on 03-15-2008 11:13 AM
Dear All,
I have made https/ssl of portal which is inside infirewall. I have a webdispatcher in DMZ i have configured the http access from DMZ to central server. I am stuck in configuring https access. I made pse file and incorporated the CA response to pse but still i get the following error.
Trace of webdispatcher
-
-
trc file: "dev_webdisp", trc level: 1, release: "700"
-
sysno 00
sid
systemid 562 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 110
intno 20050900
make: multithreaded, ASCII, 64 bit, optimized
pid 6024
[Thr 10256] started security log to file dev_icm_sec
[Thr 10256] SAP Web Dispatcher running on: gvaqprdhr05.ifrc.ds
[Thr 10256] MtxInit: 30001 0 2
[Thr 10256] IcmInit: listening to admin port: 65000
[Thr 11492] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
X.509 cert data will be removed from header [http_plgrt.c 670]
[Thr 11492] HttpExtractArchive: files from archive ./wdispadmin.SAR in directory . are up to date
[Thr 11492] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0
[Thr 11492] CsiInit(): Initializing the Content Scan Interface
[Thr 11492] PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 11492] CsiInit(): CSA_LIB = ".\sapcsa.dll"
[Thr 11492] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0
[Thr 11492] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0
[Thr 11492] Started service 80 for protocol HTTP on host "myhost"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 11492] =================================================
[Thr 11492] = SSL Initialization on PC with Windows NT
[Thr 11492] = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 11492] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"
resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"
[Thr 11492] SapISSLComposeFilename(): profile param "ssl/server_pse" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"
resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"
[Thr 11492] = found SAPCRYPTOLIB 5.5.5C pl23 (Jan 24 2008) MT-safe
[Thr 11492] = current UserID: NT AUTHORITY\SYSTEM
[Thr 11492] = found SECUDIR environment variable
[Thr 11492] = using SECUDIR=C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir
[Thr 11492] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" not found! [ssslsecu.c 1296]
[Thr 11492] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 11492] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 11492] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" [Thr 11492] << -
End of Secude-SSL Errorstack -
[Thr 11492] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 11492] =================================================
[Thr 11492] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 11492] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
.........................................
.......[Thr 10256] IcmCreateWorkerThreads: created worker thread 99............................
...........................................
[Thr 11672] IcmWatchDogThread: watchdog started
[Thr 9236] Sat Mar 15 10:35:44 2008
[Thr 9236] =================================================
[Thr 9236] = SSL Initialization on PC with Windows NT
[Thr 9236] = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 9236] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"
resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"
[Thr 9236] SapISSLComposeFilename(): profile param "ssl/server_pse" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"
resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"
[Thr 9236] = found SAPCRYPTOLIB 5.5.5C pl23 (Jan 24 2008) MT-safe
[Thr 9236] = current UserID: NT AUTHORITY\SYSTEM
[Thr 9236] = found SECUDIR environment variable
[Thr 9236] = using SECUDIR=C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir
[Thr 9236] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" not found! [ssslsecu.c 1296]
[Thr 9236] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 9236] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 9236] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" [Thr 9236] << -
End of Secude-SSL Errorstack -
[Thr 9236] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 9236] =================================================
[Thr 9236] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 9236] *** ERROR => IcmIActivateService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 737]
[Thr 9236] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8443, HTTPS(rc=-14) [icrxxadmin.c 4134]
-
my webdisp.pfl file contains
-
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 0
add default directory settings
DIR_EXECUTABLE = .
DIR_INSTANCE = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64
Accessibility of Message Servers
rdisp/mshost = myhost
ms/http_port = 8101
ms/htps_port = 8443
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for large scenario
icm/max_conn = 16384
icm/max_sockets = 16384
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 250
mpi/total_size_MB = 500
mpi/max_pipes = 21000
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 2000
wdisp/HTTPS/max_pooled_con = 2000
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=HTTP,PORT=80
icm/server_port_1 = PROT=HTTPS,PORT=8443
Parameters for the SAP Cryptographic Library
ssl/ssl_lib = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll
ssl/server_pse = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse
wdisp/ssl_encrypt = 2
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
wdisp/add_client_protocol_header = true
-
please help me out to succeed in https access. i am not able to trace where i am doing wrong.
Awaiting for earliest reply,
regards,
Baskaran.D
Hi all,
PIN parameter was problem. Changed it. Its working fine.
regards,
Baskaran
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi. As of Note 800240 -->
FAQ: SAP Cryptographic Library error analysis (App. Server)
--> Error: Error opening PSE file
Solution: Use transaction AL11 to check the filename and location of the PSE file in the $(DIR_INSTANCE)/sec directory. Also check for the credentials file cred_v2. If this file is missing, then create credentials for the PSE. See question number 8 in this note for information about how to create credentials. Check if file SAPSSL.pse exist.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.