MDM Console Unable to Connect Over SSL
This is a newly installed (and my first) MDM 7.1 sp13 system (intended for SRM-MDM 7.02, but we haven't got that far yet) running on Windows 2012 R2 and SQL Server 2012. It's a central system, with the MDS and MDIS on the same host (and co-located with the AS Java and DBMS -- it's a small system). During installation I selected the option to enable SSL, and that seemed to work ok. I provided the most recent SAPCryptoLib 5.5.5 (pl38) during the installation, and I left all the TCP ports at default.
Now I'm attempting to connect the MDM Console to the MDS from my workstation. The console is also 7.1 sp13, so it's version-matched. I can mount the MDS in unsecure connection mode without any problem. I can start and stop the MDS from the console in that mode. All of that works fine. However, if I tick the checkbox for Secure Connection and provide the path to the MDS instance's key file and ssl library, I get an error. Afterwards, the server shows up as mounted, but it has a status of "Invalid" and a yellow exclamation point shows up in the ssl keylock icon. I'm having trouble figuring out what is going wrong with it, though.
As you can see, the MDS is instance 02 on the server (00 and 01 are the AS Java, and 03 is the MDIS).
This results in an error pop-up and then afterwards things seem to be connected yet invalid:
So, I have confirmed that the mds.ini file contains the lines:
SSL Lib Path=E:\usr\sap\<SID>\MDS02\exe\sapcrypto.dll
SSL Key Path=E:\usr\sap\<SID>\MDS02\sec\SAPSSLS.pse
The same lines appear in the <SID>_MDS02_<host>.INI file in the global profile directory, and in the instance profile I have:
MDS_SSL_LISTENING_PORT = 59951
SETENV_16 = MDS_SSL_LISTENING_PORT=$(MDS_SSL_LISTENING_PORT)
plus all the usual stuff about initializing SSL for any SAP system.
In the SAPMMC, under Access Points, I can see that https is active, though under a completely different port (50214).
I haven't figured out where to find a logfile to indicate more details about the error, but it seems such a thing must exist somewhere. My guess right now is that there's some extra, undocumented (or documented somewhere I haven't found) step for setting up the Console, or that I'm using the wrong key file, or something. I tried pointing to the client.pse file instead of SAPSSLS.pse, but it made no difference.
Yes, I have restarted the MDS, a few times, since installation.
I'll be grateful for any help.