Web Dispatcher - SSL - Portal

Hi,
I have configured Web Dispatcher for SSL Termination to the portal. When I go to my https://... Web Dispatcher address, the portal comes up but the address in the browser changes to http://....
What could the problem be? Why is the Web Dispatcher terminating the SSL between it & the browser? There's nothing in the trace file that indicates a problem.
Many thanks in advance.
Regards
Jane

Hi Jane Tooke,
                      In the profile file of web dispatcher which is " sapwebdisp.pfl " located in the sapwebdisp directory, please check if the following parameter exists. This parameter describes how the inbound connections are handled by web dispatcher.
wdisp/ssl_encrypt
the possible values for this parameter are < 0, 1, 2 >
wdisp/ssl_encrypt = 0 ( this means the SSL is terminated when sending to the 
                                   back end server )
wdisp/ssl_encrypt = 1 ( the SSL is terminated and then SSL encrypted again by
                                   webdispatcher )
wdisp/ssl_encrypt = 2  ( the SSL is not terminated and request is sent encrypted
                                     to the back end )
The default value of this parameter is " 0 " . So, set it as appropriate to solve your purpose. Please refer to the following link to find more explanation about each of the profile parameters of the web dispatcher.
http://help.sap.com/saphelp_nw04/helpdata/en/de/89023c59698908e10000000a11402f/frameset.htm
Sai Kondapi

Similar Messages

  • Web Dispatcher SSL query

    Our web disp URL does not work after implementing SSL. (when we access the URL, it's not reachable)
    In the error logs, I find:
    ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "E:\usr\sap\WDE\W00\sec\SSP_WDE_PSE_20090922.pse
    In [this msg (scroll to bottom)|SAP Web Dispatcher SSL Error;, I saw that the PIN should be set for the user that starts up the service (SAPServiceWDE) as well.
    Now my query is:
    1. I have set the pse pin using WDEADM. How can I set the pse pin again for SAPServiceWDE ?
    2. Will this command (after logging in to the OS with SAPServiceWDE) work:
    sapgenpse get_pse -noreq -p <PSE path> -x <existing PSE PIN> [DN]
    3. Will I have to regenerate the CSR and get a response again?
    Note: We have Windows OS

    2 --- Yes, it will work
    3 --- not reqd

  • SSL Configuration between Web Dispatcher and Portal

    Here is the scenario:
    INTERNET -
    https--> WEB DISPATCHER (decryipts)-https> PORTAL
    When a request for portal page is sent to WEB DISPATCHER, it gives the following error in dev_webdisp:
    [Thr 1087416640] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed
    ERROR in af_verify_Certificates: (12851/0x3233) Verification of one certificate of path failed because the CA flag of its basic constraints is set to FALSE
    ERROR in check_basicConstraints: (12851/0x3233) Verification of one certificate of path failed because the CA flag of its basic constraints is set to FALSE
    I am using SAP's test certificates and there is no documentation for the error as far as I know.
    Any ideas ?

    Hi Cristiano,
    I solved the problem.
    This error message is being caused by the mismatch between the issuer (SAP Test) and server pse generation strings (for example O and OU values ).
    As the documentation suggests:
    "For example, if you use the SAP CA, the naming convention is CN=<host_name>, OU=I<installation_number>-<company_name>, OU=SAP Web AS, O=SAP Trust Community, C=DE."
    Thanks for the reply,
    Best Wishes
    Edited by: Yuksel Guney Hanedan on Aug 6, 2010 4:35 PM

  • Web dispatcher SSL error

    Hi, All
    I am using webdispatcher as reverse proxy for SSL terminiation. let me explain my steps.
    to create pse
    1-get request file
    sapgenpse get_pse u2013s2048 -p C:\usr\sap\FW2\W00\sec\SAPSSLS.pse  -r C:\usr\sap\FW2\W00\sec\SAPSSLS.req  "CN=portal.xxx.com, OU=xxx company"
    I got request file.
    2-import
    sapgenpse import_own_cert -p C:\usr\sap\FW2\W00\sec\SAPSSLS.pse -c C:\usr\sap\FW2\W00\sec\reponse.cer -r C:\usr\sap\FW2\W00\sec\subroot.cer -r C:\usr\sap\FW2\W00\sec\root.cer -x 12345
    CA-Response successfully import int0 PSE
    3-create credentials
    sapgenpse seclogin -p C:\usr\sap\FW2\W00\SAPSSLS.pse -x 12345 -O SAPServiceFW2
    Added SSO-credentials for PSE "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse
    4-I also check permission of SAPSSLS.pse for SAPServiceFW2 and fw2adm (win 2008 )
    5- sapcrypto installed
    here profile parameters
    wdisp/shm_attach_mode = 6
    rdisp/mshost = xxxxx
    ms/http_port = 8101
    DIR_INSTANCE = C:\usr\sap\FW2\W00
    ssl/ssl_lib = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
    ssl/server_pse = C:\usr\sap\FW2\W00\sec\SAPSSLS.pse
    wdisp/auto_refresh = 120
    wdisp/max_servers = 100
    icm/server_port_0 = PROT=HTTPS, PORT=443
    icm/server_port_1 = PROT=HTTP, PORT=80
    icm/HTTP/admin_0 = PREFIX=/sap(wdisp/admin,DOCROOT=./admin
    wdisp/ssl_encrypt = 0
    wdisp/add_client_protocol_header = true
    icm/HTTPS/verify_client = 0
    icm/HTTPS/trust_client_with_issuer = *
    icm/HTTPS/trust_client_with_subject = *
    ssf/name = SAPSECULIB
    ssf/ssfapi_lib = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
    sec/libsapsecu = C:\usr\sap\FW2\W00\sec\sapcrypto.dll
    here dev_webdisp
    trc file: "dev_webdisp", trc level: 1, release: "700"
    sysno      00
    sid        FW2
    systemid   562 (PC with Windows NT)
    relno      7000
    patchlevel 0
    patchno    250
    intno      20050900
    make:      multithreaded, ASCII, 64 bit, optimized
    pid        3612
    [Thr 3500] started security log to file dev_icm_sec
    [Thr 3500] SAP Web Dispatcher running on: webdisp.com
    [Thr 3500] MtxInit: 30001 0 2
    [Thr 3500] IcmInit: listening to admin port: 65000
    [Thr 3500] IcrCoreInitSessionTable: Session table initialized
    [Thr 3896] =================================================
    [Thr 3896] = SSL Initialization  on  PC with Windows NT
    [Thr 3896] =   (700_REL,May  3 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
    [Thr 3896]   profile param "ssl/ssl_lib" = "C:\usr\sap\FW2\W00\sec\sapcrypto.dll"
               resulting Filename = "C:\usr\sap\FW2\W00\sec\sapcrypto.dll"
    [Thr 3896]   profile param "ssl/server_pse" = "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
               resulting Filename = "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    [Thr 3896] =   found SAPCRYPTOLIB  5.5.5C pl30  (Jul 23 2010) MT-safe
    [Thr 3896] =   current UserID: FRIK\SapServiceFW2
    [Thr 3896] =   found SECUDIR environment variable
    [Thr 3896] =   using SECUDIR=C:\usr\sap\FW2\W00\sec
    [Thr 3896] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse" not found! [ssslsecu.c   1360]
    [Thr 3896] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
      secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 3896] >> -
    Begin of Secude-SSL Errorstack -
    >>
    [Thr 3896] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse"
    [Thr 3896] << -
    End of Secude-SSL Errorstack -
    [Thr 3896] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
            for "C:\usr\sap\FW2\W00\sec\SAPSSLS.pse" [ssslxxi.c    2314]
    [Thr 3896] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 3896] =================================================
    [Thr 3896] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 3896] HttpSubHandlerAdd: Added handler HttpRedirectHandler(slot=0, flags=4098) for /:0
    [Thr 3896] HttpExtractArchive: files from archive C:\usr\sap\FW2\SYS\exe\nuc\NTAMD64/wdispadmin.SAR in directory . are up to date
    [Thr 3896] HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=1, flags=4101) for /sap(wdisp/admin:0
    [Thr 3896] CsiInit(): Initializing the Content Scan Interface
    [Thr 3896]            PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
    [Thr 3896] CsiInit(): CSA_LIB = "C:\usr\sap\FW2\SYS\exe\nuc\NTAMD64\sapcsa.dll"
    [Thr 3896] HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=2, flags=12293) for /:0
    [Thr 3896] HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=3, flags=28677) for /:0
    [Thr 3896] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   319]
    [Thr 3896] Started service 80 for protocol HTTP on host "webdisp.com"(on all adapters) (processing timeout=60, keep_alive_timeout=30)
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 0
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 1
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 2
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 3
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 4
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 5
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 6
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 7
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 8
    [Thr 3500] IcmCreateWorkerThreads: created worker thread 9
    [Thr 3336] IcmWatchDogThread: watchdog started
    Regards
    ABH
    Edited by: ABH on Oct 13, 2010 9:34 AM

    Hi,
    it was domain installation. But I needed to create SAPServieSID user on the local too. this solved my problem. I gave required permmison to pse again for local user. it is sound weird but it is working now.
    Regrads
    ABH

  • Using web dispatcher for portal and BW access

    We currently have SAP's Web Dispatcher installed in our DMZ, which links the outside world to our internal enterprise portal installation.  This configuration works fine for portal connectivity (see sapwebdisp.pfl below).  However, we have BW reports (BW report iViews and URL iViews) which are accessed via the portal. 
    I do not know what configuration (if any) needs to additionally be set up on the Web Dispatcher host to allow connectivity.  Currently, when accessing a BW report via the portal (coming from the Web Dispatcher) the report request is immediately terminated with an error due to a DNS lookup error (as the BW server is on our internal segment).
    The Web Dispatcher is aware of both the internal portal server and BW server IP address and hostname and has the appropriate access (port/firewall) to retrieve these reports.  Further, the HTTPURLLOC table is maintained (see example below) on the BW server as recommended in SAP Note 750292 (help file = http://help.sap.com/saphelp_nw04s/helpdata/en/59/31ae42e0fac911e10000000a1550b0/frameset.htm)
    However, I can't get BW reports to work remotely.  Should Is there something else that should be added to the Web Dispatcher's configuration?  Is there something that I should be doing on the iView side (ie. not hardcoding hostname / port to the query string?).  Please advise.  Thanks!
    sapwebdisp.pfl
    Profile generated by sapwebdisp bootstrap
    unique instance number
    SAPSYSTEM = 0
    Accessibility of Message Servers
    rdisp/mshost = epprd1
    ms/http_port = 8101
    SAP Web Dispatcher Parameter
    wdisp/auto_refresh = 120
    wdisp/max_servers = 100
    wdisp/add_clientprotocol_header = 1
    wdisp/shm_attach_mode = 6
    configuration for default scenario (medium size)
    icm/max_conn      = 500
    icm/max_sockets   = 1024
    icm/req_queue_len = 500
    icm/min_threads   = 10
    icm/max_threads   = 50
    mpi/total_size_MB = 80
    #maximum number of concurrent connections to one server
    wdisp/HTTP/max_pooled_con = 500
    wdisp/HTTPS/max_pooled_con = 500
    SAP Web Dispatcher Ports
    icm/server_port_0 = PROT=HTTP,PORT=80
    icm/server_port_1 = PROT=ROUTER,PORT=443
    SAP Web Dispatcher Web Administration
    icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin
    HTTPURLLOC table (BW):
    MANDT
    SORT_KEY
    PROTOCOL
    APPLICATN
    FOR_DOMAIN
    HOST
    PORT
    100
    10
    HTTPS
    /SAP/BW/BEX
    Internal_host.company.COM
    8443
    100
    20
    HTTPS
    /SAP/BW/BEX
    webdispatcher_host.company.COM
    443

    Hi James -
    We're running EP 6.0 SP16 (WebAS 640 NW04) and BW 3.1/3.2 Content (WebAS 620).

  • SAP Web Dispatcher for Portal reverse proxy

    Hi Experts,
    I am on EP6.0 SP20 and trying to use SAP web dispatcher as reverse proxy.
    I followed the below web log to configure the web dispatcher.
    [How to...Configure SAP Webdispatcher as a reverse proxy|How to...Configure SAP Webdispatcher as a reverse proxy]
    I still have some problems logging into the Portal through the web dispatcher.
    Web Dispatcher is in the DMZ not behind the firewall. We opened the port 80 only for Web dispatcher server.
    We are getting an error in the browser,
    http://<host of portal>.<domain name>:50000/irj/portal can not be recognized.
    I have no clue to how to get rid of this error. any help will be greatly appreciated.
    Regards,

    Hi,
    I do not know the exact ESS WebDynpro you are using but it may be possible that these WebDynpros use absolute URLs which of course do not point to the hostname and port of the Web Dispatcher.
    There are several ways to circumvent this:
    Please check http://help.sap.com/saphelp_nw04s/helpdata/en/62/5f374ff72c40478fcba2bb4fa79ddf/frameset.htm and add the parameters wdisp/add_client_protocol_header and (more important for you: wdisp/handle_webdisp_ap_header) to the WebDynpro configuration.
    (A nice explenation why we have to use this can be found here: https://www.sdn.sap.com/irj/sdn/wiki?path=/display/bsp/using+proxies&)
    another way would be to tell the J2EE engine directly that it is behind a WebDispatcher, by setting the ProxyMappings (http://help.sap.com/saphelp_nw70/helpdata/en/b8/437d46d4451e4c9ab756e272a1581d/frameset.htm)
    Regards,
    Holger.

  • SAP Web Dispatcher SSL Error

    We are having issues with our SSL connection to the SAP Web AS.  Below is the error in the log files:
    [Thr 472] =================================================
    [Thr 472] = SSL Initialization  on  PC with Windows NT
    [Thr 472] =   (700_REL,Jul 14 2008,mt,ascii,SAP_UC/size_t/void* = 8/32/32)
    [Thr 472]   profile param "ssl/ssl_lib" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
               resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sapcrypto.dll"
    [Thr 472]   profile param "ssl/server_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
               resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    [Thr 472]   profile param "ssl/client_pse" = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
               resulting Filename = "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\SAPSSLC.PSE"
    [Thr 472] =   found SAPCRYPTOLIB  5.5.5C pl24  (Jun 11 2008) MT-safe
    [Thr 472] =   current UserID: NT AUTHORITY\SYSTEM
    [Thr 472] =   found SECUDIR environment variable
    [Thr 472] =   using SECUDIR=c:\program files\sap\sapwebdisp\
    [Thr 472] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse" not found! [ssslsecu.c   1354]
    [Thr 472] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
      secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 472] >> -
    Begin of Secude-SSL Errorstack -
    >>
    [Thr 472] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<Our PSE>.pse"
    [Thr 472] << -
    End of Secude-SSL Errorstack -
    [Thr 472] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
            for "C:\Program Files\SAP\SAPWebDisp\DEV\<Our Site>\sec\<OurPSE>.pse" [ssslxxi.c    2278]
    [Thr 472] Tue Mar 31 13:30:06 2009
    [Thr 472] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 472] =================================================
    [Thr 472] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 472] *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   319]
    [Thr 3744] IcmCreateWorkerThreads: created worker thread 0
    [Thr 2952] *** ERROR => IcmConnClientRqCreate: No service for protocol HTTPS started [icxxconn.c   2701]
    [Thr 2952] *** ERROR => IcmConnClientRqCreate() failed (rc=-1) [icrxx.c      5234]
    [Thr 2952] *** ERROR => Could not connect to SAP Message Server at onebase. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2591]
    [Thr 2952] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2592]
    [Thr 2952] *** ERROR => see also OSS note 552286 [icrxx.c      2593]
    [Thr 3744] IcmCreateWorkerThreads: created worker thread 1
    [Thr 3744] IcmCreateWorkerThreads: created worker thread 2
    [Thr 3744] IcmCreateWorkerThreads: created worker thread 3
    [Thr 3744] IcmCreateWorkerThreads: created worker thread 4
    [Thr 3292] IcmWatchDogThread: watchdog started
    I've already used sapgenpse seclogin -p <PSE File> -x <PIN> to create a pin.  I've also gone and deleted the old pin that used to be there and created a new one.
    Also I noticed it says "Beware: changing a PIN of a PSE will not auto-update the SSO-credential
    Beware: adding a new credential will not auto-update an existing credential"
    So once you change it how do you update it?  Do you need to reboot the Web Dispatcher or do you just need to restarted the service?

    I am also facing same issue.
    I have added credentials also and successfully done.
    Here attaching trace file. Please suggest
    trc file: "dev_webdisp", trc level: 1, release: "720"
    sysno 00
    sid WD1
    systemid 390 (AMD/Intel x86_64 with Linux)
    relno 7200
    patchlevel 0
    patchno 68
    intno 20020600
    make multithreaded, ASCII, 64 bit, optimized
    profile /usr/sap/WD1/profile/WD1_W00_sapportal
    pid 26732
    [Thr 139840314074976] Thu Oct 31 13:54:15 2013
    [Thr 139840314074976] *** WARNING => The maximum number of sockets supported on this host is 1020.
    This is less than the number of sockets configured in parameter icm/max_sockets (8192) [icxxrout_mt. 3417]
    [Thr 139840314074976] started security log to file ./dev_icm_sec
    [Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
    [Thr 139840314074976] SAP Web Dispatcher running on: sapportal.abrajoman.com
    [Thr 139840314074976] MtxInit: 30001 0 2
    [Thr 139840314074976] ***LOG IM1=> IcmInit, Startup (SAP Web Dispatcher&sapportal.abrajoman.com&26732&) [icxxrout_mt. 1914]
    [Thr 139840314074976] IcmInit: listening to admin port: 65000
    [Thr 139840314074976] MPI: dynamic quotas disabled.
    [Thr 139840314074976] MPI init: pipes=4000 buffers=1279 reserved=383 quota=10%
    [Thr 139840314074976] CCMS: SemInMgt: Semaphore Management initialized by AlAttachShm_Ext.
    [Thr 139840314074976] CCMS: SemInit: Semaphore 38 initialized by AlAttachShm_Ext.
    [Thr 139840314074976] CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
    [Thr 139840314074976] IcrCoreInitSessionTable: Session table initialized
    [Thr 139840167098112] HttpExtractArchive: files from archive /usr/sap/WD1/SYS/exe/run/wdispadmin.SAR in directory /usr/sap/WD1/W00/data/icmandir are up to date
    [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAdminHandler(0x7f2f0c000e70), slot=0, flags=36869) for /sap/admin, active: 1, table 0x7f2f0c000a10
    [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpModHandler(0x7f2f0c0012e0), slot=1, flags=12293) for /, active: 1, table 0x7f2f0c000a10
    [Thr 139840167098112] CsiInit(): Initializing the Content Scan Interface
    [Thr 139840167098112] AMD/Intel x86_64 with Linux (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)
    [Thr 139840167098112] CsiInit(): CSA_LIB = "/usr/sap/WD1/SYS/exe/run/libsapcsa.so"
    [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpAuthHandler(0x7f2f0c001440), slot=2, flags=12293) for /, active: 1, table 0x7f2f0c000a10
    [Thr 139840167098112] HttpISubHandlerAdd: Added handler HttpWebDispHandler(0x7f2f0c008340), slot=3, flags=1060869) for /, active: 1, table 0x7f2f0c000a10
    [Thr 139840167098112] Started service PORT=8100,PROT=HTTP,TIMEOUT=60,PROCTIMEOUT=60
    [Thr 139840167098112] =================================================
    [Thr 139840167098112] = SSL Initialization platform tag=(linuxx86_64_gcc41)
    [Thr 139840167098112] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
    [Thr 139840167098112] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840167098112] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840167098112] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
    [Thr 139840167098112] = current UserID: "wd1adm", env-var USER="wd1adm"
    [Thr 139840167098112] = using SECUDIR=/usr/sap/WD1/W00/sec
    [Thr 139840167098112] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
    [Thr 139840167098112] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
    [Thr 139840167098112] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 139840167098112] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
    [Thr 139840167098112] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840167098112] << ---------- End of Secude-SSL Errorstack ----------
    [Thr 139840167098112] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
    for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
    [Thr 139840167098112] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 139840167098112] =================================================
    [Thr 139840167098112]
    [Thr 139840167098112] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 139840167098112] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
    [Thr 139840167098112] *** WARNING => Could not start service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 651]
    [Thr 139840314074976] SigISetDefaultAction : default handling for signal SIGCHLD
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 0
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 1
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 2
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 3
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 4
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 5
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 6
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 7
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 8
    [Thr 139840314074976] IcmCreateWorkerThreads: created worker thread 9
    [Thr 139840167098112] IcmWatchDogThread: watchdog started
    [Thr 139840148838144] Thu Oct 31 13:54:36 2013
    [Thr 139840148838144] =================================================
    [Thr 139840148838144] = SSL Initialization platform tag=(linuxx86_64_gcc41)
    [Thr 139840148838144] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
    [Thr 139840148838144] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840148838144] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840148838144] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
    [Thr 139840148838144] = current UserID: "wd1adm", env-var USER="wd1adm"
    [Thr 139840148838144] = using SECUDIR=/usr/sap/WD1/W00/sec
    [Thr 139840148838144] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
    [Thr 139840148838144] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
    [Thr 139840148838144] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 139840148838144] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
    [Thr 139840148838144] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840148838144] << ---------- End of Secude-SSL Errorstack ----------
    [Thr 139840148838144] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
    for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
    [Thr 139840148838144] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 139840148838144] =================================================
    [Thr 139840148838144]
    [Thr 139840148838144] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 139840148838144] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
    [Thr 139840148838144] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
    [Thr 139840148838144] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
    [Thr 139840151480064] Fri Nov 1 10:54:13 2013
    [Thr 139840151480064] =================================================
    [Thr 139840151480064] = SSL Initialization platform tag=(linuxx86_64_gcc41)
    [Thr 139840151480064] = (720_REL,Oct 15 2010,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
    [Thr 139840151480064] profile param "ssl/ssl_lib" = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840151480064] resulting Filename = "/usr/sap/WD1/exe/libsapcrypto.so"
    [Thr 139840151480064] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
    [Thr 139840151480064] = current UserID: "wd1adm", env-var USER="wd1adm"
    [Thr 139840151480064] = using SECUDIR=/usr/sap/WD1/W00/sec
    [Thr 139840151480064] profile param "ssl/server_pse" = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] resulting Filename = "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/WD1/W00/sec/epssl.pse": unable to use! [ssslsecu_mt. 1735]
    [Thr 139840151480064] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
    [Thr 139840151480064] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
    [Thr 139840151480064] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
    [Thr 139840151480064] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/WD1/W00/sec/epssl.pse"
    [Thr 139840151480064] << ---------- End of Secude-SSL Errorstack ----------
    [Thr 139840151480064] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
    for "/usr/sap/WD1/W00/sec/epssl.pse" [ssslxxi_mt.c 2324]
    [Thr 139840151480064] *** ERROR => Initialization of SSL library failed -- NO SSL available!
    [Thr 139840151480064] =================================================
    [Thr 139840151480064]
    [Thr 139840151480064] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
    [Thr 139840151480064] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 251]
    [Thr 139840151480064] *** WARNING => Could not reactivate service (rc=-14) PORT=8300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=900,VCLIENT=0 [icxxserv_mt. 1550]
    [Thr 139840151480064] *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8300, HTTPS(rc=-14) [icrxxadmin_m 5519]
    Trace File
       (11768bytes)
    Thanks,
    Kundan

  • Error when configuring Web Dispatcher for SSL with Enterprise Portal

    We are in the process of configuring the Web Dispatcher using SSL to connect to our Enterprise Portal (the Web Dispatcher will be in the DMZ).  We have followed all of the help.sap.com guides and now have SSL listening on the EP side (port 8103).  We are now receiving this strange certificate error when we start the Web Dispatcher:
    [Thr 5332] Tue Mar 20 00:36:23 2007
    [Thr 5332]   MatchTargetName("<FULLY QUALIFIED HOSTNAME>", "CN=XXX, OU=XXX, O=XXXX, C=XX") FAILS
    [Thr 5332]   SSL socket: local=<IPADDRESS>:4742  peer=<IPADDRESS>:8103
    [Thr 5332] <<- ERROR: SapSSLSessionStart(sssl_hdl=009D7670)==SSSLERR_SERVER_CERT_MISMATCH
    [Thr 5332] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-30): SSSLERR_SERVER_CERT_MISMATCH [icxxconn.c 2005]
    [Thr 5332] *** ERROR => IcmConnClientRqCreate() failed (rc=-14) [icrxx.c      4919]
    [Thr 5332] *** ERROR => Could not connect to SAP Message Server at <FULLY QUALIFIED HOST NAME>. URL=/msgserver/text/logon?version=1.2 [icrxx.c      2301]
    [Thr 5332] *** ERROR => rc=-1, HTTP response code: 0 [icrxx.c      2302]
    [Thr 5332] *** ERROR => see also OSS note 552286 [icrxx.c      2303]
    We have gone through the trouble shooting note 552286 as listed in the error above.  Any assistance is appreciated.

    Hello, did you receive any resolution for this problem?  We are receiving a similar error and I am unsure of how to resolve.

  • SSL Re-encryption with Portal and Web Dispatcher: certificate expired

    Hello,
    I am trying to set up HTTPS connection to the Portal through SAP Web Dispatcher. We are using SSL Re-encryption. I think I got everything set up correctly. When trying to access through a Web browser the web dispatcher trace file shows error message 'certificate expired'. Looking at the Portal (Visual admin - Keystore) I am pretty sure it is the service-ssl with localhost. It is expired. Two questions:
    - is it correct that it uses localhost or am I missing anything?
    - How would I recreate the certificate? (I am sure it is somewhere in the Online documentation, but haven't found it yet). Can I do this while the Portal is productive without breaking the normal access (http) to the Portal. This is our Production portal.
    Thanks,
    Ingrid

    Hi,
    Go thru the contents of SAP Note,
    685306 -Enabling SSL and renewing the J2EE certificate
    And also the help contents in,
    http://help.sap.com/saphelp_nw04/helpdata/en/65/6a563cef658a06e10000000a11405a/content.htm
    These might of some help to you !
    Regards
    Srinivasan T

  • WebAS access via Portal: Web Dispatcher required for load balancing ABAP

    Hi Folks -
    We have EP 6.0 SP18 (Java only, WebAS 6.40, Unix/Solaris).  The portal has a CI/SCS and one DI so we have a Web Dispatcher to load balance the portal servers. This works fine (and provides port 80 access).
    This portal will provide access to HTTP services from an ABAP WebAS (6.20 with 6.40 kernel, Unix/Solaris). A landscape configuration entry has been added to the portal for this ABAP system. The ABAP system has a CI and multiple app servers, all capable of handling HTTP requests.  This will also require port 80 access.
    1. Will we need an additional Web Dispatcher to load balance HTTP requests to the 'backend' ABAP WebAS system, or will the portal be smart enough to handle the load balancing itself (perhaps based on the information in the landscape configuration)?
    2. If the portal itself handles the HTTP load balancing can you point me to documentation (so I can make sure I have proper configuration)? 
    3. Are there any changes to this with NW2004s Portal (we plan to upgrade soon)?
    Thanks in advance!  Jeff

    Jeff,
    Regarding:
    Q1. If you create a system object from the "SAP system with load balancing" template in portal and configure the object to point to your CI (msg server), the LB should be handled.
    Q2. Portal load balancing is handled by the message server.  If you point a test URL to the port of your message server, you will notice that you are issued a redirect the URL of your dialog instance.  The web dispatcher is just a proxy (with some intelligence).  When a request is made to the WD, it makes a connection to the MSG server, the list of active instances is queried, a redirect is made to that instanct.  If you use WD, that connection can be proxied behind a standard URL.   If you connect directly to the MSG Server instead, you will notice your URL change, just as it does on the service marketplace.
    WDs are good for providing services, masked (proxied) behind virtual names.  If you do not want the customer to see a physical URL of the server, use the WD.  There are lots of other solutions that can do this too though such as Apache, ISA, Juniper devices, Cisco LDs.  WDs have a very low performance threshold though, especially if you use SSL. WD is a performance bottleneck and should be benchmarked to see if it is right for your application.
    Q3. No changes this architecture in 04s.
    jwise

  • Web Dispatcher not doing the load balancing on the portal

    Hi Experts
    I am having a production issue where the SAP web dispatcher is not doing the load balancing on the portal.
    We have ESS/MSS portal with 1 Message server and 2 Application servers. The Web dispatcher is installed on the message server itself. Here is my Web disp profile file
    Profile generated by sapwebdisp bootstrap
    unique instance number
    SAPSYSTEM = 16
    add default directory settings
    DIR_EXECUTABLE = .
    DIR_EXECUTABLE = F:\usr\sap\<SID>\sapwebdisp
    DIR_INSTANCE = .
    Accessibility of Message Servers
    rdisp/mshost = <hostname>.com
    ms/http_port = 8111
    #Log and Trace
    rdisp/TRACE = 2
    SAP Web Dispatcher Parameter
    wdisp/auto_refresh = 120
    wdisp/max_servers = 100
    wdisp/shm_attach_mode = 6
    configuration as per SAP note 538405
    icm/max_conn      = 7000
    icm/max_sockets   = 14000
    icm/req_queue_len = 6000
    icm/min_threads   = 100
    icm/max_threads   = 300
    mpi/total_size_MB = 500
    mpi/max_pipes       = 14000
    wdisp/HTTPS/max_pooled_con = 7000
    SAP Web Dispatcher Ports
    icm/server_port_0 = PROT=HTTP,PORT=8888
    SSL
    icm/server_port_1 = PROT=ROUTER,PORT=443, TIMEOUT=60
    SAP Web Dispatcher Web Administration
    icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt
    wdisp/enable_j2ee_groups = TRUE
    wdisp/HTTPS/sticky_mask = 255.255.255.255
    In my Web dispatcher Admin page, I see all the three application servers, however the requests are going to only 1 App server. We are using ENd to End SSL configuration for the web dispatcher.
    We also have a reverse proxy in the landscape and reverse proxy is forwarding all the requests to the Web dispatcher. In Web disp Admin page>Dispatching Module>SSL End to END dispatching, I see only ONE table entry in the dispatching table and it is our Reverse Proxy.
    As all the requests are coming from only one source (Reverse proxy), it seems to me that the sap web dispatcher  is forwarding those to the same Application server every time.
    Can anyone please advise ?
    I also tried to configure logon group in NWA, the web dispatcher is detecting the logon group and all the app servers in the logon group. It still not doing the load balancing.
    I would greatly appreciate any help.
    Thanks
    Viny

    Vincent, can you please elaborate more ?  Is the web dispatcher not able to recognize stateful and stateless application requests ?
    I saw that the procedure for configuring SSL Termination on Web dispatcher is long and complicated and looks like SAP web dispatcher needs to have SSL certificate of its own. As we have no ABAP servers and only Java servers, I can not even create the PSEs using STRUST (as described in SAP help -http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/99c388d7c46bb9e10000000a42189d/frameset.htm
    We already have SSL certificates for Java App servers.
    I suppose there should be a way for web dispatcher to identify the incoming requests and forward to appropriate application servers.
    Any help is much appreciated.
    Thanks
    Viny

  • Certificate question in Web Dispatcher End-To-End SSL scenario

    Hy experts,
    in end-to-end SSL scenario the web dispatcher (WD) is not used to encrypt/decrypt data, it is only used to forward requests.
    So I think we do need a certificate for the portal server, but none for the web dispatcher itself, right?
    Another point is which data should be given for CN, DN, OU etc in this scenario (Portal or WD ??)
    kind regards
    Tom

    Tom,
    For end to end SSL you do not need a certificate for the Web dispatcher but your J2EE engine should be configured to be accessible over SSL.
    If you get the SSL certificate issued for the J2EE based on the name of the J2EE host it will result in a warning message as portal will be accessed using host name of Web dispatcher, so get the certificate issued under the name of the web dispatcher hostname. So, adjust your CN, DN, OU accordingly.
    Cheers!!

  • SAP Web dispatcher not forwarding incoming HTTP portal sessions.

    Hello,
    We are using an EP6 Portal from which Abap Web dynpros are launched. The incoming http sessions were accessing our backend ECC6 SAP system through the sap server message . The http sessions were badly dispatched between the two abap servers. We have been advised by SAP to use the sap web dispatcher instead.
    The sap web dispatcher has been correctly installed and configured (on the central abap instance ).
    I have carefully read the SAP help section concerning the server selection using the sap web dispatcher :
    http://help.sap.com/saphelp_nw04s/helpdata/en/5f/7a343cd46acc68e10000000a114084/frameset.htm
    All our settings seem to be OK :
    The incoming HTTP requests are forwarded to abap servers only.
    *In transaction SICF, all the services under the tree
    sap/public/icf_info have been assigned to the same logon group .
    The capacity of the two servers included in the logon
    group " is the same :
    server40 LB=12
    server60 LB=12
    In the Web interface, capacity equal "1" for the two servers.
    wdisp/load_balancing_strategy=  weighted_round_robin
    In the SAP web interface, the prefered server is ALWAYS the same :
    Status of Server Group "LOADIS"
    Loadbalancing Information
    Number of Servers in this group 2
    Last used Server
    Preferred next Server server40_SPA_10
    But it seems that the sap web dispatcher is not used at ALL.
    The Load distribution is still based on the SMLG workload as it was the case, before, with the sap message server. The information displayed in the web interface (preferred server) is wrong.
    The Preferred next Server is ALWAYS server40_SPA_10 (shown in the web interface), but, in fact, the http sessions are distributed between the two servers server60_SPA_00 and server40_SPA_10 depending on the server quality diplayed in transaction smlg. It was exactly the same behaviour we had before, only with the sap server message .
    Any useful help would be highly appreciated.
    Best Regards.

    Hi,
    firstly, have you checked note 1094342? What variant do you want to use? Do you terminate a SSL connection on web dispatcher and create a new one between web dispatcher and application server? It looks like the web dispatcher can't verify SSL certificate used by application server. Maybe you've already tried this but you can try to turn off SSL between dispatcher and application server. If this setup works then problem is in SSL connection. You can check what host name is used in SSL certificate and what host name is used by dispatcher. You can use parameter wdisp/ssl_certhost which sets host name which will be used for certificate validation.
    Cheers

  • Web Dispatcher and SSL on ABAP+Java

    Hello,
    Have installed SAP web dispatcher on WAS 6.40 ABAP+Java system. Communicating with Portal SP16 system.
    The HTTP works fine. Have not been able to get SSL working with web dispatcher.
    For troubleshooting activated ITS on this system and HTTPS works fine with ITS webgui.
    Have followed the "how to" SSL for web dispatcher guide.
    Also should mention that we have generated certificate requests and PSE's but our organization has not yet chosen a certificate authority to sign the cerficates. For other scenarios (log onto Portal, XI, etc) the only difference is the certifcate warning dialog, otherwise works fine.  Would this cause a problem for Web Dispatcher?
    Trying the SSL end to end scenario receive
    WARNING: Could not start service 0 for protocol HTTPS on host "max-sap" on all adapters
    Is there anything
    unique for the ABAP+Java configuration?
    Thanks,
    Alan

    I solved this problem by setting the following profile parameter on my webdispatcher profile.
    wdisp/ssl_ignore_host_mismatch = true
    Doesn't fix the underlying problem but got me going until I can figure it out.

  • Web Dispatcher configuration (ABAP+Java vs. ABAP+Portal)

    We are using an internal Web Dispatcher to allow the connections from different networks.
    This Webdispatcher entry we add to WAS configuration within Portal system object
    By defintion of ABAP+Java double stack we do not have any problems and the test
    http://webpispatcher:port/sap/bc/ping is successful.
    When we have a ABAP system + Portal (Java) we only can test the connection
    http://webpispatcher:port/
    When we execute the test
    http://webpispatcher:port/sap/bc/ping we get an error, because the url goes to Java stack.
    We also detected that on Web Dispatcher configuration for ABAP+Java we have ABAP and J2EE server groups and  application servers.
    For ABAP+Portal we have only J2EE groups on Web Dispatcher configuration.
    Question:
    Which SAP parameter (e.g. ms/server_port_0, icm/HTTP/j2ee_0) or Web Dispatcher parameter (ms/http_port) is responsible for generation of ABAP groups (e.g. PUBLIC) within Web Dispatcher?

    Which SAP parameter (e.g. ms/server_port_0, icm/HTTP/j2ee_0) or Web Dispatcher parameter (ms/http_port) is responsible for generation of ABAP groups (e.g. PUBLIC) within Web Dispatcher?
    In ABAP the logon group is handled by the ICF. In SICF you specify within the actual services(properties) which logon group that service should use for load balancing. As far as I remember though there is an exception if you are using an "end-to-end" ssl configuration where you can specify the destination logon group using wdisp/HTTPS/dest_logon_group parameter.
    rdisp/mshost is the parameter on your web dispatcher that points to your message server to get a list of available logon groups.
    Nelis

Maybe you are looking for

  • Date in shell script

    How do I get a script to run from a particular time to a perticular time? like say from 5pm on 12/19 to 4pm on 12/20? I have the steps that need to be don e during that period? Thanks! Anand

  • One question about posting periods

    When creating or changing (T-CODE VL02N ) an outbound delivery, I select Edit -> Post goods issue on one of the overview screens.But the sap show the error message:"posting only possible in periods 2000/01 and 0000/00 in company code HJW1".So my ques

  • Actions, artboard, pdf

    Hi! Im wokring with PDF-files with some drawings in it. Working with Illustrator CS5.1 The pdf's originally artboard size is 2750mmx625mm and uses CMYK colors. I also got artboard size 3000mmx600mm I have about 50 pdf-files of those two sizes. I want

  • I get an error message "the following files were not imported because they could not be read (266)..

    I get an error message "the following files were not imprted because they could not be read (266) on Lightroom 4 on my desktop. No problems importing the files onto my laptop.  Using a SANDISK card reader and card.  What's going on on the desktop?

  • Encoding is crazy slow and using hardly any CPU power

    I"m not sure what I'm doing wrong.  I have an animation I'm creating from Google SketchUp.  I've generated a lot of .jpg's to compile into an animation (about 9 minutes of animation at 30 fps).  I'm exporting them to h.264 format at something like 10