cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Doubts regarding setup SSL and HTTPS connectivity (Note 1901250)

Former Member

on ‎09-03-2014 10:28 PM

Hello,

I´m some doubts regarding the setup that I need to perform cover in the SAP note 1901250 - PT: WS - Online communication to AT : Technical Req

1. Check configuration/Installation of SSL on Web Application server ABAP, and if it is not configured in your system then Apply note number 510007

--> How can I check the configuration/installation of SSL in our SAP ERP systems? Can you tell me please?

7. You must have HTTPS connectivity from your ERP landscape to the address https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte and https://servicos.portaldasfinancas.gov.pt:401/sgdtws/documentosTransporte

HTTPS Traffic should be open for the ports 701(Test port), 401(Production port) in both directions in your Firewall, between all ERP servers and WWW.

--> How can I garantee the HTTPS connectivity from our ERP system to the some addresses? Can you explain me that please?

I should setup anything in SMICM or SICF transactions? If yes, what and how?

Kind regards,

samid raif

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

karthikeyan_natarajan4
Active Contributor
‎09-04-2014 1:55 AM
0 Kudos

Hi Samid,

Please go thought this links

https://help.sap.com/saphelp_nw70ehp2/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm

regards

kartik

Show replies
Show replies
Former Member
‎09-12-2014 1:57 PM
0 Kudos

Hi,


Same problem here.

I want to connect to the AT Webservice using a SAP XI 7.0 between ERP and Webservice

I installed all certificates as described in the SAP notes 2054553 - PT: WS - Online communication to AT: Certificates  1901250 - PT: WS - Online communication to AT : Technical Req

I have a HTTP receiver communication channel which refers to my RFC HTTP destination (type G).

In my RFC destination I set SSL client-certificate to the entry of the individual certificate list which I created during the certificate Installation in STRUST.

When I'm testing the RFC connection I'm getting following errors in ICM trace...

Can anybody help me?

How can I set the necessary parameter ssl/client_ciphersuites?

THANK YOU

SAP Cryptolib is:

SSFLIB Version 1.840.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.19 (+MT) #Copyright (c) SAP AG, 2011-2014#compiled for aix-6.1-ppc-64#

[Thr 2314] IcmConnInitClientSSL: initiate proxy-connect with servicos.portaldasfinancas.gov.pt:701

[Thr 2314] IcmConnProxyHandshake: send proxy-authorization header for user: xxx

[Thr 2314] NiIWrite: hdl 121 sent data (wrt=160,pac=1,RAW_IO)

[Thr 2314] NiIRead: hdl 121 recv would block (errno=EAGAIN)

[Thr 2314] Fri Sep 12 14:42:49 2014

[Thr 2314] NiIRead: hdl 121 received data (rcd=39,pac=1,RAW_IO)

[Thr 2314] data (39) from proxy:

[Thr 2314] HTTP/1.1 200 Connection established#

[Thr 2314] #

[Thr 2314]

[Thr 2314] ICT: IctIHttpOpenMessage: 1177e5f70 typ=2

[Thr 2314] ICT: IctHttpCloseMessage( 1177e5f70 ) -> u=0 rc=0

[Thr 2314] <<- SapSSLSessionInit()==SAP_O_K

[Thr 2314]      in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"

[Thr 2314]     out: sssl_hdl = 11779bbf0

[Thr 2314] NiIBlockMode: set blockmode for hdl 121 TRUE

[Thr 2314]   SSL NI-sock: local=xxx.xx.xx.xx:32937  peer=Xx.xx.x.xx:8080

[Thr 2314] <<- SapSSLSetNiHdl(sssl_hdl=11779bbf0, ni_hdl=121)==SAP_O_K

[Thr 2314]   SapISSLComposeFilename(): Filename = "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

[Thr 2314] <<- SapSSLSetSessionCredential(sssl_hdl=11779bbf0)==SAP_O_K

[Thr 2314]      in: cred_name = "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

[Thr 2314] IcmConnInitClientSSL: using pse /usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse, show client certificate if available

[Thr 2314] <<- SapSSLSetTargetHostname(sssl_hdl=11779bbf0)==SAP_O_K

[Thr 2314]      in: hostname = "servicos.portaldasfinancas.gov.pt"

[Thr 2314] Fri Sep 12 14:42:50 2014

[Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

[Thr 2314]    session uses PSE file "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

[Thr 2314] No Secude Error present in trace stack!

[Thr 2314]   SSL_get_state() returned 0x000021d0 "SSLv3 read finished A"

[Thr 2314]   No certificate request received from Server

[Thr 2314] <<- ERROR: SapSSLSessionStart(sssl_hdl=11779bbf0)==SSSLERR_SSL_CONNECT

[Thr 2314] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

[Thr 2314] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010073} [icxxconn_mt.c 198

[Thr 2314] <<- SapSSLSessionDone()==SAP_O_K

[Thr 2314]      in: sssl_hdl   = 11779bbf0

[Thr 2314]          ... ni_hdl = 121

Ask a Question