HTTPS connection from portal to external webserver

Hi,
I am looking for a way to open a HTTPS connection from portal server to an external webserver. According to <a href="http://help.sap.com/saphelp_nw04/helpdata/en/e2/71c83edf72e16be10000000a114084/content.htm">SAP</a> the code should look like
KeyStore keystoreCAs = ...
SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
Does not look difficult, but how do I create the keystore object? The keystore object should somehow be connected to the portal server's keystore which manages the certificates of trusted Certificate Authorities.
Any ideas?
Regards,
Martin

Hi,
meanwhile I solved the problem by my own. The solution slightly simplified is given below.
javax.naming.InitialContext ctx = new javax.naming.InitialContext();
java.lang.Object o = ctx.lookup("keystore");
com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub manager = (com.sap.engine.services.keystore.interfaces.KeystoreManagerWrapper_Stub) o;
java.security.KeyStore keystoreCAs = manager.getKeystore("TrustedCAs");
com.sap.security.core.server.https.SecureConnectionFactory factory = new SecureConnectionFactory(keystoreCAs, null);
java.net.HttpURLConnection con = factory.createURLConnection("https://www.mycompany.com");
For connecting via a proxy the host name and port number of the proxy have to be set as System properties using "https.proxyHost" and "https.proxyPort".
java.util.Properties systemSettings = System.getProperties();
          systemSettings.put("proxySet", "true");
          systemSettings.put("https.proxyHost","192.168.0.1") ;
          systemSettings.put("https.proxyPort", "80") ;
Additionally you have to make sure that the server's certificate is issued by a trusted Certification Authority (Must have an entry in your Keystore "TrustedCAs"). To verify this use the Visual Administrator and view service "Key Storage".
Regards,
Martin

Similar Messages

HTTPS connection from servlet to another webserver

Hi,
We want to make a https connection from a servlet in weblogic server to another
web server (not necessarily weblogic). We also need dual authentication. But whenever
we use URL.openConnection(), it always returns us weblogic's internal https and
SSL implementation. Since weblogic has no documentation about how to use these
internal classes, such as how to set trusted server certificate, and how to set
client certificate (servlet is a client of another web server). We want to use
jsse, after setting JSSE required system properties, I still get a weblogic's
httpsURLConnection. Can any of you tell me how to resolve this issue?
Thanks.
Xinshi

Yeah, I'm using JSSE now. Here is what I did:
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provide());
Provider prov = new SimpleSecureProvider();
prov.setProperty("SecureRandom.efficient", "test.EfficientSecureRandom");
Security.insertProviderAt(prov, 1);
You don't really need the provider stuff to get the example working. I use it
to get around a quick in JSSE where the random number generator takes 15-30 seconds
to generate a random sequence at start up.
SimpleSecureProvider looks like this:
public class SimpleSecureProvider extends Provider
public SimpleSecureProvider()
super("SimpleSecureProvider-", 1.0, "Hack to enable more efficient random
seed generator");
test.EfficientSecureRandom is bascially an exact copy of Sun's SecureRandom.java
with the only difference that I used my own random number generator.
Anyway, rest of the code you need looks like this:
URL url= new URL("htps://someplace.com");
URLConnection sconnection = url.openConnection();
Do whatever.
I also stored jcert.jar, jnet.jar, jsse.jar in /usr/java/jdk1.3/lib/ext
I think that is everything.
I just noticed that service pack 9 has a security example that does not require
all these jsse hacks. I'm trying to get it to work, but not having much luck.
Anybody got this working right?
"Jayesh Patel" <[email protected]> wrote:
See if this works,
1. Add the 'j2ee.jar' to CALSSPATH in weblogic startup script.
2. Set the property SSLHandlerEnabled flase in config.xml
3. Add the following property permission to the
weblogic.policy' file under a 'grant' directive
for all codebases (bottom): 'permission java.security.AllPermission'
4. Use the following bit of source code to create an https connection:
import com.sun.net.ssl.*; ....
com.sun.net.ssl.HttpsURLConnection connection;
System.setProperty ("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
java.security.Security.addProvider(new
com.sun.net.ssl.internal.ssl.Provider() );
URL url = new URL( "https", hostname, query );
-Jayesh
connection = (com.sun.net.ssl.HttpsURLConnection )url.openConnection(
"Xinshi Sha" <[email protected]> wrote in message
news:[email protected]...
Hi,
We want to make a https connection from a servlet in weblogic serverto
another
web server (not necessarily weblogic). We also need dual authentication.But whenever
we use URL.openConnection(), it always returns us weblogic's internalhttps and
SSL implementation. Since weblogic has no documentation about how
to
use
these
internal classes, such as how to set trusted server certificate, andhow
to set
client certificate (servlet is a client of another web server). Wewant to
use
jsse, after setting JSSE required system properties, I still get aweblogic's
httpsURLConnection. Can any of you tell me how to resolve this issue?
Thanks.
Xinshi

HTTPS connection from database

Hi all,
I have to implement https connection from a database with a Web server which requests a client certificate. I have the certificate in the wallet, but UTL_HTTP does not send it to the Web server.
So, is there any way to connect to a Web server which requires a client certificate?

Could you explain how transport protocol influences certificate exchange during SSL session?

How do i make http connection from an applet to a servlet

i am not able to make a http connection from the applet to servlet
my code for servlet is as follows
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class newDatabaseServlet extends HttpServlet {
// Connection con;
// Statement stmt;
 public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
 resp.setContentType("text/content");
 System.out.println("megha");
 String mthd[] = req.getParameterValues("event");
 System.out.println(mthd.length);
 System.out.println(mthd);
 System.out.println(req.getQueryString());
 // System.out.println("megha");
PrintWriter fw = new PrintWriter(new FileOutputStream(new File("e:/JRun/servers/default/default-app/mycontent.txt")));
String s = "this text comes from servlet";
fw.print(s);
fw.flush();
 if(mthd[0].equalsIgnoreCase("callEditor")) {
 openEditor(req,resp);
public void openEditor(HttpServletRequest req, HttpServletResponse resp) {
 /* try {
 Class.forName("oracle.jdbc.driver.OracleDriver");
 con = DriverManager.getConnection("jdbc:oracle:thin:@pc6:1521:oradba","test","test");
 catch(Exception e) {
 e.printStackTrace();
 try {
 resp.sendRedirect("/RunApp1.html");
 catch(IOException e) {
 e.printStackTrace();
/*try {
 Class.forName("oracle.jdbc.driver.OracleDriver");
con = DriverManager.getConnection("jdbc:oracle:thin:@pc6:1521:oradba","test","test");
 catch(Exception e) {
 e.printStackTrace();
 resp.setContentType("text/html");
 PrintWriter output = resp.getWriter();
 try {
stmt = con.createStatement();
String strContent = "select * from edTable where newsid = 2";
ResultSet rs = stmt.executeQuery(strContent);
if(rs.next()) {
 String newsText = rs.getString(2);
/* StringBuffer buf = new StringBuffer();
 buf.append("servlet");
 try {
 resp.sendRedirect("RunApp");
 catch(IOException e) {
 e.printStackTrace();
// output.println(buf.toString());
// output.close();
my code for applet is
import javax.swing.*;
import java.awt.event.*;
import java.net.*;
import java.io.*;
import java.awt.*;
import javax.swing.text.*;
import javax.swing.text.html.*;
public class EdApplet extends JApplet {
public void init() {
 Container c;
 c = getContentPane();
JPanel but = new JPanel();
c.add(but,BorderLayout.NORTH);
final JEditorPane je = new JEditorPane();
JScrollPane jsp = new JScrollPane(je);
HTMLEditorKit ht = new HTMLEditorKit();
je.setEditorKit(ht);
je.setEditable(true);
HTMLDocument mdoc = (HTMLDocument)ht.createDefaultDocument();
StyleSheet mcontext =mdoc.getStyleSheet();
je.setDocument(mdoc);
c.add(jsp,BorderLayout.CENTER);
JPanel bot = new JPanel();
c.add(bot,BorderLayout.SOUTH);
JButton save = new JButton("save");
but.add(save);
String str = getInitialText();
 je.setText(str);
 String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
try{
 URL servletURL = new URL(servletUrl);
 URLConnection servletConnection = servletURL.openConnection();
 servletConnection.setRequestProperty("event","saveText");
 servletConnection.setDoOutput(true);
 servletConnection.setUseCaches(false);
 catch(Exception e) {
// je.setText(e.printStackTrace());
 ActionListener lst = new ActionListener() {
 public void actionPerformed(ActionEvent ae) {
 String save = je.getText();
 saveText(save,je);
 save.addActionListener(lst);
//je.setText("this");
//URLConnection servletConnection = null;
/* try {
 String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
 URL myUrl = new URL(servletUrl);
 servletConnection = myUrl.openConnection();
 servletConnection.setDoOutput(true);
 servletConnection.setUseCaches(false);
 /* BufferedReader br = new BufferedReader(new InputStreamReader(servletConnection.getInputStream()));
String t = br.readLine();
je.setText(t);
 catch(Exception e) {
 e.printStackTrace();
/* ActionListener lst = new ActionListener() {
 public void actionPerformed(ActionEvent ae) {
 BufferedReader br = new BufferedReader(new InputStreamReader(servletConnection.getInputStream()));
 String t = br.readLine();
je.setText(t);
click.addActionListener(lst);
/*void String changeText(UrlConnection con) {
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream));
String t = br.readLine();
return t;
public String getInitialText()
 //String me = null;
 URLConnection textConnection = null;
 StringBuffer sb = new StringBuffer();
 try {
 String textUrl="http://pc7:8100/mycontent.txt";
 URL myUrl = new URL(textUrl);
 textConnection = myUrl.openConnection();
 textConnection.setDoInput(true);
 textConnection.setUseCaches(false);
 BufferedReader br = new BufferedReader(new InputStreamReader(textConnection.getInputStream()));
 // me = (String)servletConnection.getContent();
 String s = null;
 while((s = br.readLine())!=null) {
 sb.append(s);
 catch(Exception e) {
 e.printStackTrace();
 return sb.toString();
 public void saveText(String saveStr,JEditorPane je) {
 //String saveStr = je.getText();
 //String servletUrl="http://pc7:8100/servlet/newDatabaseServlet?event='saveText'&newsid='2'";
 //String servletGet="http://pc7:8100/servlet/newDatabaseServlet";
 String servletUrl="http://pc7:8100/servlet/newDatabaseServlet";
 //String servletUrl = servletGet + "?"
 // + URLEncoder.encode("event") + "="
 // + URLEncoder.encode("saveText");
// je.setText(servletUrl);
 try {
 URL servletURL = new URL(servletUrl);
 URLConnection servletConnection = servletURL.openConnection();
 // servletConnection.setRequestProperty("event","saveText");
 servletConnection.setRequestProperty(
 "User-Agent","Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
 //System.out.println("from applet");
 servletConnection.setDoOutput(true);
 servletConnection.setUseCaches(false);
 //Propertiew prop = new Properties();
 // prop.put("event","saveText");
 PrintStream out = new PrintStream(servletConnection.getOutputStream());
out.println("event");
out.close();
 catch(IOException e) {
 je.setText(e.toString());
kindly tell me what is the error
what is the best method of doing this
thanking u in anticipation
megha sood

omg O_o
We cannot debug your code, but:
Did you try the servlet directly from your browser? Does it work?
Best regards from Germany,
r.v.

Load balance connections from Portals 6 SP12 to R3

Hi All,
Can you give me a clue/help on how i can load balance connections from Portals 6 SP12 to R3 47x200.
I have 5 servers, but the CI is getting hammered by portal as its not load balancing the workload across the other 4 app servers.
Regards
Karthikeyan

Hi,
You have an option while creating the backend system in the portal, You can create the system as System for load balancing. I am not sure that this can be changed once you create the system. You can delete the system and create the new system with the load balancing option.
Regards,
Vamshi.

Error when connect from portal system (abap ) to external ssl client - sm59

Hi I am tryign to setup a ssl connection from the abap sm59 portal system to an exteral server.. I have setup the certs that the client has given me in strust.but i m gettign the ffg error.
sysno 60
sid PID
systemid 370 (Solaris on SPARCV9 CPU)
relno 7110
patchlevel 0
patchno 150
intno 20020600
make multithreaded, Unicode, 64 bit, optimized
profile /usr/sap/PID/SYS/profile/PID_DVEBMGS60_pidevdb
pid 3911
[Thr 01] Thu Jun 14 08:38:48 2012
[Thr 01] TRACE FILE TRUNCATED
[Thr 07] Thu Jun 14 08:39:07 2012
[Thr 07] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 07] session uses PSE file "/usr/sap/PID/DVEBMGS60/sec/SAPSSLA.pse"
[Thr 07] SecudeSSL_SessionStart: SSL_connect() failed
[Thr 07] secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"
[Thr 07] >> Begin of Secude-SSL Errorstack >>
[Thr 07] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received
[Thr 07] << End of Secude-SSL Errorstack
[Thr 07] SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 07] SSL NI-sock: local=57.24.111.151:34110 peer=57.24.110.116:5081
[Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10720d530)==SSSLERR_SSL_CONNECT
[Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00020a7c} [icxxconn_mt.c 1957]
When i change the sm59 connection not to use ssl. it give me a pop up screen . and asks me to enter user and password...
He then give me a private key file .. i.e a .pfx file but not sure how to load this in strust. I tried to convert in useign sapgenpse. but it fails with teh ffg error
12% sapgenpse import_p12 -p /usr/sap/PID/amos/amos_client.pse /usr/sap/PID/amos/amos_client_pk.pfx
import_p12: MISSING password for PKCS#12 file "/usr/sap/PID/amos/amos_client_pk.pfx"
Please enter PKCS#12 encryption password: *******
PKCS#12/PFX file contains 1 keypair:
1. FriendlyName = "amos.server.interface.webuser.web_int.cert"
 X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
 Subject="CN=AMOS WebService Interface Client, OU=IT&S MRO, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
 Issuer ="[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
ERROR: Incomplete certification path -- NEED certificate of "[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"!
I have attached a doc of what it looks like.. appreciate any help

Hi,
There is an error in the publishing of template
Template :"bbpsc02" is not publised in ITS.
Go to T.code: SE80
Publish all the templates again and check
Check with your SAP BASIS team for the help
Regards
Ganesh

How to establish an Https connection from a html client

Hi! I�m totally new to Java so my question is rather"stupid". I have an html page that sends a post to a servlet
<form name="form" action="servlet/ServletLogOn" method="post">
I want to establish an https connection between the client and the servlet. How is it?
Thanks in advance.

Ignore the previous poster's reply - he was obviously mislead by my original post re: JSSE.
How you install an SSL certificate on your webserver is completely dependent on the webserver you are using. Ususally there is some functionality for doing this from the administrative interface - usually involves pasting some text from the CA's (certificate authority, e.g. Verisign) site into a text box and designating a port number for SSL traffic (use 443, it's internet standard). I've actually only done this for Netscape Enterprise Server - you may want to find a forum for users of your webserver to ask for specifics.

Can we connect from Portal to MaxDB with the trial version of SAPNetWeaver?

Ive installed SAP NetWeaver Developer Workplace SR2 (trial version) with the following components:
 SAP Web Application Server Java 7.00 (J2EE Engine)
 MaxDB 7.6.00.34 database + Database Manager and SQL Studio
 SAP Enterprise Portal
 SAP Content Management and Collaboration
 Adobe Document Services
 BI SDK
 Visual Composer
 Composite Application Framework (CAF)
Now, I created new TEST database in MaxDB (user: DBADMIN, pass: abcd).
I want to connect from the Portal to the TEST Database, so I follow the steps described in the documents (How To Configured BI JDBC Connector, .)
- I log on Visual Administrator, create BI JDBC Connector, create new DataSource.
Now, I can get the Data from TEST Database.
- I log on Portal and create new BI JDBC System,
+ Driver: com.sap.dbtech.jdbc.DriverSapDB,
+ Connection URL: jdbc:sapdb://sapep/test
- Then, I create system alias, map user with the user in Test Database (User: DBADMIN. Pass: ABCD)
But when testing the connection, Ive an error:
Connection failed. Make sure user mapping is set correctly and all connection properties are correct.
When I test the connection by the link:
http://sapep:50000/TestJDBC_Web/TestJDBCPage.jsp
Ive an error:
com.sap.ip.bi.sdk.exception.BIConnectionFailedException: Cannot open the connection
Exception id: [0008C72B8B0C00C60000006F0000114000042C18596CD779]
Could you please show me how to resolved this problem ?
I dont know if it is caused by the trial version ?
Thank you very much.

Hi Tweety,
I assume that you have create the driver with the required .jar files.
supose its name is MAX_DB
After that go to "Connector Container" in visual admin. To create a new connector,
select the connector SDK_JDBC and click the clone button to create a new BI JDBC connector and enter a name for the connector eg., SDK_MAXDB
Selct the recently created connector and choose the resource Adapter tab. click the add button to assiciate addtional resources the Connector
To add resource, enter the name as "library:MAX_DB".save the changes and restart the server.
Now in the portal there is a property "ConnectionFactory" set this to "SDK_MAXDB".
Now u have said that u have set the values for Driver and Url as
+ Driver: com.sap.dbtech.jdbc.DriverSapDB,
+ Connection URL: jdbc:sapdb://sapep/test
the value for driver is correct but the value for connection URL is wrong.
Connection URL: jdbc:sapdb://<Machine_name>:<Port>/<Databse_name>
Now i dont what is the port no for MaxDB. as for SQL its 1433, for oracle it is 1521, for netezza it is 5480. U can get it from ur system adm or from net.
As u have not mentioned the port thats u r facing the problem.
Regards
Paresh

Disturbing http connection from ISE to an unknown Internet address

I have an ISE version 1.1.2.145 Patch-5 running in standalone mode. No one has access to the ISE appliance except myself. The ISE has an IP address of 1982.168.1.1
today, I noticed that the ISE is attempting to make an outbound http to an unknown Internet IP address of files.liferay.com. Fortunately, my checkpoint firewall does not allow this connection:
Number:                          99427
Date:                           17Nov2013
Time:                              23:03:11
Interface:                        eth2
Origin:                         Corp_Firewall
Type:                              Log
Action:                         Drop
Service:                          http (80)
Source Port:                    58025
Source:                           Corp_Firewall-192.168.1.1 (192.168.1.1)
Destination:                    files.liferay.com (38.75.15.3)
Protocol:                         tcp
Rule:                           100
Rule UID:                        {1234abcd-1111-xxxx-vvvv-aaaaaaaaaa}
Rule Name:                    Corp_Firewall Log Drop rule
Current Rule Number:        100-Corp_Firewall
Product:                          Security Gateway/Management
Product Family:              Network
Policy Info:                     Policy Name: Corp_Firewall
                                Created at: Sat Nov 16 01:30:50 2013
                                Installed from: corp-mgmt-192.168.1.2
The question is why the ISE is doing this? What is the purpose for this http connection, some kind of "back door" by Cisco?

Liferay is an open source web portal for hosting cloud applications. This is definitely NOT a Cisco back-door to the ISE.
About Us
Enterprise. Open Source. For Life.
Enterprise.
Liferay, Inc. was founded in 2004 in response to growing demand for Liferay Portal, the market's leading independent portal product that was garnering industry acclaim and adoption across the world. Today, Liferay, Inc. houses a professional services group that provides training, consulting and enterprise support services to our clientele in the Americas, EMEA, and Asia Pacific. It also houses a core development team that steers product development.
Open Source.
Liferay Portal was, in fact, created in 2000 and boasts a rich open source heritage that offers organizations a level of innovation and flexibility unrivaled in the industry. Thanks to a decade of ongoing collaboration with its active and mature open source community, Liferay's product development is the result of direct input from users with representation from all industries and organizational roles. It is for this reason, that organizations turn to Liferay technology for exceptional user experience, UI, and both technological and business flexibility.
For Life.
Liferay, Inc. was founded for a purpose greater than revenue and profit growth. Each quarter we donate to a number of worthy causes decided upon by our own employees. In the past we have made financial contributions toward AIDS relief and the Sudan refugee crisis through well-respected organizations such as Samaritan's Purse and World Vision. This desire to impact the world community is the heart of our company, and ultimately the reason why we exist.
You may want to investigate the applications being used on site.
Hopefully this helps.
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton

HTTPs connection from SAP WebAS

Hello,
I have to establish a connection from SAP WebAS to an iSaSiLk server via HTTPS.
The iSaSiLk authentication is based on client certificates.
I've created a SSL client PSE, generated the Certificate Request, imported the certificate response and the chain of certificates associated with no errors. When testing the connection we're getting the following error message:
SAP icm log:
[Thr 1087400256] ->> SapSSLSessionInit(&sssl_hdl=0x2aaaba679980, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))
[Thr 1087400256] <<- SapSSLSessionInit()==SAP_O_K
[Thr 1087400256] in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
[Thr 1087400256] out: sssl_hdl = 0x1a3310c0
[Thr 1087400256] ->> SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)
[Thr 1087400256] NiIBlockMode: set blockmode for hdl 22 TRUE
[Thr 1087400256] <<- SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)==SAP_O_K
[Thr 1087400256] ->> SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0, &cred_name=0x1a49e4e0)
[Thr 1087400256] SapISSLComposeFilename(): Filename = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] <<- SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: cred_name = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] ->> SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0, &hostname=0x1a4a09e0)
[Thr 1087400256] <<- SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256] in: hostname = "<remoteServer_to_be_accessed>"
[Thr 1087400256] ->> SapSSLSessionStart(sssl_hdl=0x1a3310c0)
[Thr 1087400256] SapISSLUseSessionCache(): Creating NEW session (0 cached)
[Thr 1087400256] Tue Jan 13 10:10:22 2009
*[Thr 1087400256] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL*
[Thr 1087400256] session uses PSE file "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 536871693 (0x2000030d) = "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite"
[Thr 1087400256] >> Begin of Secude-SSL Errorstack >>
[Thr 1087400256] ERROR in ssl3_get_certificate_request: (536871693/0x2000030d) none of the PSEs registered with hSsl can suffice
[Thr 1087400256] << End of Secude-SSL Errorstack
[Thr 1087400256] SSL_get_state() returned 0x00002150 "SSLv3 read server certificate request A"
[Thr 1087400256] No certificate request received from Server
[Thr 1087400256] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1a3310c0)==SSSLERR_SSL_CONNECT
[Thr 1087400256] ->> SapSSLErrorName(rc=-57)
[Thr 1087400256] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 1087400256] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt
On the iSaSiLk server we're getting:
ssl_debug(2): Starting handshake (iSaSiLk 3.06)...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(2): Creating new session 11:5F:04:C9:0D:32:15:B9...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Sending certificate handshake message with server certificate...
ssl_debug(2): Sending certificate_request handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): IOException while handshaking: Connection closed by remote host.
ssl_debug(2): Sending alert: Alert Fatal: handshake failure
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Closing transport...
From the iSaSiLk everything seems to be OK, but on the SAP WebAS the error "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite" is really unclear, since the cipher chosen by the iSaSiLk is one of the ciphers sent by SAP WebAS...
Can anyone give me any suggestion?

Hello Olivier,
Thanks for your answer.
I've implemented note 800240 which facilitates the PSE analysis by implementing the report ZSSF_TEST_PSE. With this report I'm able to check all the PSE content, which are:
Filename SAPSSLSPHTID.pse
PIN <no>
Signature X
Encryption X
Profile Parameter
DIR_INSTANCE /usr/sap/XID/DVEBMGS00 /usr/sap/XID/D00
sec/dsakeylengthdefault 1024
sec/libsapsecu /usr/sap/XID/SYS/exe/run/libsapcrypto.so
sec/rsakeylengthdefault 1024
ssf/name SAPSECULIB
ssf/ssf_md_alg SHA1
ssf/ssf_symencr_alg DES-CBC
ssf/ssfapi_lib /usr/sap/XID/SYS/exe/run/libsapcrypto.so
ssf2/name
ssf2/ssf_md_alg SHA1
ssf2/ssf_symencr_alg DES-CBC
ssf2/ssfapi_lib
ssf3/name
ssf3/ssf_md_alg SHA1
ssf3/ssf_symencr_alg DES-CBC
ssf3/ssfapi_lib
Environment variables
USER xidadm
SECUDIR /usr/sap/XID/DVEBMGS00/sec
PSE
Validity 18.12.2008 19:47:04 18.12.2009 19:47:04
Algorithm RSA (OID 1.2.840.113549.1.1.1)
Test signature
Signature OK
Verification OK
Test encryption
Encryption OK
Decryption OK
As you can see, the cipher algorithm used is RSA. Any suggestion... ?
An iSaSiLk server "is a Java programming language implementation of the SSLv2 (client-side), SSLv3, TLS 1.0 and TLS 1.1 protocols. It supports all defined cipher suites (except for Fortezza), including all AES and PSK cipher suites. iSaSiLk implements all standard TLS extensions, comes with an easy to use API and operates on top of the IAIK-JCE Javau2122 Cryptography Extension. iSaSiLk is highly configurable and will work with any alternative JCE implementation supported by a proper provider for supplying the required cryptographic algorithms".
Once again thanks for your answer.

Making https: connection from java code loaded into Oracle 8i database

A bit of a blast from the past, really, as 8i provides a JVM at 1.2.2.
I need to provide an PL/SQL function which accesses a RESTful web service requiring https connection. Got the call working under 1.2 locally without much trouble using:
static {
        System.setProperty("java.protocol.handler.pkgs",
                "com.sun.net.ssl.internal.www.protocol");
        Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    }The trick is to get the Oracle database to run the code internally. What libraries do I need where? I get an extremely unhelpful NoClassDefFoundError, without mention of the offending class.
By doing loadjava with jcert.jar,. jnet.jar and jsse.jar (the libraries I'm using with the test program) I can get loadjava to accept and allegedly resolve the class.

endasil wrote:
malcolmmc wrote:
Well, sadly look at the colour scheme.Yeah, sarcastic was I. The NoClassDef error seriously doesn't give a class name? I find it astonishing that any implementation would be that stupid.Seriously. The strange thing is that before I got to the NoClassDefFound I had a Initialization error (until I added a security rule for setting the Provider) and for that I got a full stack trace (in an obscure trace file, granted).

HTTPS connection from emulator

Hello friends,
I want to send https request from emulator from my application..
when I am trying to send HTTPS request from emulator(wtk22's default emulator) it gives error
javax.microedition.io.ConnectionNotFoundException: TCP open
     at com.sun.midp.io.j2me.socket.Protocol.connect(+99)
     at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+52)
     at com.sun.midp.io.j2me.socket.Protocol.openPrim(+108)
     at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+14)
     at com.sun.midp.io.ConnectionBaseAdapter.openPrim(+8)
     at com.sun.midp.io.j2me.https.Protocol.connect(+167)
     at com.sun.kvem.io.j2me.https.Protocol.connect(+4)
     at com.sun.midp.io.j2me.http.Protocol.streamConnect(+57)
     at com.sun.kvem.io.j2me.https.Protocol.streamConnect(+4)
     at com.sun.midp.io.j2me.http.Protocol.startRequest(+12)
     at com.sun.midp.io.j2me.http.Protocol.sendRequest(+38)
     at com.sun.midp.io.j2me.http.Protocol.sendRequest(+6)
     at com.sun.midp.io.j2me.http.Protocol.getResponseCode(+8)
     at bd.a(+97)
     at cj.run(+155)
XML Response: null
* Application is working fine on device/Mobile.......i.e.from mobile i can send https request successfully ...*
so wts the problem with emulator...can anybody help me?
Thanks in advance
Regards,
Parag

Could you explain how transport protocol influences certificate exchange during SSL session?

Https connection from Provider

I am creating an https URLConnection from a Provider. I generally use
com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
know which class I should use in the portal environment. I am searching
through the lib jars and don't see anything yet?

I just answered my own question by trial and error. You do not have to set
any Security or System properties, it's already taken care of (I don't know
where?). Https URLs magically work.
"James McCartney" <[email protected]> wrote in message
news:a125vf$[email protected]..
I am creating an https URLConnection from a Provider. I generally use
com.sun.net.ssl.internal.ssl.Provider from the jsse package. Does anyone
know which class I should use in the portal environment. I am searching
through the lib jars and don't see anything yet?

User type for creating the Http connection from sap to xi

Hi Friends,
I need to create the Http and Rfc destination connection from R3 to XI.
For that what type of user is needed, like Dialog user and etc.,
Please guide me.
Thanks in advance
Karthikeyan

Hi,
If my Understanding is Correct You want to Make the RFC Destination of Type H From R/3 to XI.
If you want to send Any XML Data to XI( In case of Proxies Used means)
For Testing purpose You can use Your User And Once it went to production means You can Use Service User in the Logon Details( Ask Basis people to create one Service User & Use it)
REgards
Seshagiri

Error trying to create https connection from Web Dynpro

Hi experts!!
I am trying to create a WD view with an actionButton and a form template, when the user fills the data in the form and presses the button, i want to create an Https connect and post some parameters to the URL.
HttpsURLConnection cannot be resolved,
com.sun.net.ssl.internal.ssl.Provider() does't not exist in the package com.sun.net.ssl.internal.ssl.Provider()
do i need to add any jars?? I've already added the jsse.jar
The code i use is the following.
private void sendHttp(){
 String response = "";
 HttpsURLConnection connection = null;
 try {
 System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
 java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
 URL url = new URL(<your_url>);
 connection = (HttpsURLConnection) url.openConnection();
 connection.setDoInput(true);
 connection.setDoOutput(true);
 connection.setAllowUserInteraction(true);
 connection.setUseCaches(false);
 } catch(Exception e) {
 response = response + "Error in getting connection: " ;
 response = response + e ;
 if (connection != null){
 try {
 connection.setRequestMethod("POST");
 connection.setFollowRedirects(true);
 //build all the parameters into 1 string
 String query = "parameter1name=" + URLEncoder.encode(parameter1value);
 query += "&";
 query += "parameter2name=" + URLEncoder.encode(parameter2value);
 connection.setRequestProperty("Content-length",String.valueOf (query.length()));
 connection.setRequestProperty("Content-Type","application/x-www- form-urlencoded");
 connection.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)");
 // open up the output stream of the connection
 DataOutputStream output = new DataOutputStream( connection.getOutputStream() );
 // write out the data
 int queryLength = query.length();
 output.writeBytes( query );
 output.close();
 //if responsecode <> 200 you should stop: should always be 200
 String responsecode = connection.getResponseCode();
 if (responsecode.equalsIgnoreCase("200")){
 String inputLine;
 StringBuffer input = new StringBuffer();
 BufferedReader in = new BufferedReader( new InputStreamReader(connection.getInputStream()));
 //Get site response
 while ((inputLine = in.readLine()) != null) {
 input.append(inputLine);
 in.close();
 response = response + input.toString();
 } catch(Exception e) {
 response = response + "Error in using connection: " ;
 response = response + e ;
 wdContext.currentContextElement().setResponse(response);

Hai ,
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/526bd490-0201-0010-038e-d3ff7eb1d16e
please check above link .
application server u have take load balancing click on next there u take click on radio button of Msg server .
Regards ,
venkat

HTTPS connection from portal to external webserver

Similar Messages

Maybe you are looking for