11-08-2013 11:49 AM
Hello
I just created a PSE and tried connecting to a web service with it. I have created RFC in SM59 that points to the web service and under security tab I used this PSE that I just created. Somehow when doing a connection test I get ICM_HTTP_SSL_ERROR and in the trace file there appears an error like this:
[Thr 139993936992000] Fri Nov 8 13:41:45 2013
[Thr 139993936992000] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse": unable to use! [ssslsecu_mt. 1848]
[Thr 139993936992000] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139993936992000] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139993936992000] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139993936992000] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139993936992000] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential
for "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse" [ssslxxi_mt.c 2417]
[Thr 139993936992000] SSL NI-sock: local=192.168.53.30:53885 peer=78.24.199.90:12506
[Thr 139993936992000] <<- ERROR: SapSSLSetSessionCredential(sssl_hdl=7f52a8000c80)==SSSLERR_PSE_ERROR
[Thr 139993936992000] in: cred_name = "/usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse"
[Thr 139993936992000] *** ERROR => IcmConnInitClientSSL: SapSSLSetSessionCredential failed for cred /usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse (-40): SSSLERR_PSE_ERROR [icxxconn_mt. 1879]
[Thr 139993936992000] SSL NI-sock: local=192.168.53.30:53885 peer=78.24.199.90:12506
[Thr 139993936992000] <<- ERROR: SapSSLSetTargetHostname(sssl_hdl=7f52a8000c80)==SSSLERR_SESSION_ALREADY_STARTED
[Thr 139993936992000] in: hostname = "eypson.seb.ee"
[Thr 139993936992000] *** ERROR => IcmConnInitClientSSL: SapSSLSetTargetHostname failed (-18): SSSLERR_SESSION_ALREADY_STARTED {00050bc7} [icxxconn_mt.c 1921]
The PSE, I created, already has a PIN. I know that I didn't do anything wrong when creating this PSE because I created another PSE just like that and the RFC that uses the other one works perfectly. Also the other PSE works with PIN and without PIN. Where should I look for the solution? The only difference is that when I created the working PSE I imported it with my own system user. The other - broken PSE - was imported by "ertadm" user. Does it even matter who imported the PSE?
Thank you for all your help!
Rauno Veberson
12-05-2013 8:32 AM
11-08-2013 12:16 PM
Hi,
Please try to run the following command to create credential and see how it goes:
sapgenpse seclogin -p /usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse -x <PIN> -O <SID>adm
Thanks.
Jim
11-08-2013 12:25 PM
11-08-2013 1:08 PM
Have you restarted icm after that?
What is the output of:
sapgenpse seclogin -l -p /usr/sap/ERT/DVEBMGS01/sec/SAPSSLZHKSEB.pse
Thanks.
Jim
12-05-2013 8:32 AM
10-30-2014 2:17 PM
Hello ,
Can you try RESETTING PIN via command ;
sapgenpse seclogin -p <relatedPSEfile> -chpin -x <PIN> -xn ""
Best Regards.
Fatih YUKSEL