Web dispatcher SSL error

Hi, All
I am using webdispatcher as reverse proxy for SSL terminiation. let me explain my steps.
to create pse
1-get request file
sapgenpse get_pse u2013s2048 -p C:\usr\sap\FW2\W00\sec\SAPSSLS.pse -r C:\usr\sap\FW2\W00\sec\SAPSSLS.req "CN=portal.xxx.com, OU=xxx company"
I got request file.
2-import
sapgenpse import_own_cert -p C:\usr\sap\FW2\W00\sec\SAPSSLS.pse -c C:\usr\sap\FW2\W00\sec\reponse.cer -r C:\usr\sap\FW2\W00\sec\subroot.cer -r C:\usr\sap\FW2\W00\sec\root.cer -x 12345
CA-Response successfully import int0 PSE
3-create credentials
sapgenpse seclogin -p C:\usr\sap\FW2\W00\SAPSSLS.pse -x 12345 -O SAPServiceFW2
Added SSO-credentials for PSE "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse
4-I also check permission of SAPSSLS.pse for SAPServiceFW2 and fw2adm (win 2008 )
5- sapcrypto installed
here profile parameters
wdisp/shm_attach_mode = 6
rdisp/mshost = xxxxx
ms/http_port = 8101
DIR_INSTANCE = C:\usr\sap\FW2\W00
ssl/ssl_lib = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
ssl/server_pse = C:\usr\sap\FW2\W00\sec\SAPSSLS.pse
wdisp/auto_refresh = 120
wdisp/max_servers = 100
icm/server_port_0 = PROT=HTTPS, PORT=443
icm/server_port_1 = PROT=HTTP, PORT=80
icm/HTTP/admin_0 = PREFIX=/sap(wdisp/admin,DOCROOT=./admin
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
icm/HTTPS/verify_client = 0
icm/HTTPS/trust_client_with_issuer = *
icm/HTTPS/trust_client_with_subject = *
ssf/name = SAPSECULIB
ssf/ssfapi_lib = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
sec/libsapsecu = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
here dev_webdisp
trc file: "dev_webdisp", trc level: 1, release: "700"
sysno 00
sid FW2
systemid 562 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 250
intno 20050900
make: multithreaded, ASCII, 64 bit, optimized
pid 3612
[Thr 3500] started security log to file dev_icm_sec
[Thr 3500] SAP Web Dispatcher running on: webdisp.com
[Thr 3500] MtxInit: 30001 0 2
[Thr 3500] IcmInit: listening to admin port: 65000
[Thr 3500] IcrCoreInitSessionTable: Session table initialized
[Thr 3896] =================================================
[Thr 3896] = SSL Initialization on PC with Windows NT
[Thr 3896] = (700_REL,May 3 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 3896] profile param "ssl/ssl_lib" = "C:\usr\sap\FW2\W00\sec\sapcrypto.dll"
 resulting Filename = "C:\usr\sap\FW2\W00\sec\sapcrypto.dll"
[Thr 3896] profile param "ssl/server_pse" = "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
 resulting Filename = "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
[Thr 3896] = found SAPCRYPTOLIB 5.5.5C pl30 (Jul 23 2010) MT-safe
[Thr 3896] = current UserID: FRIK\SapServiceFW2
[Thr 3896] = found SECUDIR environment variable
[Thr 3896] = using SECUDIR=C:\usr\sap\FW2\W00\sec
[Thr 3896] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse" not found! [ssslsecu.c 1360]
[Thr 3896] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 3896] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 3896] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
[Thr 3896] << -
End of Secude-SSL Errorstack -
[Thr 3896] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
 for "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse" [ssslxxi.c 2314]
[Thr 3896] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 3896] =================================================
[Thr 3896] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 3896] HttpSubHandlerAdd: Added handler HttpRedirectHandler(slot=0, flags=4098) for /:0
[Thr 3896] HttpExtractArchive: files from archive C:\usr\sap\FW2\SYS\exe\nuc\NTAMD64/wdispadmin.SAR in directory . are up to date
[Thr 3896] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=1, flags=4101) for /sap(wdisp/admin:0
[Thr 3896] CsiInit(): Initializing the Content Scan Interface
[Thr 3896] PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 3896] CsiInit(): CSA_LIB = "C:\usr\sap\FW2\SYS\exe\nuc\NTAMD64\sapcsa.dll"
[Thr 3896] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=2, flags=12293) for /:0
[Thr 3896] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=3, flags=28677) for /:0
[Thr 3896] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 3896] Started service 80 for protocol HTTP on host "webdisp.com"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
[Thr 3500] IcmCreateWorkerThreads: created worker thread 0
[Thr 3500] IcmCreateWorkerThreads: created worker thread 1
[Thr 3500] IcmCreateWorkerThreads: created worker thread 2
[Thr 3500] IcmCreateWorkerThreads: created worker thread 3
[Thr 3500] IcmCreateWorkerThreads: created worker thread 4
[Thr 3500] IcmCreateWorkerThreads: created worker thread 5
[Thr 3500] IcmCreateWorkerThreads: created worker thread 6
[Thr 3500] IcmCreateWorkerThreads: created worker thread 7
[Thr 3500] IcmCreateWorkerThreads: created worker thread 8
[Thr 3500] IcmCreateWorkerThreads: created worker thread 9
[Thr 3336] IcmWatchDogThread: watchdog started
Regards
ABH
Edited by: ABH on Oct 13, 2010 9:34 AM

Hi,
it was domain installation. But I needed to create SAPServieSID user on the local too. this solved my problem. I gave required permmison to pse again for local user. it is sound weird but it is working now.
Regrads
ABH

Similar Messages

SAP Web Dispatcher SSL Error

We are having issues with our SSL connection to the SAP Web AS. Below is the error in the log files:
[Thr 472] =================================================
[Thr 472] = SSL Initialization on PC with Windows NT
[Thr 472] = (700_REL,Jul 14 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
[Thr 472] profile param "ssl/ssl_lib" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
 resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
[Thr 472] profile param "ssl/server_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
 resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472] profile param "ssl/client_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
 resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
[Thr 472] = found SAPCRYPTOLIB 5.5.5C pl24 (Jun 11 2008) MT-safe
[Thr 472] = current UserID: NT AUTHORITY\SYSTEM
[Thr 472] = found SECUDIR environment variable
[Thr 472] = using SECUDIR=c:\program files\sap\sapwebdisp\
[Thr 472] *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse" not found! [ssslsecu.c 1354]
[Thr 472] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 472] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 472] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
[Thr 472] << -
End of Secude-SSL Errorstack -
[Thr 472] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
 for "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<OurPSE>.pse" [ssslxxi.c 2278]
[Thr 472] Tue Mar 31 13:30:06 2009
[Thr 472] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 472] =================================================
[Thr 472] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 472] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 0
[Thr 2952] *** ERROR => IcmConnClientRqCreate: No service for protocol HTTPS started [icxxconn.c 2701]
[Thr 2952] *** ERROR => IcmConnClientRqCreate() failed (rc=-1) [icrxx.c 5234]
[Thr 2952] *** ERROR => Could not connect to SAP Message Server at onebase. URL=/msgserver/text/logon?version=1.2 [icrxx.c 2591]
[Thr 2952] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c 2592]
[Thr 2952] *** ERROR => see also OSS note 552286 [icrxx.c 2593]
[Thr 3744] IcmCreateWorkerThreads: created worker thread 1
[Thr 3744] IcmCreateWorkerThreads: created worker thread 2
[Thr 3744] IcmCreateWorkerThreads: created worker thread 3
[Thr 3744] IcmCreateWorkerThreads: created worker thread 4
[Thr 3292] IcmWatchDogThread: watchdog started
I've already used sapgenpse seclogin -p <PSE File> -x <PIN> to create a pin. I've also gone and deleted the old pin that used to be there and created a new one.
Also I noticed it says "Beware: changing a PIN of a PSE will not auto-update the SSO-credential
Beware: adding a new credential will not auto-update an existing credential"
So once you change it how do you update it? Do you need to reboot the Web Dispatcher or do you just need to restarted the service?

I am also facing same issue.
I have added credentials also and successfully done.
Here attaching trace file. Please suggest
trc file: "dev_webdisp", trc level: 1, release: "720"
sysno 00
sid WD1
systemid 390 (AMD/Intel x86_64 with Linux)
relno 7200
patchlevel 0
patchno 68
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile /usr/sap/WD1/profile/WD1_W00_sapportal
pid 26732
[Thr 139840314074976] Thu Oct 31 13:54:15 2013
[Thr 139840314074976] *** WARNING => The maximum number of sockets supported on this host is 1020.
This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3417]
[Thr 139840314074976] started security log to file ./dev_icm_sec
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] SAP Web Dispatcher running on: sapportal.abrajoman.com
[Thr 139840314074976] MtxInit: 30001 0 2
[Thr 139840314074976] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&26732&) [icxxrout_mt. 1914]
[Thr 139840314074976] IcmInit: listening to admin port: 65000
[Thr 139840314074976] MPI: dynamic quotas disabled.
[Thr 139840314074976] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 139840314074976] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
[Thr 139840314074976] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
[Thr 139840314074976] IcrCoreInitSessionTable: Session table initialized
[Thr 139840167098112] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f2f0c000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f2f0c0012e0), slot=1, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] CsiInit(): Initializing the Content Scan Interface
[Thr 139840167098112] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 139840167098112] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f2f0c001440), slot=2, flags=12293) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f2f0c008340), slot=3, flags=1060869) for /, active: 1, table 0x7f2f0c000a10
[Thr 139840167098112] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 139840167098112] =================================================
[Thr 139840167098112] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840167098112] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840167098112] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840167098112] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840167098112] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840167098112] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840167098112] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840167098112] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840167098112] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840167098112] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840167098112] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840167098112] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840167098112] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840167098112] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840167098112] =================================================
[Thr 139840167098112]
[Thr 139840167098112] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840167098112] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840167098112] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
[Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 0
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 1
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 2
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 3
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 4
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 5
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 6
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 7
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 8
[Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 9
[Thr 139840167098112] IcmWatchDogThread: watchdog started
[Thr 139840148838144] Thu Oct 31 13:54:36 2013
[Thr 139840148838144] =================================================
[Thr 139840148838144] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840148838144] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840148838144] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840148838144] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840148838144] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840148838144] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840148838144] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840148838144] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840148838144] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840148838144] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840148838144] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840148838144] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840148838144] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840148838144] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840148838144] =================================================
[Thr 139840148838144]
[Thr 139840148838144] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840148838144] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840148838144] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840148838144] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
[Thr 139840151480064] Fri Nov 1 10:54:13 2013
[Thr 139840151480064] =================================================
[Thr 139840151480064] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 139840151480064] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 139840151480064] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 139840151480064] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 139840151480064] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 139840151480064] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 139840151480064] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 139840151480064] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 139840151480064] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 139840151480064] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 139840151480064] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 139840151480064] << ---------- End of Secude-SSL Errorstack ----------
[Thr 139840151480064] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 139840151480064] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139840151480064] =================================================
[Thr 139840151480064]
[Thr 139840151480064] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139840151480064] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 139840151480064] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
[Thr 139840151480064] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
Trace File
 (11768bytes)
Thanks,
Kundan

Web Dispatcher SSL query

Our web disp URL does not work after implementing SSL. (when we access the URL, it's not reachable)
In the error logs, I find:
ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\usr\sap\WDE\W00\sec\SSP_WDE_PSE_20090922.pse
In [this msg (scroll to bottom)|SAP Web Dispatcher SSL Error;, I saw that the PIN should be set for the user that starts up the service (SAPServiceWDE) as well.
Now my query is:
1. I have set the pse pin using WDEADM. How can I set the pse pin again for SAPServiceWDE ?
2. Will this command (after logging in to the OS with SAPServiceWDE) work:
sapgenpse get_pse -noreq -p <PSE path> -x <existing PSE PIN> [DN]
3. Will I have to regenerate the CSR and get a response again?
Note: We have Windows OS

2 --- Yes, it will work
3 --- not reqd

Web Dispatcher - SSL - Portal

Hi,
I have configured Web Dispatcher for SSL Termination to the portal. When I go to my https://... Web Dispatcher address, the portal comes up but the address in the browser changes to http://....
What could the problem be? Why is the Web Dispatcher terminating the SSL between it & the browser? There's nothing in the trace file that indicates a problem.
Many thanks in advance.
Regards
Jane

Hi Jane Tooke,
 In the profile file of web dispatcher which is " sapwebdisp.pfl " located in the sapwebdisp directory, please check if the following parameter exists. This parameter describes how the inbound connections are handled by web dispatcher.
wdisp/ssl_encrypt
the possible values for this parameter are < 0, 1, 2 >
wdisp/ssl_encrypt = 0 ( this means the SSL is terminated when sending to the
 back end server )
wdisp/ssl_encrypt = 1 ( the SSL is terminated and then SSL encrypted again by
 webdispatcher )
wdisp/ssl_encrypt = 2 ( the SSL is not terminated and request is sent encrypted
 to the back end )
The default value of this parameter is " 0 " . So, set it as appropriate to solve your purpose. Please refer to the following link to find more explanation about each of the profile parameters of the web dispatcher.
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/frameset.htm
Sai Kondapi

Web Dispatcher Installation Error

Hi,
I'm installing a web dispacher system on windows 2003, and encounter an error in the last step "Start SAP web dispatcher instance":
INFO 2009-04-22 17:56:12
Switched to user: dw1adm.
INFO 2009-04-22 17:56:12
Creating file C:\Program Files\sapinst_instdir\NW04S\STANDALONE\AS\WI\wdispmon.exe.log.
INFO 2009-04-22 17:56:12
Switched to user: dw1adm.
INFO 2009-04-22 17:56:12
Working directory changed to C:\Program Files\sapinst_instdir\NW04S\STANDALONE\AS\WI.
INFO 2009-04-22 17:56:12
Output of D:\usr\sap\DW1\SYS\exe\nuc\NTAMD64\wdispmon.exe pf=D:\usr\sap\DW1\SYS\profile\DW1_W00_hq-dwd-01 -ping is written to the logfile wdispmon.exe.log.
WARNING 2009-04-22 17:56:17
Execution of the command "D:\usr\sap\DW1\SYS\exe\nuc\NTAMD64\wdispmon.exe pf=D:\usr\sap\DW1\SYS\profile\DW1_W00_hq-dwd-01 -ping" finished with return code 1. Output: SAP Web Disp with pid 2580 is in status: ICM_STATUS_INITERROR: SAP Web Disp with pid 2580 not reached on admin port 65000
ERROR 2009-04-22 17:56:17
CJS-30086 Instance DW1/W00 [STOP] did not start after 5:00 minutes. Giving up.
ERROR 2009-04-22 17:56:17
FCO-00011 The step start with step key |NW_Webdispatcher|ind|ind|ind|ind|0|0|NW_Webdispatcher_Instance|ind|ind|ind|ind|7|0|start was executed with status ERROR .
Any suggestion would be appreciated.
Thanks!
Joseph

check if following link helps you.
[http://help.sap.com/saphelp_nw70/helpdata/en/0b/25453cf1fcc85ee10000000a11402f/content.htm]

Web Dispatcher error pages internationalization

Hello,
I need to show web dispatcher custom error pages in the language of the user making the request. I can get the translated text I just need to know how to dynamically include these translated pages in the custom error pages.
Web dispatcher is configured for custom error pages and works correctly. Now we're looking to see how to include translated pages in the user's language. Is there a way to get the language from the browser headers that are sent?
Thanks,
John

Hi John,
You can use javascript to determine the language set on the browser of the user and redirect to a translated page based on the language.
Here is a simple sample code of how to get the language from the browser:
http://www.java2s.com/Code/JavaScript/Javascript-Objects/GetbrowserLanguage.htm
You then can redirect using javascript to the page you want based on it.
Hope it helps,
Roy
Edited by: Roy Cohen on Nov 19, 2009 6:46 PM

Error when configuring Web Dispatcher for SSL with Enterprise Portal

We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ). We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103). We are now receiving this strange certificate error when we start the Web Dispatcher:
[Thr 5332] Tue Mar 20 00:36:23 2007
[Thr 5332] MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
[Thr 5332] SSL socket: local=<IPADDRESS>:4742 peer=<IPADDRESS>:8103
[Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
[Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
[Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c 4919]
[Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c 2301]
[Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c 2302]
[Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c 2303]
We have gone through the trouble shooting note 552286 as listed in the error above. Any assistance is appreciated.

Hello, did you receive any resolution for this problem? We are receiving a similar error and I am unsure of how to resolve.

Web dispatcher/WAS getting SSL error

We have 2 SAP web dispatcher configured to have HTTPS protocol, with re-encryption in our BW and CRM system.
Both of them are configured identical. However, in the web dispatcher trace file I see that the CRM environment have auth_type =0 (no client cert) and the BW has auth_type = 3 (use client cert). I am not sure what sets this parameter, and how can I change the CRM to have auth_type=3.
In our CRM web dispatcher log we get the following message:
<<- SapSSLSessionInit()==SAP_O_K
[Thr 2612] in: args = "role=0 (SERVER), auth_type=0 (NO_CLIENT_CERT)"[Thr 2612] <<- SapSSLSessionStart(sssl_hdl=1132BF30)==SSSLERR_CONN_CLOSED
In our BW web dispatcher log we get the following message:
->> SapSSLSessionInit(&sssl_hdl=11342124, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))[Thr 2668] <<- SapSSLSessionInit()==SAP_O_K
In the CRM WAS server we are getting the following error message:
SecudeSSL_Read: SSL_read() failed --
secude_error 4865 (0x00001301) = "ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)"
[Thr 2732] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2732] ERROR in BIO_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)
ERROR in sock_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)
[Thr 2732] << -
End of Secude-SSL Errorstack -
No error messages in the BW WAS server.
Thanks for any help
Helen

I am trying to implement SSO thru Web Based Gui and using Digital Certificate for the user authentication.I have done the followings
1- I have configured my SAP ECC AS ABAP Server for SSO / HTTPS.
2- My server is signed with SAP AG test root Server certificate.
3- I am using x.509 free generator to generate Client certificate
4- I have mapped this client certificate in table USREXTID
5- I have also installed the above client certificate in my browser.
Now, when I am accessing the Server thru HTTPS web link, I am getting this Windows:
See the screenshot from the link.
http://www.zshare.net/image/812282264b4e0cc2/
On clicking Continue, the System asks for the User ID and Password:
See the screenshot from the link.
http://www.zshare.net/image/81228268eda10f1c/
I believe it shouldnu2019t ask for the user ID and password I as have installed the digital certificate and have maintained it under VUSREXTID
My SMICM log can be access thru
http://www.zshare.net/download/81220708a199f079/
Pls. advice
Saqib Ayub Khan

CRM_UI Reporting - HTTPS Terminating at Web Dispatcher or SSL all the way

Hi,
We need to set up access to crm_ui reports (leads and marketing mainly) in CRM 7.0 for vendors coming from the internet. The CRM server is in the internal network. In order for this to work I plan to setup the web-dispatcher in the application dmz. The initial login is going to be via the web dmz layer (using sun's iplanet server), which then routes the crm URL to the web dispatcher in the App dmz and then from the web dispatcher to CRM server.
One requirement from our security team is to set up the flow as HTTPS.
On going through SAP help I get the impression that it can be set up two ways, one, configuring web dispatcher to pass the SSL connection to backend, & two - configuring the web dispatcher to terminate SSL.
Seems the former is quite straight forward (from SAP online help we have to set the icm/server_port_<xx>> = PROT=ROUTER) but does it also require that we setup the crm_ui_frame service as SSL and activate the HTTPS service in ICM?
Or is it better to go via the second option (HTTPS termination) without changing the backend setup? SAP Online help lists steps to do the HTTPS termination but I have not come across any detailed documentation for the first method.
Any thoughts, suggestions will be helpful for either scenario.
Thanks,
Rommel Bhan

Thanks Martin the document helped.
Now the web dispatcher seems to talk to the HTTPS port on the backend.
However there is one issue I see in the dev_webdisp and was wondering if you have an insight.
Based on webdispatcher parameters, its taling to ms_https_port 8533 of backend
[Thr 773] Mon Feb 15 15:03:35 2010
[Thr 773] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 773] SecudeSSL_SessionStart: SSL_connect() failed --
[Thr 773] secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"
[Thr 773] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 773] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
[Thr 773] ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE"
[Thr 773] ERROR in get_path: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=sapcms02.reinternal.com, OU=I0020210975, OU=SAP Web AS, O=SAP Trust Community, C=DE> which does not fit the given PKRoot
[Thr 773] << -
End of Secude-SSL Errorstack -
[Thr 773] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"
[Thr 773] SSL NI-sock: local=10.104.146.81:62579 peer=10.104.146.81:8533
[Thr 773] <<- ERROR: SapSSLSessionStart(sssl_hdl=110acb850)==SSSLERR_SSL_CONNECT
[Thr 773] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxconn_mt.c 1911]
[Thr 773] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx_mt.c 5976]
[Thr 773] *** ERROR => Could not connect to SAP Message Server at sapcms02. URL=/msgserver/text/logon?version=1.2 [icrxx_mt.c 3289]
[Thr 773] *** ERROR => rc=-1, HTTP response code: 0 [icrxx_mt.c 3290]
[Thr 773] *** ERROR => see also SAP note 552286 [icrxx_mt.c 3291]
My backend is setup with SSL and web dispatcher is set to the following. Also since the backend and sapweb dispatcher are on the same host, using the same sidadm, the SSL stuff is on one location. I generated the SAPSSLS.pse in the backend using STRUST
Accessibility of Message Servers
rdisp/mshost = sapcms02
ms/http_port = 8100
ms/https_port = 8533
wdisp/server_info_protocol = https
SAP Web Dispatcher Ports
icm/server_port_0 = PROT=ROUTER,PORT=60000
icm/server_port_1 = PROT=HTTPS,PORT=0
icm/server_port_2 = PROT=HTTP,PORT=8080 <-- web dispatcher admin port
#SSL parameters similar to one in backend
ssf/ssfapi_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
sec/libsapsecu = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssf/name = SAPSECULIB
ssl/ssl_lib = /usr/sap/CMS/SYS/exe/run/libsapcrypto.o
ssl/server_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLS.pse
ssl/client_pse=/usr/sap/CMS/DVEBMGS00/sec/SAPSSLC.pse

SSL Re-encryption with Portal and Web Dispatcher: certificate expired

Hello,
I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
- is it correct that it uses localhost or am I missing anything?
- How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
Thanks,
Ingrid

Hi,
Go thru the contents of SAP Note,
685306 -Enabling SSL and renewing the J2EE certificate
And also the help contents in,
http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
These might of some help to you !
Regards
Srinivasan T

Web dispatcher with SSL

Hi,
We have EP 6.0 SP16 paltform on win2003/oracle.
We configured SSL, so we connect using https protocol.
We have two application servers for our portal platform.
For load balancing we use SAP Web Dispatcher.
we didn't configure SSL for the host where Web dispatcher resides. So we want web dispather to convert http requests to https.
For this purpose we used parameters
icm/server_port_0 = PROT=HTTP, PORT=8003
wdisp/ssl_encrypt = 2
as said in
http://help.sap.com/saphelp_nw04/helpdata/en/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm
we get error:
Detail: no valid destination server available for '!ALL' rc=7
How can we solve this error ?
Best regards

Hello ..,
By defining wdisp/ssl_encrypt = 2 in your pfl file is not enough. I'm assuming you ahve missed the following steps:-
1. Install the SAP Cryptographic Library on the SAP Web Dispatcher.
2. Set the profile parameters.
3. Create the SAP Web Dispatchers PSE(s) and certificate request(s).
4. Send the certificate request(s) to a CA to be signed.
5. Import the certificate request response(s) into the PSE.
6. Create credentials for the SAP Web Dispatcher.
7. Restart the SAP Web Dispatcher.
8. Test the connection.
You need to perform all the above mentioned steps for the SSL. Please refer this link:-
http://help.sap.com/saphelp_nw04/helpdata/en/39/09a63d7af20450e10000000a114084/frameset.htm
Regards
Vaib

SAP Web Dispatcher Configuration (SSL, certificates)

Hi all,
We're trying to configure the SAP Web Dispatcher for the use of SSL (terminated) and client authentication using x.509 certificates. All works (almost)fine. However, there's some strange behavior that I can not explain.
The following access point have been specified in the profile:
Description of the Access Points
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
icm/HTTPS/verify_client = 2
Basicly we only need users to access the web dispatcher using SSL. However, when I remove the line: icm/server_port_2 = PROT=HTTP, PORT=83, TIMEOUT=15
The Web Dispatcher returns an error upon accessing it using HTTPS:
Dispatching Error
Error: -26
Version: 6040
Component: HTTP_ROUTE
Date/Time: Tue Mar 14 07:19:38 2006
Module: http_route.c
Line: 2383
Server: sapvm1_DVS_26
Detail: no valid destination server available for '!ALL' rc=13
Any help would be highly appreciated. Thanks!
Frodo

Hi KS,
Maybe you were right afterall I found a nice How to on the servce.sap.com (https://websmp203.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000073632&_SCENARIO=01100035870000000202) and it seems you do have to add the HTTP server_port parameter in case SSL is being terminated (no re-encryption).
icm/server_port_0 = PROT=HTTPS, PORT=443, TIMEOUT=15
icm/server_port_1 = PROT=HTTP, PORT=0, TIMEOUT=15
However, the trick is to set the port to zero (0), that way you can still only access the Web Dispatcher via HTTPS.
All is working now.
Frodo

Web Dispatcher with SSL termination for EP

Hi All,
I want to configure SAP Web Dispatcher (installed on windows) for SSL
termination scenario. I did all the configuration steps, SSL Basic,
SSL termination steps without Metadata Exchange scenario.
But , when i am trying to access the portal using "
https://<DispatcherHost>:<Port>/irj/portal", its giving page
can not be displayed error
This is how the profile file of the dispatcher looks like,
profile file **************
Profile generated by sapwebdisp bootstrap
unique instance number
SAPSYSTEM = 2
Accessibility of Message Servers
rdisp/mshost = <portal server>
ms/http_port = 8101
SAP Web Dispatcher Parameter
wdisp/auto_refresh = 120
wdisp/max_servers = 100
wdisp/shm_attach_mode = 6
configuration for large scenario
icm/max_conn = 16384
icm/max_sockets = 16384
icm/req_queue_len = 6000
icm/min_threads = 100
icm/max_threads = 250
mpi/total_size_MB = 500
mpi/max_pipes = 21000
#maximum number of concurrent connections to one server
wdisp/HTTP/max_pooled_con = 2000
wdisp/HTTPS/max_pooled_con = 2000
SAP Web Dispatcher Ports
SAP Web Dispatcher Web Administration
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
icm/server_port_0 = PROT=HTTPS,PORT=5000
icm/server_port_1 = PROT=HTTP,PORT=0
icm/HTTPS/verify_client = 0
DIR_INSTANCE=D:\SAP_SSL\secudir
ssl/ssl_lib=D:\SAP_SSL\secudir\sapcrypto.dll
sss/server_pse=D:\SAP_SSL\secudir\SAPSSL.pse
wdisp/ssl_encrypt = 0
wdisp/add_client_protocol_header = true
profile file **************
After modifying the profile file, restarting the dispatcher gives the
following information in the command prompt,
Information in command prompt *******
D:\SAP_SSL\sapwebdisp\sapwebdisp pf=sapwebdisp.pfl
**Warning: Could not start service 5000 for protocol HTTPS on host
<hostname>" <on all adapters>
*SAP Web Dispatcher up and operational <pid: 1700>*
Information in command prompt *******
What may be problem? Did i miss out any steps ?
Please help !
Regards,
Sandip

Hi Sandip,
Please check this thread..
/thread/41459 [original link is broken]
cheers,
Prashanth
P.S : Please mark helpful answers

Web Dispatcher and SSL

Dear All,
I've configured Web Dispatcher with SSL. When I run command "sapwebdisp pf=sapwebdisp.pfl", my HTTPS service could not be started. It gives me error "WARNING: Could not start service 60000 for protocol HTTPS on host "myserver" (on all adapters)".
Any idea?
BTW, my SAP Web Dispatcher is up and running.
Rgds,
Hapizorr

HI Koti Reddy,
Below is the log from dev_webdisp. Any iddea?
trc file: "dev_webdisp", trc level: 1, release: "700"
sysno 00
sid
systemid 562 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 110
intno 20050900
make: multithreaded, ASCII, 64 bit, optimized
pid 2892
[Thr 2800] started security log to file dev_icm_sec
[Thr 2800] SAP Web Dispatcher running on: psahrmswd
[Thr 2800] MtxInit: 30001 0 2
[Thr 2800] IcmInit: listening to admin port: 65000
[Thr 2188] *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary
X.509 cert data will be removed from header [http_plgrt.c 670]
[Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist [http_adm.cpp 286]
[Thr 2188] *** WARNING => HttpAdmHandlerInit: archive ./wdispadmin.SAR does not exist - nothing extracted [http_adm.cpp 301]
[Thr 2188] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0
[Thr 2188] CsiInit(): Initializing the Content Scan Interface
[Thr 2188] PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 2188] CsiInit(): CSA_LIB = ".\sapcsa.dll"
[Thr 2188] *** ERROR => DlLoadLib: LoadLibrary(.\sapcsa.dll) Error 126 [dlnt.c 237]
[Thr 2188] Error 126 = "The specified module could not be found."
[Thr 2188] *** ERROR => HttpAuthHandlerInit: url: / -> failed -> content filter deactivated [http_auth.c 300]
[Thr 2188] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0
[Thr 2188] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0
[Thr 2188] =================================================
[Thr 2188] = SSL Initialization on PC with Windows NT
[Thr 2188] = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 2188] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "U:\secudir\sec\sapcrypto.dll"
 resulting Filename = "U:\secudir\sec\sapcrypto.dll"
[Thr 2188] SapISSLComposeFilename(): profile param "ssl/server_pse" = "U:\secudir\sec\SAPSSL.pse"
 resulting Filename = "U:\secudir\sec\SAPSSL.pse"
[Thr 2188] = found SAPCRYPTOLIB 5.5.5C pl24 (Jun 11 2008) MT-safe
[Thr 2188] = current UserID: PSAHRMSWD\Administrator
[Thr 2188] = found SECUDIR environment variable
[Thr 2188] = using SECUDIR=U:\secudir\sec
[Thr 2188] *** ERROR => secudessl_Create_SSL_CTX(): PSE "U:\secudir\sec\SAPSSL.pse" not found! [ssslsecu.c 1296]
[Thr 2188] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 2188] >> -
Begin of Secude-SSL Errorstack -
>>
[Thr 2188] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "U:\secudir\sec\SAPSSL.pse"
[Thr 2188] << -
End of Secude-SSL Errorstack -
[Thr 2188] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 2188] =================================================
[Thr 2188] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 2188] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 319]
[Thr 2800] IcmCreateWorkerThreads: created worker thread 0
[Thr 2800] IcmCreateWorkerThreads: created worker thread 1
[Thr 2800] IcmCreateWorkerThreads: created worker thread 2
[Thr 2800] IcmCreateWorkerThreads: created worker thread 3
[Thr 2800] IcmCreateWorkerThreads: created worker thread 4
[Thr 2800] IcmCreateWorkerThreads: created worker thread 5
[Thr 2800] IcmCreateWorkerThreads: created worker thread 6
[Thr 2800] IcmCreateWorkerThreads: created worker thread 7
[Thr 2800] IcmCreateWorkerThreads: created worker thread 8
[Thr 2800] IcmCreateWorkerThreads: created worker thread 9
[Thr 2832] IcmWatchDogThread: watchdog started

Web dispatcher "Error : PSE file ,unable to use! "

Hello,
I has a SAP Netweaver kernel 7.01 with oracle database.
I tried to config web dispatcher to support ssl by following the link below.
[http://help.sap.com/saphelp_nw04s/helpdata/en/39/09a63d7af20450e10000000a114084/content.htm]
I has done all step successfully.
But when I started web dispatcher I got these error in the log file.
[Thr 8688] profile param "ssl/server_pse" = "E:\webdispatcher\sec\SAPSSL.pse"
 resulting Filename = "E:\webdispatcher\sec\SAPSSL.pse"
[Thr 8688] *** ERROR => secudessl_Create_SSL_CTX(): PSE "E:\webdispatcher\sec\SAPSSL.pse": unable to use! [ssslsecu.c 1735]
[Thr 8688] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 8688] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 8688] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\webdispatcher\sec\SAPSSL.pse"
ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\webdispatcher\sec\SAPSSL.pse"
ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\webdispatcher\sec\SAPSSL.pse"
ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\webdispatcher\sec\SAPSSL.pse"
ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\webdispatcher\sec\SAPSSL.pse"
[Thr 8688] << ---------- End of Secude-SSL Errorstack ----------
[Thr 8688] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
 for "E:\webdispatcher\sec\SAPSSL.pse" [ssslxxi.c 2324]
[Thr 8688] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 8688] =================================================
I search the forum but didn't see "file pse unable to use!" issue.
Is this about wrong certificate when import cer to PSE file or something else?
Any help will be appriciate.
Thank you
Chai

Hi,
I am facing same issue.
Please revet, if you resolved the same.
pasting log here.
Response will be appreciated.
trc file: "dev_webdisp", trc level: 1, release: "720"
sysno 00
sid WD1
systemid 390 (AMD/Intel x86_64 with Linux)
relno 7200
patchlevel 0
patchno 68
intno 20020600
make multithreaded, ASCII, 64 bit, optimized
profile /usr/sap/WD1/SYS/profile/WD1_W00_sapportal
pid 4382
[Thr 140272010733408] Fri Nov 1 11:41:50 2013
[Thr 140272010733408] started security log to file ./dev_icm_sec
[Thr 140272010733408] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 140272010733408] SAP Web Dispatcher running on: sapportal.abrajoman.com
[Thr 140272010733408] MtxInit: 30001 0 2
[Thr 140272010733408] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&4382&) [icxxrout_mt. 1914]
[Thr 140272010733408] IcmInit: listening to admin port: 65000
[Thr 140272010733408] MPI: dynamic quotas disabled.
[Thr 140272010733408] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
[Thr 140272010733408] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
[Thr 140272010733408] CCMS: Initalized shared memory of size 40000000 for monitoring segment.
[Thr 140272010733408] CCMS: Checking Downtime Configuration of Monitoring Segment.
[Thr 140272010733408] IcrCoreInitSessionTable: Session table initialized
[Thr 140271863756544] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
[Thr 140271863756544] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f9390000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f9390000a10
[Thr 140271863756544] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f93900012e0), slot=1, flags=12293) for /, active: 1, table 0x7f9390000a10
[Thr 140271863756544] CsiInit(): Initializing the Content Scan Interface
[Thr 140271863756544] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
[Thr 140271863756544] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
[Thr 140271863756544] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f9390001440), slot=2, flags=12293) for /, active: 1, table 0x7f9390000a10
[Thr 140271863756544] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f9390008340), slot=3, flags=1060869) for /, active: 1, table 0x7f9390000a10
[Thr 140271863756544] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
[Thr 140271863756544] =================================================
[Thr 140271863756544] = SSL Initialization platform tag=(linuxx86_64_gcc41)
[Thr 140271863756544] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 140271863756544] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 140271863756544] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
[Thr 140271863756544] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 140271863756544] = current UserID: "wd1adm", env-var USER="wd1adm"
[Thr 140271863756544] = using SECUDIR=/usr/sap/WD1/W00/sec
[Thr 140271863756544] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
[Thr 140271863756544] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 140271863756544] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 140271863756544] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 140271863756544] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
[Thr 140271863756544] << ---------- End of Secude-SSL Errorstack ----------
[Thr 140271863756544] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
[Thr 140271863756544] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 140271863756544] =================================================
[Thr 140271863756544]
[Thr 140271863756544] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 140271863756544] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
[Thr 140271863756544] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
[Thr 140272010733408] SigISetDefaultAction : default handling for signal SIGCHLD
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 0
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 1
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 2
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 3
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 4
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 5
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 6
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 7
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 8
[Thr 140272010733408] IcmCreateWorkerThreads: created worker thread 9
[Thr 140271863756544] IcmWatchDogThread: watchdog started
[Thr 140271847081728] Fri Nov 1 11:42:57 2013
[Thr 140271847081728] *** ERROR => NULL bytes in HTTP request {0005000c} [http_plgrt_mt.c 6025]
[Thr 140271847081728] CONNECTION (id=5/12):
used: 1, type: default, role: Server(1), stateful: 0
NI_HDL: 59, protocol: HTTP(1)
local host: 192.168.22.2:8100 ()
remote host: 192.168.2.8:56650 ()
status: READ_REQUEST
connect time: 01.11.2013 11:42:57
MPI request: <c> MPI response: <d>
request_buf_size: 65464 response_buf_size: 0
request_buf_used: 122 response_buf_used: 0
request_buf_offset: 0 response_buf_offset: 0
[Thr 140271847081728] Address Offset REQUEST:
[Thr 140271847081728] ------------------------------------------------------------------------
[Thr 140271847081728] 0x7f9399f8d068 000000 16030100 75010000 71030152 73499529 |....u...q..RsI.)|
[Thr 140271847081728] 0x7f9399f8d078 000016 9f988ed3 cb861e2f 7260cac7 978a9a30 |......./r`.....0|
[Thr 140271847081728] 0x7f9399f8d088 000032 b74f3103 f3feea03 2b336a00 0018002f |.O1.....+3j..../|
[Thr 140271847081728] 0x7f9399f8d098 000048 00350005 000ac013 c014c009 c00a0032 |.5.............2|
[Thr 140271847081728] 0x7f9399f8d0a8 000064 00380013 00040100 0030ff01 00010000 |.8.......0......|
[Thr 140271847081728] 0x7f9399f8d0b8 000080 00000e00 0c000009 73617070 6f727461 |........sapporta|
[Thr 140271847081728] 0x7f9399f8d0c8 000096 6c000500 05010000 0000000a 00060004 |l...............|
[Thr 140271847081728] 0x7f9399f8d0d8 000112 00170018 000b0002 0100 |.......... |
[Thr 140271847081728] ------------------------------------------------------------------------
[Thr 140271847081728] *** ERROR => HttpPlugInHandleNetData: HttpParseRequestHeader failed (rc=701) [http_plgrt_m 2250]
Trace File
 (7784bytes)
Line: Filter:
Thanks,
Kundan

Web dispatcher SSL error

Similar Messages

Maybe you are looking for