cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring the AS ABAP for Supporting SSL

Go to solution
Former Member

on ‎07-17-2013 8:55 PM

0 Kudos

Greetings,

As the subject implies, I am trying to enable SSL on my instance.  I have two very good articles I am reading:

http://help.sap.com/saphelp_nw73/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/20c109d3-afd7-2d10-939f-8d143f0ff...

However, I am having an issue creating the SSL Server PSE.

I am reading this:

http://help.sap.com/saphelp_nw73/helpdata/en/49/2371abbf5a1902e10000000a42189c/content.htm

I am able to right click on "SSL server Standard" and "Create".  Once this is created, the right side of screen containing the certificate information is blank.

Following the next step, which is to export, appears to be in vain.There isn't a certificate to click, so I cannot export.

I'm not sure what, but something is not creating correctly.

HTTPS cannot be enabled.  I review the ICM monitor logs, and I have errors:

[Thr 4332] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "K:\usr\sap\TB2\DVEBMGS00\sec\SAPSSLS.pse": unable to use! [ssslsecu.c   1848]

[Thr 4332] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --

[Thr 4332]   secude_error 4130 (0x00001022) = "Object Cert doesn't exist"

So, I'm not really sure what to do from here. It appears that a cert is not being made that should be.

Thanks

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-18-2013 3:46 AM
0 Kudos

Hello ,

Do you have SECUDIR environment variable set ? set it to sec directory and try.

Thanks

Dev

Show replies
Show replies
Former Member
‎07-18-2013 8:26 PM
0 Kudos

Rishi,

I am following that documentation. 

1. SSL server PSE node.

2. For each unique SSL server PSE (each server-specific PSE or a single system-wide PSE):

    1. Select the application server.The application server's certificate appears in the PSE maintenance      section in the Owner field.

Step 2.1: When I select the application server the server's certificate does not appears in the PSE maintenance section. The entire display is blank.

So, therefore I cannot do the next step:


     2. In the PSE maintenance section, choose Create Certificate Request (Create Certificate Request).A dialog appears           showing the certificate request.

Clicking on "Create Certificate Request" doesn't do anything. The button seems to have no effect. Probably because there is something missing.

Devpriy,

It was not set, but setting it did not make a difference for this specific issue.

Former Member
‎07-19-2013 5:04 AM
0 Kudos

Can you share your profile parameters ?

Former Member
‎07-19-2013 3:00 PM
0 Kudos

condensed without the comments:

icm/HTTPS/verify_client = 2

icm/server_port_1 = PROT=HTTPS,PORT=8001

icm/keep_alive_timeout = 3600

SAPLOCALHOSTFULL = v-tb2tp2sap.ctg.com

icm/host_name_full = v-tb2tp2sap.ctg.com

gw/max_overflow_size = 25000000

gw/max_conn = 2000

rdisp/max_wprun_time = 3600

em/blocksize_KB = 4096

rdisp/plugin_auto_logout = 3600

rtbb/max_tables = 500

rtbb/buffer_length = 30000

em/global_area_MB = 430

ssf/name = SAPSECULIB

gw/cpic_timeout = 60

em/address_space_MB = 4096

rdisp/max_comm_entries = 2000

rsdb/esm/max_objects = 10000

rsdb/obj/buffersize = 40000

SAPSYSTEMNAME = TB2

SAPGLOBALHOST = V-TB2TP2SAP

SAPSYSTEM = 00

INSTANCE_NAME = DVEBMGS00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_INSTANCE)\exe

rdisp/wp_no_dia = 10

rsdb/obj/large_object_size = 8192

rdisp/wp_no_btc = 3

icm/server_port_0 = PROT=HTTP,PORT=80$$

ms/server_port_0 = PROT=HTTP,PORT=81$$

rdisp/wp_no_enq = 1

rsdb/obj/max_objects = 2000

rdisp/wp_no_vb = 1

rdisp/wp_no_vb2 = 1

rdisp/wp_no_spo = 1

ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

sec/libsapsecu = k:\usr\sap\TB2\sys\exe\uc\NTAMD64\sapsecu.dll

ssf/ssfapi_lib = $(ssl/ssl_lib)

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 2

abap/buffersize = 400000

exe/icmbnd = $(DIR_CT_RUN)/icmbnd

DIR_PROFILE = $(DIR_INSTALL)\profile

_PF = $(DIR_PROFILE)\TB2_DVEBMGS00_V-TB2TP2SAP

Start_Program_00 = immediate $(DIR_CT_RUN)$(DIR_SEP)sapcpe$(FT_EXE) pf=$(DIR_PROFILE)$(DIR_SEP)TB2_DVEBMGS00_V-TB2TP2SAP

_CPARG0 = list:$(DIR_CT_RUN)/sapcrypto.lst

_DB = $(DIR_CT_RUN)\strdbs.cmd

Start_Program_03 = immediate $(DIR_CT_RUN)$(DIR_SEP)strdbs.cmd TB2

_MS = $(DIR_EXECUTABLE)\msg_server$(FT_EXE)

Start_Program_04 = local $(_MS) pf=$(_PF)

_DW = $(DIR_EXECUTABLE)\disp+work$(FT_EXE)

Start_Program_05 = local $(_DW) pf=$(_PF)

_IG = $(DIR_EXECUTABLE)\igswd$(FT_EXE)

Start_Program_07 = local $(DIR_EXECUTABLE)$(DIR_SEP)igswd$(FT_EXE) -mode=profile pf=$(DIR_PROFILE)$(DIR_SEP)TB2_DVEBMGS00_V-TB2TP2SAP

rsdb/esm/buffersize_kb = 200000

Former Member
‎07-19-2013 8:50 PM
0 Kudos

So, I discovered why the certificate was not being created.  the profile parameters for the SSL library were just not simply configured correctly. 

I worked with my basis team, and thought it was done correctly, but apparently it was just done enough to work, but not work in it's entirety.  I followed the documents for installing SAP crypto, and set every profile parameter, and the issue is now resolved.

Thanks for all the help!

Answers (1)

Answers (1)

Former Member
‎07-18-2013 1:49 AM
0 Kudos

Hi,

did you set the password (pin) while creating the certificate.

did you create the mandatory credentials to open the PSE file ? (sapgenpse seclogin ....)

check [http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/9a9a6b48c673e8e10000000a42189b/frameset.htm]

Can you please past the command that you have done.

Thanks

Rishi abrol

Show replies
Show replies
Ask a Question