on 03-31-2009 6:36 PM
We are having issues with our SSL connection to the SAP Web AS. Below is the error in the log files:
[Thr 472] =================================================
[Thr 472] = SSL Initialization on PC with Windows NT
[Thr 472] = (700_REL,Jul 14 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
[Thr 472] profile param "ssl/ssl_lib" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
[Thr 472] profile param "ssl/server_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472] profile param "ssl/client_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
[Thr 472] = found SAPCRYPTOLIB 5.5.5C pl24 (Jun 11 2008) MT-safe
[Thr 472] = current UserID: NT AUTHORITY\SYSTEM
[Thr 472] = found SECUDIR environment variable
[Thr 472] = using SECUDIR=c:\program files\sap\sapwebdisp\
[Thr 472] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse" not found! [ssslsecu.c 1354]
[Thr 472] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 472] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 472] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472] << -
End of Secude-SSL Errorstack -
[Thr 472] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<OurPSE>.pse" [ssslxxi.c 2278]
[Thr 472] Tue Mar 31 13:30:06 2009
[Thr 472] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 472] =================================================
[Thr 472] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 472] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 0
[Thr 2952] *** ERROR => IcmConnClientRqCreate: No service for protocol HTTPS started [icxxconn.c 2701]
[Thr 2952] *** ERROR => IcmConnClientRqCreate() failed (rc=-1) [icrxx.c 5234]
[Thr 2952] *** ERROR => Could not connect to SAP Message Server at onebase. URL=/msgserver/text/logon?version=1.2 [icrxx.c 2591]
[Thr 2952] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c 2592]
[Thr 2952] *** ERROR => see also OSS note 552286 [icrxx.c 2593]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 1
[Thr 3744] IcmCreateWorkerThreads: created worker thread 2
[Thr 3744] IcmCreateWorkerThreads: created worker thread 3
[Thr 3744] IcmCreateWorkerThreads: created worker thread 4
[Thr 3292] IcmWatchDogThread: watchdog started
I've already used sapgenpse seclogin -p <PSE File> -x <PIN> to create a pin. I've also gone and deleted the old pin that used to be there and created a new one.
Also I noticed it says "Beware: changing a PIN of a PSE will not auto-update the SSO-credential
Beware: adding a new credential will not auto-update an existing credential"
So once you change it how do you update it? Do you need to reboot the Web Dispatcher or do you just need to restarted the service?
make sure your PSE is present in the below folder files\SAP\SAPWebDisp\DEV\\sec\.pse
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello All ,
You can use the reset PIN option for the "Wrong or Missing PIN for PSE" issue , for this ;
sapgenpse seclogin -p SAPSSLWDISPC.pse -chpin -x %SecurePIN% -xn ""
sapgenpse seclogin -p SAPSSLWDISPS.pse -chpin -x %SecurePIN% -xn ""
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The problem had to do with setting up the PIN for the correct system user that was starting up the service.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi VatHB,
I have the same problem.
My user is SAPServiceWDE.
1. I have set the pse pin using WDEADM. How can I set the pse pin again for SAPServiceWDE ?
2. Will this command (after logging in to the OS with SAPServiceWDE) work:
sapgenpse get_pse -noreq -p <PSE path> -x <existing PSE PIN> [DN]
3. Will I have to regenerate the CSR and get a response again?
It would be a great help if you could respond.
Thanks in advance
Prasad
I know this thread is old, but for everyone looking for the solution to this, when you create the PSE with a PIN, you also need to add credentials to the PSE for the SAP service user SAPService<SID>, as follows:
sapgenpse seclogin -p <patch to PSE> -x <pin> -O <domain\SAPService<SID>>
then restart the WDP.
I am also facing same issue.
I have added credentials also and successfully done.
Here attaching trace file. Please suggest
_______________________________________________________________________
trc file: "dev_webdisp", trc level: 1, release: "720"
---------------------------------------------------
sysno 00
sid WD1
systemid 390 (AMD/Intel x86_64 with Linux)
relno 7200
patchlevel 0
patchno 68
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile /usr/sap/WD1/profile/WD1_W00_sapportal
pid 26732
[Thr 139840314074976] Thu Oct 31 13:54:15 2013
[Thr 139840314074976] *** WARNING => The maximum number of sockets supported on this host is 1020.
This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3417]
[Thr 139840314074976] started security log to file ./dev_icm_sec
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] SAP Web Dispatcher running on: sapportal.abrajoman.com
[Thr 139840314074976] MtxInit: 30001 0 2
[Thr 139840314074976] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&26732&) [icxxrout_mt. 1914]
[Thr 139840314074976] IcmInit: listening to admin port: 65000
[Thr 139840314074976] MPI: dynamic quotas disabled.
[Thr 139840314074976] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 139840314074976] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
[Thr 139840314074976] IcrCoreInitSessionTable: Session table initialized
[Thr 139840167098112] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f2f0c000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f2f0c0012e0), slot=1, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] CsiInit(): Initializing the Content Scan Interface
[Thr 139840167098112] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 139840167098112] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f2f0c001440), slot=2, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f2f0c008340), slot=3, flags=1060869) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 139840167098112] =================================================
[Thr 139840167098112] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840167098112] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840167098112] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840167098112] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840167098112] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840167098112] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840167098112] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840167098112] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840167098112] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840167098112] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840167098112] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840167098112] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840167098112] =================================================
[Thr 139840167098112]
[Thr 139840167098112] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840167098112] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840167098112] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 0
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 1
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 2
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 3
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 4
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 5
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 6
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 7
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 8
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 9
[Thr 139840167098112] IcmWatchDogThread: watchdog started
[Thr 139840148838144] Thu Oct 31 13:54:36 2013
[Thr 139840148838144] =================================================
[Thr 139840148838144] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840148838144] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840148838144] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840148838144] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840148838144] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840148838144] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840148838144] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840148838144] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840148838144] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840148838144] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840148838144] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840148838144] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840148838144] =================================================
[Thr 139840148838144]
[Thr 139840148838144] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840148838144] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840148838144] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840148838144] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
[Thr 139840151480064] Fri Nov 1 10:54:13 2013
[Thr 139840151480064] =================================================
[Thr 139840151480064] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840151480064] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840151480064] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840151480064] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840151480064] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840151480064] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840151480064] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840151480064] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840151480064] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840151480064] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840151480064] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840151480064] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840151480064] =================================================
[Thr 139840151480064]
[Thr 139840151480064] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840151480064] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840151480064] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840151480064] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
Trace File
(11768bytes)
____________________________________________________________________
Thanks,
Kundan
Gracias Carlos.
Adding the SAPService<SID> user to the credentials PSE fixed the issue. I had added the <SID>adm user to the server and client PSEs. Adding the SAPService<SID> user to the client PSE fixed my particular issue.
sapgenpse seclogin -p <patch to PSE> -x <pin> -O <domain\SAPService<SID>>
and then restarted WDP.
Hi,
Did you read your log files ? The error is obvious !
>ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program >Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
Use sapgenpse to set the PIN !
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Check
C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec
directory is accessible.
In addition refer SAP note 510007. Also go through the following SAP help link
http://help.sap.com/saphelp_nw70/helpdata/EN/52/31683ab81fd846e10000000a11402f/content.htm
Regards,
Sachin Rane.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.