on 11-11-2014 9:31 AM
The issue is solved with below notes:
2009483 - PSE Management in Web Administration Interface of SAP Web Dispatcher
Creating the PSEs and Certificate Requests - SAP Web Dispatcher - SAP Library
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Experts,
Still am not able to import the certificate, below is the trace file:
---------------------------------------------------
trc file: "dev_webdisp", trc level: 1, release: "740"
---------------------------------------------------
sysno 05
sid WDP
systemid 562 (PC with Windows NT)
relno 7400
patchlevel 0
patchno 76
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile D:\usr\sap\sapwebdisp\sapwebdisp.pfl
pid 144
[Thr 1796] Tue Nov 18 13:07:43 2014
[Thr 1796] started security log to file ./dev_icm_sec
[Thr 1796] SAP Web Dispatcher running on: AWQ-WEBDISP1.awqaf.gov.kw
[Thr 1796] MtxInit: 30001 0 2
[Thr 1796] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&AWQ-WEBDISP1.awqaf.gov.kw&144&) [icxxman.c 1987]
[Thr 1796] IcmInit: listening to admin port: 65000
[Thr 1796] MPI: dynamic quotas disabled.
[Thr 1796] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 1796] CCMS: Initialized monitoring segment of size 40000000.
[Thr 1796] CCMS: Initialized CCMS Headers in the shared monitoring segment.
[Thr 1796] CCMS: Checking Downtime Configuration of Monitoring Segment.
[Thr 1796] IcrCoreInitSessionTable: Session table initialized
[Thr 3052] Adding HttpRedirectHandler: PREFIX=/,TO=/irj/portal,HOST=sapweb.awqaf.gov.kw
[Thr 3052] HttpISubHandlerAdd: Added handler HttpRedirectHandler(0000000002838AD0), slot=0, flags=4098) for /, active: 1, table 000000001A0E7BF0
[Thr 3052] Adding HttpAdminHandler: PREFIX=/sap/wdisp/admin,PORT=4305,DOCROOT=./admin,AUTHFILE=icmauth.txt
[Thr 3052] HttpExtractArchive: files from archive ./wdispadmin.SAR in directory . are up to date
[Thr 3052] HttpAdmHandlerInit: admin restricted to the port(s): 4305
[Thr 3052] HttpISubHandlerAdd: Added handler HttpAdminHandler(0000000002838B50), slot=1, flags=36869) for /sap/wdisp/admin, active: 1, table 000000001A0E7BF0
[Thr 3052] Adding HttpModHandler: PREFIX=/
[Thr 3052] HttpISubHandlerAdd: Added handler HttpModHandler(00000000027CFF50), slot=2, flags=12293) for /, active: 1, table 000000001A0E7BF0
[Thr 3052] Adding HttpAuthHandler: PREFIX=/,FILTER=SAP
[Thr 3052] CsiInit(): Initializing the Content Scan Interface
[Thr 3052] PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 3052] CsiInit(): CSA_LIB = ".\sapcsa.dll"
[Thr 3052] HttpISubHandlerAdd: Added handler HttpAuthHandler(0000000002838BD0), slot=3, flags=12293) for /, active: 1, table 000000001A0E7BF0
[Thr 3052] HttpISubHandlerAdd: Added handler HttpWebDispHandler(000000000E31E800), slot=4, flags=1060869) for /, active: 1, table 000000001A0E7BF0
[Thr 3052] WebSocketPlugInInit: Web Socket Plugin initialized
[Thr 3052] IcmAddHiddenService: Hidden service WEBSOCKET started
[Thr 3052] Started service HOST=sapweb.awqaf.gov.kw,PORT=80,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 3052] IcmAddHiddenService: Hidden service WEBSOCKETS started
[Thr 3052] =================================================
[Thr 3052] = SSL Initialization platform tag=(ntamd64-msc16)
[Thr 3052] = (740_REL,Jul 8 2014,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 3052] DIR_INSTANCE="D:\usr\sap\sapwebdisp"
[Thr 3052] DIR_LIBRARY="."
[Thr 3052] ssl/ssl_lib=".\sapcrypto.dll"
[Thr 3052] profile param "ssl/ssl_lib" = ".\sapcrypto.dll"
[Thr 3052] resulting Filename = ".\sapcrypto.dll"
[Thr 3052] = found CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.20 pl40 (Jun 23 2014) MT-safe
[Thr 3052] = current UserID: NT AUTHORITY\SYSTEM
[Thr 3052] = using SECUDIR=D:\usr\sap\sapwebdisp\sec
[Thr 3052] ssl/ciphersuites="193:HIGH:MEDIUM:+e3DES"
[Thr 3052] ssl/client_ciphersuites="192:HIGH:MEDIUM:+e3DES"
[Thr 3052] = Success -- SapCryptoLib SSL ready!
[Thr 3052] =================================================
[Thr 3052]
[Thr 3052] Started service HOST=sapweb.awqaf.gov.kw,PORT=443,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=60,VCLIENT=1
[Thr 3052] SSL settings: verify_client: 1, cache_size: -1, cache_lifetime: -1, credfile: SAPSSLS.pse, ciphers: default
[Thr 1796] IcmCreateWorkerThreads: created worker thread 0
[Thr 1796] IcmCreateWorkerThreads: created worker thread 1
[Thr 1796] IcmCreateWorkerThreads: created worker thread 2
[Thr 1796] IcmCreateWorkerThreads: created worker thread 3
[Thr 1796] IcmCreateWorkerThreads: created worker thread 4
[Thr 1796] IcmCreateWorkerThreads: created worker thread 5
[Thr 1796] IcmCreateWorkerThreads: created worker thread 6
[Thr 1796] IcmCreateWorkerThreads: created worker thread 7
[Thr 1796] IcmCreateWorkerThreads: created worker thread 8
[Thr 1796] IcmCreateWorkerThreads: created worker thread 9
[Thr 2508] IcmWatchDogThread: watchdog started
[Thr 2144] Tue Nov 18 13:11:37 2014
[Thr 2144] SSL_get_state()==0x1180 "SSLv3 read client certificate A"
[Thr 2144] *** ERROR during SecuSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 2144] session uses PSE file "D:\usr\sap\sapwebdisp\sec\SAPSSLS.pse"
[Thr 2144] SecuSSL_SessionStart: SSL_accept() failed (536875080/0x20001048)
[Thr 2144] => "SSL API error"
[Thr 2144] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 2144] 0x20001048 | SAPCRYPTOLIB | SSL_accept
[Thr 2144] SSL API error
[Thr 2144] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 2144] 0xa0600273 | SSL | ssl23_accept
[Thr 2144] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 2144] 0xa0600273 | SSL | ssl3_read_bytes
[Thr 2144] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 2144] << ---------- End of Secu-SSL Errorstack ----------
[Thr 2144] SSL NI-hdl 159: local=10.31.65.200:443 peer=10.28.30.14:50573
[Thr 2144] <<- ERROR: SapSSLSessionStart(sssl_hdl=00000000027CDD60)==SSSLERR_SSL_ACCEPT
[Thr 2144] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c 1730]
[Thr 1116] Tue Nov 18 13:11:50 2014
[Thr 1116] SSL_get_state()==0x1180 "SSLv3 read client certificate A"
[Thr 1116] *** ERROR during SecuSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 1116] session uses PSE file "D:\usr\sap\sapwebdisp\sec\SAPSSLS.pse"
[Thr 1116] SecuSSL_SessionStart: SSL_accept() failed (536875080/0x20001048)
[Thr 1116] => "SSL API error"
[Thr 1116] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 1116] 0x20001048 | SAPCRYPTOLIB | SSL_accept
[Thr 1116] SSL API error
[Thr 1116] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 1116] 0xa0600273 | SSL | ssl23_accept
[Thr 1116] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 1116] 0xa0600273 | SSL | ssl3_read_bytes
[Thr 1116] received a fatal TLS1.0 unknown_ca alert from the peer
[Thr 1116] << ---------- End of Secu-SSL Errorstack ----------
[Thr 1116] SSL NI-hdl 152: local=10.31.65.200:443 peer=10.28.30.14:50575
[Thr 1116] <<- ERROR: SapSSLSessionStart(sssl_hdl=00000000027CDD60)==SSSLERR_SSL_ACCEPT
[Thr 1116] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn.c 1730]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Prathish
Is this the complete message you receive? I believe there is much detailed error message that hints where the problem is.
Regards,
Tapan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Tapan,
Our network security team provide me two file, one is .txt with key and .pfx file, they told me to import to webdispatcher. what i have done is i created .pse and cert file in sapwebdisp with below command.
"Sapgenpse.exe gen_pse -p SAPSSLS.pse -x PIN -r SAPSSLS.req", then
i tried to import the certificate with the command
"Sapgenpse import_own_cert -c SAPSSLS.p7b -p SAPSSLS.pse -x PIN"
for SAPSSLS.p7b, i given the path for the key provided by my network team. while executing am getting the only above error.
Hello
Please use step 3 of URL:
for converting *.pfx into PSE file. Please also refer below URLs:
http://scn.sap.com/thread/3311272
Importing a PKCS#12 File - Network and Transport Layer Security - SAP Library
I hope this information helps you.
Cheers,
Tapan
Dear Tapan,
The file .pfx is converted to .pse and its generated in the same folder as test.pse, Now i have to import the file with the following command,right!
Sapgenpse import_own_cert -c SAPSSLS.p7b -p SAPSSLS.pse -x PIN
Sapgenpse import_own_cert -c SAPSSLS.p7b -p test.pse -x PIN, here SAPSSLS.p7b is which file, i have got a key .txt from security team. should i have to convert this .txt to .p7b
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.