cancel
Showing results for 
Search instead for 
Did you mean: 

Need help in setting up SSL

Former Member
0 Kudos

Hi,

I need to configure SSL so that we can access the portal through https.

I am getting struck in last step.

I have done till Configuration Adapter changes. I have set the entries for startup-mode as always under Propertysheet ssl-runtime.

After that under SSL provider I am not able to find the 50001 port under Active Socket.

How can I add that ? Under active socket I am able to view 50003 and 50006 port only.

I got following details in the trace file... any idea ??

Cannot open HTTPS server socket on port 50001Check port for usage by another process.

com.sap.engine.services.ssl.exception.BaseIOException: General I/O Exception.

at com.sap.engine.services.ssl.exception.BaseIOException.wrapException(BaseIOException.java:81)

at com.sap.engine.services.ssl.factory.SSLTransportFactory.getServerSocket(SSLTransportFactory.java:90)

at com.sap.engine.core.port.impl0.TransportLayerImpl.openServerSocket(TransportLayerImpl.java:76)

at com.sap.engine.core.port.impl0.PortsManagerImpl.registerTCPListener(PortsManagerImpl.java:270)

at com.sap.engine.core.port.impl0.PortsManagerImpl.registerTCPListener(PortsManagerImpl.java:255)

at com.sap.engine.core.service630.context.cluster.session.CommunicationSessionContextImpl.openServerSocket(CommunicationSessionContextImpl.java:82)

at com.sap.engine.services.httpserver.dispatcher.HttpDispatcherFrame.openSocket(HttpDispatcherFrame.java:752)

at com.sap.engine.services.httpserver.dispatcher.HttpDispatcherFrame.initChangedPorts(HttpDispatcherFrame.java:850)

at com.sap.engine.services.httpserver.dispatcher.HttpDispatcherFrame.setServiceProperties(HttpDispatcherFrame.java:632)

at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.setServiceProperties(ContainerEventListenerWrapper.java:287)

at com.sap.engine.core.service630.container.ServiceWrapper.notifyPropertiesChange(ServiceWrapper.java:269)

at com.sap.engine.services.basicadmin.mbean.StandardServiceManagement.notifyServiceOfPropertiesChange(StandardServiceManagement.java:417)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)

at java.lang.reflect.Method.invoke(Method.java:391)

at com.sap.pj.jmx.introspect.DefaultMBeanInvoker.invoke(DefaultMBeanInvoker.java:58)

at com.sap.pj.jmx.mbeaninfo.AdditionalInfoProviderMBean.invoke(AdditionalInfoProviderMBean.java:289)

at com.sap.pj.jmx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:944)

at com.sap.pj.jmx.server.interceptor.MBeanServerWrapperInterceptor.invoke(MBeanServerWrapperInterceptor.java:288)

at com.sap.engine.services.jmx.CompletionInterceptor.invoke(CompletionInterceptor.java:409)

at com.sap.pj.jmx.server.interceptor.BasicMBeanServerInterceptor.invoke(BasicMBeanServerInterceptor.java:277)

at com.sap.jmx.provider.ProviderInterceptor.invoke(ProviderInterceptor.java:258)

at com.sap.engine.services.jmx.RedirectInterceptor.invoke(RedirectInterceptor.java:340)

at com.sap.pj.jmx.server.interceptor.MBeanServerInterceptorChain.invoke(MBeanServerInterceptorChain.java:330)

at com.sap.engine.services.jmx.MBeanServerInvoker.invokeMbs(MBeanServerInvoker.java:131)

at com.sap.engine.services.jmx.JmxServiceConnectorServer.receiveWait(JmxServiceConnectorServer.java:172)

at com.sap.engine.core.service630.context.cluster.message.MessageListenerWrapper.process(MessageListenerWrapper.java:81)

at com.sap.engine.core.cluster.impl6.ms.MSListenerThread.run(MSListenerThread.java:47)

at com.sap.engine.frame.core.thread.Task.run(Task.java:64)

at com.sap.engine.core.thread.impl6.SingleThread.execute(SingleThread.java:78)

at com.sap.engine.core.thread.impl6.SingleThread.run(SingleThread.java:148)

Caused by: java.net.BindException: The socket name is already in use.

at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:381)

at java.net.ServerSocket.bind(ServerSocket.java:341)

at java.net.ServerSocket.<init>(ServerSocket.java:208)

at java.net.ServerSocket.<init>(ServerSocket.java:164)

at com.sap.engine.core.port.impl0.BaseTransportFactory.getServerSocket(BaseTransportFactory.java:43)

at com.sap.engine.services.ssl.factory.SSLTransportFactory.getServerSocket(SSLTransportFactory.java:87)

... 31 more

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Experts,

I am facing the same issue. Just as I have done with other systems I have uploaded a correct PK12 key and a certificate (named ssl-credentials and ssl-credentials-cert). But even after a restart there is no socket showing (under SSL Provider in the Visual Admin) in either, active or new sockets.

Anyone know if these need to be initialized or created? I have setup 8+ systems in the landscapes with SSL and have not run into this issue yet. You never stop learning ...

I would greatly appreciate any input given.

Thanks in advance,

Jan

Former Member
0 Kudos

Hi Niraj

Follow the below steps

Only if you have problems during the execution of the following configuration task then ensure that the SAP Cryptographic Library is installed correctly. How you can check and install the SAP Cryptographic Library is described in

The configuration task Configuring Secure Sockets Layer (SSL) - Therefore you do not have to execute this configuration task explicitly. During the configuration a certificate signing request will be generated and saved on the host under \usr\sap\<SID>\SYS\global\<SID>_SSL_Certificate_Request.pem

When the official process for server certificates is clarified you would send the file \usr\sap\<SID>\SYS\global\<SID>_SSL_Certificate_Request.pem to the Certificate Authority (CA) for signing. Afterwards you will get the signed request and have to save it under the file \usr\sap\<SID>\SYS\global\<SID>_SSL_Certificate_Response.pem.

For now you can use Test-CA:

a) Open the file \usr\sap\<SID>\SYS\global\<SID>_SSL_Certificate_Request.pem, copy the content.

b) Go to https://security.wdf.sap.corp/public/projects/iaik (Please use EMEA WTS for calling the URL if the page cannot be displayed at your local internet browser).

Scroll down and click on Test-CA.

c) A new window is opened. Click on u201CTest it Now!u201D, enter the text you have copied before and select SAP Web Application Server 6.20 and newer as server type.

d) Click on Continue.

e) You got a signed request shown. Copy and save it under the file \usr\sap\<SID>\SYS\global\<SID>_SSL_Certificate_Response.pem

Regards,

Jayakumar