = 30000
em/global_area_MB = 430
ssf/name = SAPSECULIB
gw/cpic_timeout = 60
em/address_space_MB = 4096
rdisp/max_comm_entries = 2000
rsdb/esm/max_objects = 10000
rsdb/obj/buffersize = 40000
SAPSYSTEMNAME = TB2
SAPGLOBALHOST = V-TB2TP2SAP
SAPSYSTEM = 00
INSTANCE_NAME = DVEBMGS00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_INSTANCE)\exe
rdisp/wp_no_dia = 10
rsdb/obj/large_object_size = 8192
rdisp/wp_no_btc = 3
icm/server_port_0 = PROT=HTTP,PORT=80$$
ms/server_port_0 = PROT=HTTP,PORT=81$$
rdisp/wp_no_enq = 1
rsdb/obj/max_objects = 2000
rdisp/wp_no_vb = 1
rdisp/wp_no_vb2 = 1
rdisp/wp_no_spo = 1
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu = k:\usr\sap\TB2\sys\exe\uc\NTAMD64\sapsecu.dll
ssf/ssfapi_lib = $(ssl/ssl_lib)
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
abap/buffersize = 400000
exe/icmbnd = $(DIR_CT_RUN)/icmbnd
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\TB2_DVEBMGS00_V-TB2TP2SAP
Start_Program_00 = immediate $(DIR_CT_RUN)$(DIR_SEP)sapcpe$(FT_EXE) pf=$(DIR_PROFILE)$(DIR_SEP)TB2_DVEBMGS00_V-TB2TP2SAP
_CPARG0 = list:$(DIR_CT_RUN)/sapcrypto.lst
_DB = $(DIR_CT_RUN)\strdbs.cmd
Start_Program_03 = immediate $(DIR_CT_RUN)$(DIR_SEP)strdbs.cmd TB2
_MS = $(DIR_EXECUTABLE)\msg_server$(FT_EXE)
Start_Program_04 = local $(_MS) pf=$(_PF)
_DW = $(DIR_EXECUTABLE)\disp+work$(FT_EXE)
Start_Program_05 = local $(_DW) pf=$(_PF)
_IG = $(DIR_EXECUTABLE)\igswd$(FT_EXE)
Start_Program_07 = local $(DIR_EXECUTABLE)$(DIR_SEP)igswd$(FT_EXE) -mode=profile pf=$(DIR_PROFILE)$(DIR_SEP)TB2_DVEBMGS00_V-TB2TP2SAP
rsdb/esm/buffersize_kb = 200000
So, I discovered why the certificate was not being created. the profile parameters for the SSL library were just not simply configured correctly.
I worked with my basis team, and thought it was done correctly, but apparently it was just done enough to work, but not work in it's entirety. I followed the documents for installing SAP crypto, and set every profile parameter, and the issue is now resolved.
Thanks for all the help!
Hi,
did you set the password (pin) while creating the certificate.
did you create the mandatory credentials to open the PSE file ? (sapgenpse seclogin ....)
check [http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/9a9a6b48c673e8e10000000a42189b/frameset.htm]
Can you please past the command that you have done.
Thanks
Rishi abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.