SSSLERR_SSL_CONNECT

The scenario is EP6 SP2 with IIS proxy configured..
The Front-end IIS SSL Cert expired
I renewed the cert... now I am getting..following error:
IisProxy.dll: 500 Internal Server Error
ProxyWorker(): IOException: SapSSLStart() failed: -57 (SSSLERR_SSL_CONNECT)
at SapConnection.cpp:719
I would like to apply changes to the PSE...
Please help with the steps....

Dear Ram,
I'm sending this email to you because we have problem to access to Portal after we apply Cert to our servers,I search the SDN and I found out you had the same problem,SAP Web Dispatcher v/s Hardware based load balancer, I'm just wondering if you can let us know how you solved your issue.
Your help is highly appreciated!
my email address is [email protected]
Thank you,
Maryam

Similar Messages

FM execution error -SSSLERR_SSL_CONNECT

Not able to execute an RFC Fm , gives an error Connect Error : SapSSL error:SSSLERR_SSL_CONNECT during Runtime.

HI,
you have the connection test and authorization test for RFC in tcode SM59 and check error.
Regards
William Neira

HTTPs connection from SAP WebAS

Hello,
I have to establish a connection from SAP WebAS to an iSaSiLk server via HTTPS.
The iSaSiLk authentication is based on client certificates.
I've created a SSL client PSE, generated the Certificate Request, imported the certificate response and the chain of certificates associated with no errors. When testing the connection we're getting the following error message:
SAP icm log:
[Thr 1087400256] ->> SapSSLSessionInit(&sssl_hdl=0x2aaaba679980, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))
[Thr 1087400256] <<- SapSSLSessionInit()==SAP_O_K
[Thr 1087400256]      in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
[Thr 1087400256]     out: sssl_hdl = 0x1a3310c0
[Thr 1087400256] ->> SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)
[Thr 1087400256] NiIBlockMode: set blockmode for hdl 22 TRUE
[Thr 1087400256] <<- SapSSLSetNiHdl(sssl_hdl=0x1a3310c0, ni_hdl=22)==SAP_O_K
[Thr 1087400256] ->> SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0, &cred_name=0x1a49e4e0)
[Thr 1087400256]   SapISSLComposeFilename(): Filename = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] <<- SapSSLSetSessionCredential(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256]      in: cred_name = "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] ->> SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0, &hostname=0x1a4a09e0)
[Thr 1087400256] <<- SapSSLSetTargetHostname(sssl_hdl=0x1a3310c0)==SAP_O_K
[Thr 1087400256]      in: hostname = "<remoteServer_to_be_accessed>"
[Thr 1087400256] ->> SapSSLSessionStart(sssl_hdl=0x1a3310c0)
[Thr 1087400256]   SapISSLUseSessionCache(): Creating NEW session (0 cached)
[Thr 1087400256] Tue Jan 13 10:10:22 2009
*[Thr 1087400256] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL*
[Thr 1087400256]    session uses PSE file "/usr/sap/XID/DVEBMGS00/sec/SAPSSLSPHTID.pse"
[Thr 1087400256] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 536871693 (0x2000030d) = "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite"
[Thr 1087400256] >>            Begin of Secude-SSL Errorstack            >>
[Thr 1087400256] ERROR in ssl3_get_certificate_request: (536871693/0x2000030d) none of the PSEs registered with hSsl can suffice
[Thr 1087400256] <<            End of Secude-SSL Errorstack
[Thr 1087400256]   SSL_get_state() returned 0x00002150 "SSLv3 read server certificate request A"
[Thr 1087400256]   No certificate request received from Server
[Thr 1087400256] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1a3310c0)==SSSLERR_SSL_CONNECT
[Thr 1087400256] ->> SapSSLErrorName(rc=-57)
[Thr 1087400256] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 1087400256] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt
On the iSaSiLk server we're getting:
ssl_debug(2): Starting handshake (iSaSiLk 3.06)...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(2): Creating new session 11:5F:04:C9:0D:32:15:B9...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
ssl_debug(2): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_RSA_WITH_RC4_128_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Sending certificate handshake message with server certificate...
ssl_debug(2): Sending certificate_request handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): IOException while handshaking: Connection closed by remote host.
ssl_debug(2): Sending alert: Alert Fatal: handshake failure
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Closing transport...
From the iSaSiLk everything seems to be OK, but on the SAP WebAS the error "none of the PSEs registered with hSsl can suffice the negotiated SSL cipher suite" is really unclear, since the cipher chosen by the iSaSiLk is one of the ciphers sent by SAP WebAS...
Can anyone give me any suggestion?

Hello Olivier,
Thanks for your answer.
I've implemented note 800240 which facilitates the PSE analysis by implementing the report ZSSF_TEST_PSE. With this report I'm able to check all the PSE content, which are:
Filename            SAPSSLSPHTID.pse
PIN                 <no>
Signature           X
Encryption          X
Profile Parameter
DIR_INSTANCE                   /usr/sap/XID/DVEBMGS00                       /usr/sap/XID/D00
sec/dsakeylengthdefault                                                     1024
sec/libsapsecu                 /usr/sap/XID/SYS/exe/run/libsapcrypto.so
sec/rsakeylengthdefault                                                     1024
ssf/name                       SAPSECULIB
ssf/ssf_md_alg                                                              SHA1
ssf/ssf_symencr_alg                                                         DES-CBC
ssf/ssfapi_lib                 /usr/sap/XID/SYS/exe/run/libsapcrypto.so
ssf2/name
ssf2/ssf_md_alg                                                             SHA1
ssf2/ssf_symencr_alg                                                        DES-CBC
ssf2/ssfapi_lib
ssf3/name
ssf3/ssf_md_alg                                                             SHA1
ssf3/ssf_symencr_alg                                                        DES-CBC
ssf3/ssfapi_lib
Environment variables
USER                xidadm
SECUDIR             /usr/sap/XID/DVEBMGS00/sec
PSE
Validity            18.12.2008 19:47:04   18.12.2009 19:47:04
Algorithm           RSA (OID 1.2.840.113549.1.1.1)
Test signature
Signature OK
Verification OK
Test encryption
Encryption OK
Decryption OK
As you can see, the cipher algorithm used is RSA. Any suggestion... ?
An iSaSiLk server "is a Java programming language implementation of the SSLv2 (client-side), SSLv3, TLS 1.0 and TLS 1.1 protocols. It supports all defined cipher suites (except for Fortezza), including all AES and PSK cipher suites. iSaSiLk implements all standard TLS extensions, comes with an easy to use API and operates on top of the IAIK-JCE Javau2122 Cryptography Extension. iSaSiLk is highly configurable and will work with any alternative JCE implementation supported by a proper provider for supplying the required cryptographic algorithms".
Once again thanks for your answer.

CRM_UI Reporting - HTTPS Terminating at Web Dispatcher or SSL all the way

Hi,
We need to set up access to crm_ui reports (leads and marketing mainly) in CRM 7.0 for vendors coming from the internet. The CRM server is in the internal network. In order for this to work I plan to setup the web-dispatcher in the application dmz. The initial login is going to be via the web dmz layer (using sun's iplanet server), which then routes the crm URL to the web dispatcher in the App dmz and then from the web dispatcher to CRM server.
One requirement from our security team is to set up the flow as HTTPS.
On going through SAP help I get the impression that it can be set up two ways, one, configuring web dispatcher to pass the SSL connection to backend, & two - configuring the web dispatcher to terminate SSL.
Seems the former is quite straight forward (from SAP online help we have to set the icm/server_port_<xx>> = PROT=ROUTER) but does it also require that we setup the crm_ui_frame service as SSL and activate the HTTPS service in ICM?
Or is it better to go via the second option (HTTPS termination) without changing the backend setup? SAP Online help lists steps to do the HTTPS termination but I have not come across any detailed documentation for the first method.
Any thoughts, suggestions will be helpful for either scenario.
Thanks,
Rommel Bhan

Thanks Martin the document helped.
Now the web dispatcher seems to talk to the HTTPS port on the backend.
However there is one issue I see in the dev_webdisp and was wondering if you have an insight.
Based on webdispatcher parameters, its taling to ms_https_port 8533 of backend
[Thr 773] Mon Feb 15 15:03:35 2010
[Thr 773] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 773] SecudeSSL_SessionStart: SSL_connect() failed --
[Thr 773]   secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 773] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 773] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
[Thr 773] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE"
[Thr 773] ERROR in get_path: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] << -
End of Secude-SSL Errorstack -
[Thr 773]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 773]   SSL NI-sock: local=10.104.146.81:62579 peer=10.104.146.81:8533
[Thr 773] <<- ERROR: SapSSLSessionStart(sssl_hdl=110acb850)==SSSLERR_SSL_CONNECT
[Thr 773] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 1911]
[Thr 773] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx_mt.c   5976]
[Thr 773] *** ERROR => Could not connect to SAP Message Server at sapcms02. URL=/msgserver/text/logon?version=1.2 [icrxx_mt.c   3289]
[Thr 773] *** ERROR => rc=-1, HTTP response code: 0 [icrxx_mt.c   3290]
[Thr 773] *** ERROR => see also SAP note 552286 [icrxx_mt.c   3291]
My backend is setup with SSL and web dispatcher is set to the following. Also since the backend and sapweb dispatcher are on the same host, using the same sidadm, the SSL stuff is on one location. I generated the SAPSSLS.pse in the backend using STRUST
Accessibility of Message Servers
rdisp/mshost = sapcms02
ms/http_port = 8100
ms/https_port = 8533
wdisp/server_info_protocol = https
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=ROUTER,PORT=60000
icm/server_port_1 = PROT=HTTPS,PORT=0
icm/server_port_2 = PROT=HTTP,PORT=8080 <-- web dispatcher admin port
#SSL parameters similar to one in backend
ssf/ssfapi_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
sec/libsapsecu = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssf/name = SAPSECULIB
ssl/ssl_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssl/server_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLS.pse
ssl/client_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLC.pse

SSO and SAML issue with Fiori

Hi
I have set up a Fiori system based on 7.4 and it is working fine.
I attempted to use Single Sign using SAML based on ADFS as an identity provider which we are already using in our environment.
I have followed this guide by Chris Wealy on Using SAML 2.0 Authentication to Access Fiori Apps from the Public Internet
However when I am trying to login to the FIori launchpad, I am redirected to the Idp site where I enter my credentials and I am not able to login. Checking the diagnostic tool I am getting the following error
SAML20 SP (client 410 ): Exception raised:
SAML20 SAML20 CX_SAML20_CORE: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Long text: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Diagnosis System Response Status 401 was returned. Access denied. Procedure Contact the administrator of the entity, to which access was attempted. The logon data prevent communication. Use an HTTP destination and configure the logon data and the SSL client values as needed. Procedure for System Administration
SAML20     at CL_SAML20_ABSTRACT_PROFILE->SOAP_SEND(Line 160)
SAML20     at CL_SAML20_ARTIFACT->RESOLVE_ARTIFACT(Line 61)
SAML20     at CL_SAML20_ABSTRACT_MSG->PARSE_MESSAGE(Line 216)
SAML20     at CL_SAML20_RESPONSE->CREATE_FROM_MSG(Line 46)
SAML20     at CL_SAML20_ABSTRACT_PROFILE->CREATE_MSG_OBJECT(Line 46)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 32)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
However checking the possible solution to the above error I came across this
Problem: You are performing SAML 2.0 authentication and you get the following error:
CX_SAML20_CORE: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1. Long text: Access by the SOAP request to COMMUNICATION_ERROR was denied with status 1.
Reason: SSL server certificate of identity provider is not imported in “SSL Client Standard” PSE.
Solution: Import SSL server certificate of the identity provider in “SSL Client Standard” PSE.
I have imported the the SSL server certificate along with the root certificate of the the Identitiy provider which is ADFS and still I am getting the same error.
The ICM trace is showing this
Thr 140736331941632] *** ERROR during SecuSSL_SessionStart() from SSL_connnect()==SSL_ERROR_CONNECTION_LOST
Thr 140736331941632]    session uses PSE file "/usr/sap/UI5/DVEBMGS00/sec/SAPSSLC.pse"
Thr 140736331941632] No LastError / ErrorStack available!
Thr 140736331941632]   SSL_get_state()==0x2120 "SSLv3 read server hello A"
Thr 140736331941632]   SSL NI-hdl 193: local=10.2.32.85:52039 peer=10.2.32.43:443
Thr 140736331941632] <<- ERROR: SapSSLSessionStart(sssl_hdl=7fff90003a60)==SSSLERR_SSL_CONNECT
Thr 140736331941632] *** ERROR => SSL handshake with adfs.sbm.com.sa:443 failed: SSSLERR_SSL_CONNECT (-57)
Thr 140736331941632] SAPCRYPTO:SSL_connect() failed
Thr 140736331941632]
Thr 140736331941632] SapSSLSessionStart()==SSSLERR_SSL_CONNECT
Thr 140736331941632] SSL_connnect() failed (0/0x00) Huh??
Thr 140736331941632]   SSL:SSL_get_state()==0x2120 "SSLv3 read server hello A"
Thr 140736331941632]   SSL NI-hdl 193: local=10.2.32.85:52039 peer=10.2.32.43:443
Thr 140736331941632]   cli SSL session PSE "/usr/sap/UI5/DVEBMGS00/sec/SAPSSLC.pse"
Thr 140736331941632]   Target Hostname="adfs.sbm.com.sa"
Can anybody help out.
Do you need any other logs or configurations to check?

Hi Simon,
Thanks for your response.
I am able to access the Netweaver Gateway Service URl's placed on the same DMZ using reverse proxy from internet.
I have tried using the FQDN as well but no luck, do we need to do some configurations at the backend server in order to use Fiori Launchpad with reverse proxy?

Error while connecting to external system in SM59 with ICM_HTTP_SSL_ERROR

Hi all,
we have configured an SM59 RFC destination of G type which pings to the external third party server. Before testing we have uploaded the external server certificate in PI system. it was working fine with * HTTP 200 OK* message. since 2 days we are facing the ICM_HTTP_SSL_ERROR while testing the connection. when we telnet from PI to the external system using the port no.443, its getting connected.
so any idea why it started giving the error.
We have check out this forums but of no help.
[ICM_HTTP_SSL_ERROR|ICM_HTTP_SSL_ERROR;
The trace file dev_icm says
[Thr 52] Thu Jan 20 14:34:00 2011
[Thr 52] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST
[Thr 52]    session uses PSE file "/usr/sap/XD1/DVEBMGS00/sec/SAPSSLDRV.pse"
[Thr 52] No Secude Error present in trace stack!
[Thr 52]   SSL_get_state() returned 0x00002141 "SSLv3 read server key exchange B"
[Thr 52]   SSL NI-sock: local=192.168.127.70:65243 peer=80.78.2.187:443
[Thr 52] <<- ERROR: SapSSLSessionStart(sssl_hdl=6000000000d50fd0)==SSSLERR_SSL_CONNECT
[Thr 52] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00370a03} [icxxconn_mt.c 1957]
[Thr 81] Thu Jan 20 14:34:15 2011
[Thr 81] IcmWorkerThread: end worker thread 53
[Thr 80] Thu Jan 20 14:44:45 2011
[Thr 80] IcmWorkerThread: end worker thread 52
Thanks,
Asem

Hareen,
We checked the the note 1318906 and followed the steps but error persists.
Could you please advice more on this.
Rahul,
The note you mentioned is for different error "ICM_HTTP_INTERNAL_ERROR".
Br
Asem

Error when connect from portal system (abap ) to external ssl client - sm59

Hi I am tryign to setup a ssl connection from the abap sm59 portal system to an exteral server.. I have setup the certs that the client has given me in strust.but i m gettign the ffg error.
sysno      60
sid        PID
systemid   370 (Solaris on SPARCV9 CPU)
relno      7110
patchlevel 0
patchno    150
intno      20020600
make       multithreaded, Unicode, 64 bit, optimized
profile    /usr/sap/PID/SYS/profile/PID_DVEBMGS60_pidevdb
pid        3911
[Thr 01] Thu Jun 14 08:38:48 2012
[Thr 01] TRACE FILE TRUNCATED
[Thr 07] Thu Jun 14 08:39:07 2012
[Thr 07] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 07]    session uses PSE file "/usr/sap/PID/DVEBMGS60/sec/SAPSSLA.pse"
[Thr 07] SecudeSSL_SessionStart: SSL_connect() failed
[Thr 07]   secude_error 536871970 (0x20000422) = "SSL record with the wrong SSLPlaintext.version received"
[Thr 07] >>            Begin of Secude-SSL Errorstack            >>
[Thr 07] ERROR in ssl3_get_record: (536871970/0x20000422) SSL record with the wrong SSLPlaintext.version received
[Thr 07] <<            End of Secude-SSL Errorstack
[Thr 07]   SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 07]   SSL NI-sock: local=57.24.111.151:34110 peer=57.24.110.116:5081
[Thr 07] <<- ERROR: SapSSLSessionStart(sssl_hdl=10720d530)==SSSLERR_SSL_CONNECT
[Thr 07] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00020a7c} [icxxconn_mt.c 1957]
When i change the sm59 connection not to use ssl. it give me a pop up screen . and asks me to enter user and password...
He then give me a private key file .. i.e a .pfx file but not sure how to load this in strust. I tried to convert in useign sapgenpse. but it fails with teh ffg error
12% sapgenpse import_p12 -p /usr/sap/PID/amos/amos_client.pse /usr/sap/PID/amos/amos_client_pk.pfx
import_p12: MISSING password for PKCS#12 file "/usr/sap/PID/amos/amos_client_pk.pfx"
Please enter PKCS#12 encryption password: *******
PKCS#12/PFX file contains 1 keypair:
1. FriendlyName = "amos.server.interface.webuser.web_int.cert"
     X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
     Subject="CN=AMOS WebService Interface Client, OU=IT&S MRO, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
     Issuer ="[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"
ERROR: Incomplete certification path -- NEED certificate of "[email protected], CN=ca.flysaa.com, OU=Certificate Authority, O=South African Airways (Pty) Ltd, L=OR Tambo International Airport, SP=Gauteng, C=ZA"!
I have attached a doc of what it looks like.. appreciate any help

Hi,
There is an error in the publishing of template
Template :"bbpsc02" is not publised in ITS.
Go to T.code: SE80
Publish all the templates again and check
Check with your SAP BASIS team for the help
Regards
Ganesh

J2SE File Adapter fails (rcv adapter is STARTED but no messages)

Hi,
The J2SE Adapter Engine with a file receiver adapter keeps failing. The symptoms are as follows:
1. We transfer a large number (20-25K) of files.
2. At some point, the J2SE adapter stops receiving messages.
    The status on the adapter home page indicates that it is started. Restarting the file receiver adapter doesn't fix the problem.
We noticed that before the crash the following entries appear in the J2SE Adapter Engine Trace files
Mar 21, 2010 9:20:26 PM ...ap.aii.messaging.net.HTTPServer.run() [Thread[Thread-24,5,main]] Info: TCP request received from pxpci.fil-eu.sv.philips.com
Mar 21, 2010 9:20:32 PM ...equest, HttpServletResponse response) [Thread[Thread-45969,5,main]] Error: java.lang.NullPointerException
     at com.sap.aii.messaging.adapter.Zone.service(ModuleGUIBrowserEngine.java:1167)
     at com.sap.aii.messaging.adapter.HTTPRequest.run(ModuleGUIBrowserEngine.java:406)
Mar 21, 2010 9:23:26 PM ...ap.aii.messaging.net.HTTPServer.run() [Thread[Thread-24,5,main]] Info: TCP request received from pxpci.fil-eu.sv.philips.com
Mar 21, 2010 9:24:26 PM ...ap.aii.messaging.net.HTTPServer.run() [Thread[Thread-24,5,main]] Info: TCP request received from pxpci.fil-eu.sv.philips.com
Mar 21, 2010 9:25:29 PM ...ap.aii.messaging.net.HTTPServer.run() [Thread[Thread-24,5,main]] Info: TCP request received from pxpci.fil-eu.sv.philips.com
Mar 21, 2010 9:27:50 PM ...i.messaging.adapter.HTTPRequest.run() [Thread[Thread-45973,5,main]] Error: java.util.NoSuchElementException
     at java.util.StringTokenizer.nextToken(StringTokenizer.java:332)
     at com.sap.aii.messaging.adapter.HTTPRequest.run(ModuleGUIBrowserEngine.java:368)
Mar 21, 2010 9:27:53 PM ...i.messaging.adapter.HTTPRequest.run() [Thread[Thread-45974,5,main]] Error: java.util.NoSuchElementException
     at java.util.StringTokenizer.nextToken(StringTokenizer.java:332)
     at com.sap.aii.messaging.adapter.HTTPRequest.run(ModuleGUIBrowserEngine.java:368)
Do you know why this happens or how can it be fixed?
Regards
Divya

The error in XI is
IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT
There were 22000 entries in the file adapter's ExactlyOnce DAT file.
The restart of the adapter cleared this but it still does get any messages.
Restarting the GUIBrowser service doesn't work - it just crashes the admin UI also.

HTTP Connection to External Server

Hi,
I had some problem with my RFC connection on SM59.
I get this error ICM_HTTP_SSL_ERROR.
I get this error forn dev_icm file
= Success -- SapCryptoLib SSL ready!
Thr 3964
Thr 3964 Started service 443 for protocol HTTPS on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
Thr 3964 Started service 25025 for protocol SMTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
Thr 3964 Tue Jun 15 00:00:02 2010
Thr 3964 *** WARNING => IcmNetCheck: NiHostToAddr(www.doesnotexist.qqq.nxst) took 5 seconds http://icxxman.c 4586
Thr 3964 Tue Jun 15 00:00:07 2010
Thr 3964 *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds http://icxxman.c 4606
Thr 3964 *** WARNING => IcmNetCheck: 2 possible network problems detected - please check the network/DNS settings http://icxxman.c 4662
Thr 5520 Tue Jun 15 00:01:07 2010
Thr 5520 *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
Thr 5520 session uses PSE file "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLDIBS.pse"
Thr 5520 SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
Thr 5520
Begin of Secude-SSL Errorstack
Thr 5520 ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US"
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
Thr 5520 <<
End of Secude-SSL Errorstack
Thr 5520 SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
Thr 5520 SSL NI-sock: local=192.168.42.112:4581 peer=85.236.67.2:443
Thr 5520 <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000002F34BB0)==SSSLERR_SSL_CONNECT
Thr 5520 *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT http://icxxconn.c 2012
Any help
Thanks

Hi,
I had some problem with my RFC connection on SM59.
I get this error * ICM_HTTP_SSL_ERROR. I get this error forn dev_icm file *
= Success -- SapCryptoLib SSL ready!
Thr 3964 ================================================= Any help Thanks
Thr 3964 Started service 443 for protocol HTTPS on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
Thr 3964 Started service 25025 for protocol SMTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
Thr 3964 Tue Jun 15 00:00:02 2010
Thr 3964 *** WARNING => IcmNetCheck: NiHostToAddr(www.doesnotexist.qqq.nxst) took 5 seconds http://icxxman.c 4586
Thr 3964 Tue Jun 15 00:00:07 2010
Thr 3964 *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds http://icxxman.c 4606
Thr 3964 *** WARNING => IcmNetCheck: 2 possible network problems detected - please check the network/DNS settings http://icxxman.c 4662
Thr 5520 Tue Jun 15 00:01:07 2010
Thr 5520 *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
Thr 5520 session uses PSE file "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLDIBS.pse"
Thr 5520 SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
Thr 5520 >>
Begin of Secude-SSL Errorstack
>>
Thr 5520 ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US"
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
Thr 5520 <<
End of Secude-SSL Errorstack
Thr 5520 SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
Thr 5520 SSL NI-sock: local=192.168.42.112:4581 peer=85.236.67.2:443
Thr 5520 <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000002F34BB0)==SSSLERR_SSL_CONNECT
Thr 5520 *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT http://icxxconn.c 2012
Any help
Thanks

HTTP-ADAPTER with HTTPS = ICM_HTTP_SSL_ERROR

Hi,
we are trying to sending data via HTTPS with the HTTP-Adapter. Therefor we create a RFC_Destination with SM59. For HTTP it works fine but after changing to HTTPS we receive a ICM_HTTP_SSL_ERROR.
The server on the other side expect authentification via User/Pwd on port. Also we added an entry in STRUST for CN=anonymous in STRUST.
Any idea whats wrong ?

Hi Sammer,
- authentification is username/pwd.
- SSL is active because of https
- Service is set to the https-port of the server.
I receive the following error in the log.
[Thr 10] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 10] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Class 3 Public Primary Certification Auth
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 10] << ---------- End of Secude-SSL Errorstack ----------
[Thr 10] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 10] SSL socket: local=10.172.11.11:41579 peer=195.14.237.44:3577
[Thr 10] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x1054e08b0)==SSSLERR_SSL_CONNECT
[Thr 10] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00021653} [icxxconn_mt.c 1813]
when I delete in STRUST all the certificates under Client_certificate (standard/anonymus) I receive the same error msg. it also the same error when I am trying to connect to another server with https.
regards bernd

Problem using HTTPS

I am trying to post a message using HTTPS in XI. I have defined a RFC connection to an external HTTPs partner and when I test the connection I am getting errors (the full log from dev_icm is below). I am using client certificates and have created a PSE for it. The third party has added my certificate to their trusted store. The third party gets a message about non matching ciphers when I try to do the test connection. Does anyone have any suggestions on things I can try to get this to work? Our SAP SSL library is at the latest level.
Regards,
Jason
[Thr 7] NiICheckPendConnection: connection of hdl 18 to 156.134.6.212:443 established
[Thr 7] NiIConnect: hdl 18 took local address 14.134.160.97:64558
[Thr 7] NiIConnect: state of hdl 18 NI_CONNECTED
[Thr 7] <<- SapSSLSessionInit()==SAP_O_K
[Thr 7]      in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
[Thr 7]     out: sssl_hdl = 0x600000000097b3a0
[Thr 7] NiIBlockMode: set blockmode for hdl 18 TRUE
[Thr 7]   SSL NI-sock: local=14.134.160.97:64558 peer=124.148.6.212:443
[Thr 7] <<- SapSSLSetNiHdl(sssl_hdl=0x600000000097b3a0, ni_hdl=18)==SAP_O_K
[Thr 7]   SapISSLComposeFilename(): Filename = "/usr/sap/XID/DVEBMGS55/sec/SAPSSLTESTCL.pse"
[Thr 7] <<- SapSSLSetSessionCredential(sssl_hdl=0x600000000097b3a0)==SAP_O_K
[Thr 7]      in: cred_name = "/usr/sap/XID/DVEBMGS55/sec/SAPSSLTESTCL.pse"
[Thr 7] <<- SapSSLSetTargetHostname(sssl_hdl=0x600000000097b3a0)==SAP_O_K
[Thr 7]      in: hostname = "esmart.test.com.au"
[Thr 7] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 7]    session uses PSE file "/usr/sap/XID/DVEBMGS55/sec/SAPSSLTESTCL.pse"
[Thr 7] SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 536875072 (0x20001040) = "received a fatal SSLv3 handshake failure alert message from the peer"
[Thr 7] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 7] WARNING in ssl3_read_bytes: (536875072/0x20001040) received a fatal SSLv3 handshake failure alert message from the peer
[Thr 7] << -
End of Secude-SSL Errorstack -
[Thr 7]   SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"
[Thr 7]   No certificate request received from Server
[Thr 7] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x600000000097b3a0)==SSSLERR_SSL_CONNECT
[Thr 7] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 7] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
[Thr 7] <<- SapSSLSessionDone(sssl_hdl=0x600000000097b3a0)==SAP_O_K
[Thr 7] IcmConnConnect(id=1/20625): free MPI request blocks
[Thr 7] MPI<55b>2#7 GetInbuf -1 1a6ca0 306 (1) -> 6
[Thr 7] MPI<55a>3#4 GetOutbuf -1 1c6d20 65536 (0) -> 0xc0000001ac1c6d40 0
[Thr 7] NiIGetServNo: servicename '8055' = port 1F.77/8055
[Thr 7] MPI<55a>3#5 FlushOutbuf l-1 1 1 1c6d20 2168 6 -> 0xc0000001ac1c6d20 0
[Thr 7] NiICloseHandle: shutdown and close hdl 18 / sock 30
[Thr 7] IcmConnFreeContext: context 1 released
[Thr 7] IcmServDecrRefCount: xidsapci.test.local:8056 - serv_ref_count: 1
[Thr 7] IcmWorkerThread: Thread 3: Waiting for event

Hello Jason,
I believe the possible issue could be due to incorrect values to the following profile parameter
snc/permit_insecure_start
If SNC is activated (parameter snc/enable = 1 ), by default the
gateway does not start any programs that communicate without
SNC.
This is allowed with snc/permit_insecure_start.
Please check the instance profile parameter for the same.
Cheers

ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the se

Hello,
We are getting the following error in the dev_icm trace file:
=================================================================
[Thr 04] *** ERROR => IcmConnInitServerSSL: SapSSLSessionStart returned (-56): SSSLERR_SSL_ACCEPT [icxxconn_mt. 1777]
[Thr 11] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 2012]
[Thr 11] *** ERROR => IcmJ2EEScheduleFunc: Connection to medpoolP45.os.fth.sbs.de:8443 failed - please check host configuration
[Thr 05] Mon Dec 7 08:14:40 2009
[Thr 05]   SSL_get_state() returned 0x00001180 "SSLv3 read client certificate A"
[Thr 08] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 05] *** ERROR during SecudeSSL_SessionStart() from SSL_accept()==SSL_ERROR_SSL
[Thr 08] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 05] SecudeSSL_SessionStart: SSL_accept() failed
secude_error 536875074 (0x20001042) = "received a fatal SSLv3 bad certificate alert message from the peer"
[Thr 08] >>            Begin of Secude-SSL Errorstack            >>
[Thr 05] >>            Begin of Secude-SSL Errorstack            >>
[Thr 08] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 Veri
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 05] WARNING in ssl3_read_bytes: (536875074/0x20001042) received a fatal SSLv3 bad certificate alert message from the peer
[Thr 08] <<            End of Secude-SSL Errorstack
[Thr 05] <<            End of Secude-SSL Errorstack
[Thr 08]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 05]   SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
[Thr 08]   SSL NI-sock: unix domain socket="/tmp/.sapicm8443"
[Thr 05] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000051ad9b0)==SSSLERR_SSL_ACCEPT
[Thr 08] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000052c0030)==SSSLERR_SSL_CONNECT
=================================================================
But in STRUST all the SSL server certificate and SSL client certificate are in green.
Kindly let us know how to solve this error.
Thanks,
Rajesh

Hi Jitendra,
We resolved the issues by referring to Note 1249794
Call transaction STRUST and double-click the entry "SSL server standard". Include the issuer of the certificate of "SSL server standard" in the certificate list of "SSL Client standard" or "SSL Client Anonymous" (for more information, see Notes 1094342 and 745103).
Hope this help
Daniel

The verification of the server's certificate chain failed

Hi All,
Not sure this is the right forum for this but never mind.
I am trying to get abap2GApps working and am having problems with the client certificates.
I am getting the below error in ICM :-
[Thr 06] Mon Jul 30 09:34:47 2012
[Thr 06] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 06]    session uses PSE file "/usr/sap/BWD/DVEBMGS58/sec/SAPSSLC.pse"
[Thr 06] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 06] >>            Begin of Secude-SSL Errorstack            >>
[Thr 06] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=Equifax Secure Certificate Authority, O=E
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 06] <<            End of Secude-SSL Errorstack
[Thr 06]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 06]   SSL NI-sock: local=172.30.7.170:59036 peer=172.30.8.100:80
[Thr 06] <<- ERROR: SapSSLSessionStart(sssl_hdl=60000000053910f0)==SSSLERR_SSL_CONNECT
[Thr 06] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {000726d5} [icxxconn_mt.c 2031]
Having already got the accounts.google.com SSL certificate chain installed and working I can't get the docs.google.com SSL chain working.
For accounts.google.com they use (this set works) :-
1) CN=accounts.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Thawte SGC CA, O=Thawte Consulting (Pty) Ltd., C=ZA
3) OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
For docs.google.com they use a different set of SSL certs. :-
1) CN=*.google.com, O=Google Inc, L=Mountain View, SP=California, C=US
2) CN=Google Internet Authority, O=Google Inc, C=US
3) OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Can anyone explain what I am doing wrong or how to correct this?
Thanks
Craig

Further UPDATE
After removing every certificate related to docs.google.com I still get the same error!
I have even tried downloading the root certificate directly from GeoTrust themselves and yet I still get the same error.
I have even resorted to running SAP program ZSSF_TEST_PSE from note 800240 to check the PSE and all is well!
Referring to SAP Note 1318906 suggests I am missing a certificate in the chain but I am not!
"Situation: The ICM is in the client role and the following entry is displayed in the trace:
ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
Reason:You try to set up a secure connection to a server, but the validity of the certificate cannot be verified because the required certificates are not available.
Solution:The missing certificates are listed in the trace file. You must use transaction STRUST to insert these certificates in the Personal Security Environment (PSE) that is used for the connection. The certificates are usually made available to you by the server administrator. If the certificates are public Certification Authority (CA) certificates, you can also request the certificates there."
What could possibly causing this?
Please help!
Craig

DIBS connection

HI,
I am tying to create a DIBS HTTP Connection to External Server on SM59 transaction for ours web shop on an SAP Netweaver server. I get this error u2018HTTPIO_PLG_CANCELEDu2019. Any body knows where can I find more error details for this error.
Is it any body has any experience to create DIBS connection to an extern server.
Thanks

Hi,
I had some problem with my https setting,
From SM 59 I get this error ICM_HTTP_SSL_ERROR.
I get this error forn dev_icm file
= Success -- SapCryptoLib SSL ready!
[Thr 3964] =================================================
[Thr 3964] Started service 443 for protocol HTTPS on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 3964] Started service 25025 for protocol SMTP on host "sapehd1.ssi.ad"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 3964] Tue Jun 15 00:00:02 2010
[Thr 3964] *** WARNING => IcmNetCheck: NiHostToAddr(www.doesnotexist.qqq.nxst) took 5 seconds [icxxman.c    4586]
[Thr 3964] Tue Jun 15 00:00:07 2010
[Thr 3964] *** WARNING => IcmNetCheck: NiAddrToHost(10.0.0.1) took 5 seconds [icxxman.c    4606]
[Thr 3964] *** WARNING => IcmNetCheck: 2 possible network problems detected - please check the network/DNS settings [icxxman.c    4662]
[Thr 5520] Tue Jun 15 00:01:07 2010
[Thr 5520] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 5520]    session uses PSE file "D:\usr\sap\EHD\DVEBMGS00\sec\SAPSSLDIBS.pse"
[Thr 5520] SecudeSSL_SessionStart: SSL_connect() failed --
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 5520] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 5520] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US"
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
[Thr 5520] << -
End of Secude-SSL Errorstack -
[Thr 5520]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 5520]   SSL NI-sock: local=192.168.42.112:4581 peer=85.236.67.2:443
[Thr 5520] <<- ERROR: SapSSLSessionStart(sssl_hdl=0000000002F34BB0)==SSSLERR_SSL_CONNECT
[Thr 5520] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn.c 2012]
Any help
Thanks

PI connecting to other system using SSL

Hi i tried to communicate to other server from our PI usng SSL, sapcrptyo is activated.. and other server Certificate is imported
Step that i do :
1. in the strust - environment - SSL CLient Identifies , i have create new entry called TESSSL. then
2. from STRUST , there is entry SSL Client test exist.. i have create the PSE by using the default entry.
3. I imported the other server SLL Cert, intemediate , root. and add it into the SSL Client test , Certificate list
4. Creating RFC type G, then filled in the target host, prefix and port, also activating the SSL on logon & security tab, by choowing the "SSL Client test"
upon testing the connection i got ICM_HTTP_ERROR
Edited by: Muda Ikhsan on Jan 20, 2010 3:09 PM

Thr 1800] IcmConnConnect: context 2 assigned to tid: 31, uid: 398, mode: 1
Thr 1800] NiIGetServNo: servicename '5443' = port 15.43/5443
Thr 1800] IcmGetServicePtr: new serv_ref_count: 2
Thr 1800] IcmConnConnect: direct connect to j2eedevt.eds.xxx.com:8443
Thr 1800] NiHsLGetNodeAddr: found hostname 'j2eedevt.eds.jxxx.com' in cache
Thr 1800] NiIGetNodeAddr: hostname 'j2eedevt.eds.jjsea.com' = addr 192.168.5.52
Thr 1800] NiIGetServNo: servicename '8443' = port 20.FB/8443
Thr 1800] NiICreateHandle: hdl 6 state NI_INITIAL
Thr 1800] NiIInitSocket: set default settings for new hdl 6 / sock 46 (I4; ST)
Thr 1800] NiIBlockMode: set blockmode for hdl 6 FALSE
Thr 1800] NiICheckPendConnection: connection of hdl 6 to 192.168.5.52:8443 established
Thr 1800] NiIConnect: hdl 6 took local address 192.168.5.23:59600
Thr 1800] NiIConnect: state of hdl 6 NI_CONNECTED
Thr 1800] <<- SapSSLSessionInit()==SAP_O_K
Thr 1800]      in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"
Thr 1800]     out: sssl_hdl = 0x115e46750
Thr 1800] NiIBlockMode: set blockmode for hdl 6 TRUE
Thr 1800]   SSL NI-sock: local=192.168.5.23:59600 peer=192.168.5.52:8443
Thr 1800] <<- SapSSLSetNiHdl(sssl_hdl=0x115e46750, ni_hdl=6)==SAP_O_K
Thr 1800]   SapISSLComposeFilename(): Filename = "/usr/sap/Q01/DVEBMGS00/sec/SAPSSLTESSSL.pse"
Thr 1800] <<- SapSSLSetSessionCredential(sssl_hdl=0x115e46750)==SAP_O_K
Thr 1800]      in: cred_name = "/usr/sap/Q01/DVEBMGS00/sec/SAPSSLTESSSL.pse"
Thr 1800] <<- SapSSLSetTargetHostname(sssl_hdl=0x115e46750)==SAP_O_K
Thr 1800]      in: hostname = "j2eedevt.eds.jjsea.com"
Thr 1800] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
Thr 1800]    session uses PSE file "/usr/sap/Q01/DVEBMGS00/sec/SAPSSLTESSSL.pse"
Thr 1800] SecudeSSL_SessionStart: SSL_connect() failed
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 1800] >>            Begin of Secude-SSL Errorstack            >>
[Thr 1800] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
ERROR in af_verify_Certificates: (24/0x0018) Chain of certificates is incomplete : "CN=VeriSign Trial Secure Server CA - G2, OU=
ERROR in get_path: (24/0x0018) Can't get path because the chain of certificates is incomplete
Thr 1800] <<            End of Secude-SSL Errorstack
[Thr 1800]   SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 1800]   No certificate request received from Server
[Thr 1800] <<- ERROR: SapSSLSessionStart(sssl_hdl=0x115e46750)==SSSLERR_SSL_CONNECT
[Thr 1800] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT
[Thr 1800] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 201
[Thr 1800] <<- SapSSLSessionDone(sssl_hdl=0x115e46750)==SAP_O_K
[Thr 1800] IcmConnConnect(id=2/604): free MPI request blocks
[Thr 1800] MPI<3b4>4#7 GetInbuf -1 16f4b8 225 (1) -> 6
[Thr 1800] MPI<3b3>5#4 GetOutbuf -1 17f4f0 65536 (0) -> 0x70000003017f510 0
[Thr 1800] NiIGetServNo: servicename '8000' = port 1F.40/8000
[Thr 1800] MPI<3b3>5#5 FlushOutbuf l-1 1 1 17f4f0 2180 6 -> 0x70000003017f4f0 0
[Thr 1800] NiICloseHandle: shutdown and close hdl 6 / sock 46
[Thr 1800] IcmConnFreeContext: context 2 released
[Thr 1800] IcmServDecrRefCount: sapqa.eds.xxxx.com:5443 - serv_ref_count: 1
[Thr 1800] IcmWorkerThread: Thread 4: Waiting for event
[Thr 3342] Wed Jan 20 15:02:02 2010
[Thr 3342] NiSelISelectInt: 0 handles selected (0 buffered)
Anybody could help ?
Edited by: Muda Ikhsan on Jan 20, 2010 3:09 PM
Edited by: Muda Ikhsan on Jan 20, 2010 3:11 PM

SSSLERR_SSL_CONNECT

Similar Messages

Maybe you are looking for