cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SLD HTTPS Failed to genrated and test CIMOMClient object

Go to solution
former_member787462
Participant

on ‎11-21-2013 7:27 AM

0 Kudos

Dear Team,

Currently our central SLD is PI system and we have to to configure the SLD data supplier in the ECC system to send the data from ECC to PI.

Recently we have changed ECC system & PI system from http to https.

In ECC system in the Visual Admin , if i use the SLD data supplier parameters as http port (5XX00) I am successfull.

But , when i use https (5XX01) I am failing with the below error.

  •           Failed to genrated and test CIMOMClient object
  •           SLD_Collector_task in the status bar, when i select SLD data supplier

I could see the ECC system /SYS/global/sld/model/    cimsap.1_4_31 is the version which is displayed.

But in the PI system the CIM Model version is 1.6.21 (SAP_CR 7.5).

Can you please advise how this issue can be fixed.

Note: If we use http port SLD is working fine , but only the above issue we are facing when we configure the port of https.

regards,

Manoj

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member787462
Participant
‎11-21-2013 2:43 PM
0 Kudos

Dear Rishi,

Thanks for the info.

I do not see any keytool under the path were you have mentioned, we are using SAP JVM 5 not 6.

and also in the SYS/profile/ there is no jstart folder.

Our ECC also dual stack. we are maitaining the ssl certificate in ABAP & JAVA as well. Let me know if the ssl certificate has to be maitained only in the ABAP system?

Do you see any reason why we have to maitain the the mapping in table USREXTID?

Best regards,

Manoj K

Show replies
Show replies
Former Member
‎11-21-2013 10:36 PM
0 Kudos

Hi,

Can you also provide feedback about the two notes that were at the bottom so that i can think what os happening wrong...

Thanks

Rishi Abrol

former_member787462
Participant
‎12-16-2013 7:39 AM
0 Kudos

Dear All,

The issue is resolved by self.

I have Exported the PI ABAP SSL Server Standard certificate(in our case SLD is PI system - 7.11) using the transaction strust and imported in to the ECC ( in our environment ECC 6.0 Ehp4 is dual stack system) system in the JavaStack via visual admin in to TrustedCAs.

After doing the above step, from ECC system, SLD Data Supplier is able to send the data to PI system using the HTTPS port.

Regards,

Manoj K

Answers (3)

Answers (3)

former_member787462
Participant
‎11-21-2013 11:05 AM
0 Kudos

Dear All,

Yes, we enabled the SSL/HTTPS for PI system. and below parameter has been set as follows.

  • com.sap.aii.connect.secure_connections = messaging, all

And I could launch the below url successfully.

https://sap PI server name : 5XX01/

telnet hostname httpsportnumber also accepts the connections from both the system PI & ECC.

Please advise.

regards,

Manoj K

Show replies
Show replies
Former Member
‎11-21-2013 12:17 PM
0 Kudos

Could you elaborate error ? (logs, screens) ?

BR,

K.

Former Member
‎11-21-2013 12:49 PM
0 Kudos

Hi,

Just thinking that if SSL is activated then do we need to install the certs to help them work.

Please check the below comments in the below note.

1538985 - SLD Configuration for SAP Convergent Charging

Using SLD over the HTTP Secure protocol
When it comes to using a System Landscape Directory accepting HTTPS requests instead of regular HTTP, the Java Virtual Machine of each Convergent Charging instance must be aware of the SLD's SSL certificate.
For this operation, you need to use the "keytool" utility which is provided with your Java Runtime Environment. You can find it in the folder of the SAP JVM:

  • /usr/sap/<SID>/<INSTANCE_NAME>/exe/sapjvm_6/bin/keytool (for UNIX)
  • or <drive>:\usr\sap\<SID>\<INSTANCE_NAME>\exe\sapjvm_6\keytool (for Windows)

The following types of instances are affected: dispatchers, BART, Diameter and Communications Taxing.

For each of them, please follow the procedure below:

    1. retrieve the SLD's certificate's file (X.509 v3 format, DER-encoded)
    2. import the certificate into the instance's JVM's keystore using keytool:

              keytool -import -keystore < keystore>.ks -alias <alias> -storepass <passwd> -file <sld_cert>.der -noprompt 

    3. open the jstart.config file from the instance's profile directory:
  • /usr/sap/<SID>/SYS/profile/jstart/<SID>_<INSTANCE_NAME>_<HOST>/jstart.config (on UNIX)
  • or <drive>:\usr\sap\<SID>\SYS\profile\jstart\<SID>_<INSTANCE_NAME>_<HOST>\jstart.config (on Windows)
    4. find the "xxx.javaParameters" line (e.g. dispatcher-1.javaParameters, BART.javaParameters, Diameter.javaParameters, ...)
    5. there, add the two following JVM parameters:

              -Djavax.net.ssl.trustStore=< keystore>.ks -Djavax.net.ssl.trustStorePassword=<passwd>

Can also used the below note.

766215 - HTTPS with the SLD ABAP programming interface

Also check if you are affected by this.

1307307 - SLD ACCESS - considering https port while getting serverPort

1526498 - SLD Registration: application doesn't support HTTPS


Thanks

Rishi Abrol

Former Member
‎11-21-2013 7:59 AM
0 Kudos

Hi,

Have you activated HTTPS in the PI system .

First of all what is the PI version.

Second thing just simply run the url.

https://sap PI server name : 5XX01/

And see if this comes up.

If is not opening then means that 5XX01 or https is not set. If you tell me the release i can send you the url to set https port.

If it is set that i would suggest you to do telnet sappi hostname 5XX01 and see if it can access the port from ECC server.

Thanks

Rishi abrol

Show replies
Show replies
Former Member
‎11-21-2013 7:50 AM
0 Kudos

Hello Manoj,

Refer to note 1309239 - Configuration Wizard: PI NetWeaver initial setup q.16.

Question 16: Does the PI NetWeaver Initial Setup configure SSL/HTTPS?


Answer: No. Your AS Java system must first be configured to support HTTPS/SSL. After that Exchange Profile property

  • com.sap.aii.connect.secure_connections = messaging


has to be set. For further information access the SAP Library:

Release 7.10:
http://help.sap.com/saphelp_nwpi71/helpdata/en/e8/1f1041a0f6f16fe10000000a1550b0/frameset.htm

Release 7.11:
http://help.sap.com/saphelp_nwpi711/helpdata/en/48/a9bb457e28674be10000000a421937/frameset.htm

Release 7.30
http://help.sap.com/saphelp_nw73/helpdata/en/48/a9bb457e28674be10000000a421937/frameset.htm

BR,

K.

Show replies
Show replies
Ask a Question