Hello

I just created a PSE and tried connecting to a web service with it. I have created RFC in SM59 that points to the web service and under security tab I used this PSE that I just created. Somehow when doing a connection test I get ICM_HTTP_SSL_ERROR and in the trace file there appears an error like this:

[Thr 139993936992000] Fri Nov  8 13:41:45 2013

[Thr 139993936992000] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse": unable to use! [ssslsecu_mt. 1848]

[Thr 139993936992000] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --

[Thr 139993936992000]   secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"

[Thr 139993936992000] >> ---------- Begin of Secude-SSL Errorstack ---------- >>

[Thr 139993936992000] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] << ---------- End of Secude-SSL Errorstack ----------

[Thr 139993936992000] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential

        for "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse" [ssslxxi_mt.c 2417]

[Thr 139993936992000]   SSL NI-sock: local=192.168.53.30:53885  peer=78.24.199.90:12506

[Thr 139993936992000] <<- ERROR: SapSSLSetSessionCredential(sssl_hdl=7f52a8000c80)==SSSLERR_PSE_ERROR

[Thr 139993936992000]      in: cred_name = "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"

[Thr 139993936992000] *** ERROR => IcmConnInitClientSSL: SapSSLSetSessionCredential failed for cred /usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse (-40): SSSLERR_PSE_ERROR [icxxconn_mt. 1879]

[Thr 139993936992000]   SSL NI-sock: local=192.168.53.30:53885  peer=78.24.199.90:12506

[Thr 139993936992000] <<- ERROR: SapSSLSetTargetHostname(sssl_hdl=7f52a8000c80)==SSSLERR_SESSION_ALREADY_STARTED

[Thr 139993936992000]      in: hostname = "eypson.seb.ee"

[Thr 139993936992000] *** ERROR => IcmConnInitClientSSL: SapSSLSetTargetHostname failed (-18): SSSLERR_SESSION_ALREADY_STARTED {00050bc7} [icxxconn_mt.c 1921]

The PSE, I created, already has a PIN. I know that I didn't do anything wrong when creating this PSE because I created another PSE just like that and the RFC that uses the other one works perfectly. Also the other PSE works with PIN and without PIN. Where should I look for the solution? The only difference is that when I created the working PSE I imported it with my own system user. The other - broken PSE - was imported by "ertadm" user. Does it even matter who imported the PSE?

Thank you for all your help!

Rauno Veberson