cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap web dispatcher web Interface Issue

Former Member

on ‎10-08-2015 7:05 AM

0 Kudos


Dear All,

I have installed and Configured sap web despatcher 7.42 using SWPM on windows 2008 server.

We would like to use SSL Termination for the web dispatcher.

for this I created the SAPSSLS.pse file as per help.sap.com and also created the credentials for the "sidadm" user.

everything is fine.

However when I try to  check this SAPSSLS.pse from the "Web interface, I get the Error.  "PSE not available".

I Understand that I logged in with the user "webadm" and not "sidadm" on the web interface.

Does that mean we have to add the user "webadm" to the SAPSSLS.pse as well ?

has anyone come across such error.

Thanks,

Regards

Ahmed Mohammed

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

isaias_freitas
Advisor
Advisor
‎10-08-2015 1:34 PM
0 Kudos

Dear Ahmed,

No, you do not need to add webadm to the SAPSSLS.pse.

The webadm is a user ID at the Web Dispatcher level only.

Where did you put the SAPSSLS.pse file?

It should be located at the <Web Dispatcher folder>\sec (e.g., <drive>:\usr\sap\<SID>\W$$\sec - where $$ is the instance number.

Regards,

Isaías

Show replies
Show replies
Former Member
‎10-09-2015 5:36 AM
0 Kudos

Dear Isaias,

Thank you for your reply.

I understand the webadm Is a user at web dispatcher level and "sidadm" is a user at OS level.

Also the location of SAPSSLS.pse is "SECUDIR" environment variable which I set and performed all the steps for sapgenpse.

My issue is , when I generate the certificate at the OS level and add user "sidadm" , I cannot see the SAPSSLS.pse from the web interface.(I guess webadm does not have access to this PSE)

And When I generate the certificate using the web interface, the user "sidadm" is not added to the file cred_V2. but if I add the "sidadm" user using seclogin command, it works fine.

but as per sapnote 152509

Accessing the credential list :-

if there is more than on credential found for the actual PSE to be accessed, SAPCRYPTOLIB will always only evaluate the first credential from the list.This means, adding more than one credential for any given PSE is useless, as secondary credentials won't be used anyway.

I am confused here and I want to make sure that 'sidadm' user should be in the beginning of this list.

or does this not matter in SSL termination scenario.

please suggest.

Thanks again,

Regards

Ahmed Mohammed

isaias_freitas
Advisor
Advisor
‎10-09-2015 11:13 PM
0 Kudos

Hello,

The statement "add webadm to the PSE file" or "webadm has no access to the PSE file" makes no sense .

Only OS level users can be added to the PSE file, and when you logon to the Web Dispatcher as webadm, it is the Web Dispatcher process (running as sidadm) that will read the PSE file .

It seems that when you generate the PSE at OS level you are using a different SECUDIR than the one used by the Web Dispatcher.

Try setting the SECUDIR env variable to the "web dispatcher\sec" folder.

Regards,

Isaías

Former Member
‎10-12-2015 5:42 AM
0 Kudos

Hi,

As I said, when I  generate the PSE at OS level, I am not able to access it using the Web Interface.

And when I generate the PSE , I set the environmental variable (SECUDIR=C:\usr\sap\<SID>W00\sec) for the user sidadm. and the PSE is getting generated in the same location.

NOTE :- if I run all the commands at OS level , I am good, with PSE and CA.

But I want to work with the web interface for PSE generation and CA..

not sure what I miss in this configuration.

Any other suggestions.

Thanks,

Regards

Ahmed Mohammed

isaias_freitas
Advisor
Advisor
‎10-12-2015 11:13 PM
0 Kudos

Hello Ahmed,

All you would need to do is ensure that the "<SID>adm" user has full control over the folder "W00\sec".

In addition, ensure that you are using the latest patch level available of the Web Dispatcher 742.

Besides that, verify whether any of the PSE parameters were set at the Web Dispatcher profile, and if they were that they are pointing to the correct files.

  • ssl/anon_pse
  • ssl/server_pse
  • ssl/client_pse

Regards,

Isaías

Ask a Question