Skip to Content
avatar image
Former Member

Doubts regarding setup SSL and HTTPS connectivity (Note 1901250)

Hello,

I´m some doubts regarding the setup that I need to perform cover in the SAP note 1901250 - PT: WS - Online communication to AT : Technical Req

1. Check configuration/Installation of SSL on Web Application server ABAP, and if it is not configured in your system then Apply note number 510007

--> How can I check the configuration/installation of SSL in our SAP ERP systems? Can you tell me please?

7. You must have HTTPS connectivity from your ERP landscape to the address https://servicos.portaldasfinancas.gov.pt:701/sgdtws/documentosTransporte and https://servicos.portaldasfinancas.gov.pt:401/sgdtws/documentosTransporte

HTTPS Traffic should be open for the ports 701(Test port), 401(Production port) in both directions in your Firewall, between all ERP servers and WWW.

--> How can I garantee the HTTPS connectivity from our ERP system to the some addresses? Can you explain me that please?

I should setup anything in SMICM or SICF transactions? If yes, what and how?

Kind regards,

samid raif

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Sep 04, 2014 at 12:55 AM
    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi,


      Same problem here.

      I want to connect to the AT Webservice using a SAP XI 7.0 between ERP and Webservice

      I installed all certificates as described in the SAP notes 2054553 - PT: WS - Online communication to AT: Certificates  1901250 - PT: WS - Online communication to AT : Technical Req

      I have a HTTP receiver communication channel which refers to my RFC HTTP destination (type G).

      In my RFC destination I set SSL client-certificate to the entry of the individual certificate list which I created during the certificate Installation in STRUST.

      When I'm testing the RFC connection I'm getting following errors in ICM trace...

      Can anybody help me?

      How can I set the necessary parameter ssl/client_ciphersuites?

      THANK YOU

      SAP Cryptolib is:

      SSFLIB Version 1.840.40 ; CommonCryptoLib (SAPCRYPTOLIB) Version 8.4.19 (+MT) #Copyright (c) SAP AG, 2011-2014#compiled for aix-6.1-ppc-64#

      [Thr 2314] IcmConnInitClientSSL: initiate proxy-connect with servicos.portaldasfinancas.gov.pt:701

      [Thr 2314] IcmConnProxyHandshake: send proxy-authorization header for user: xxx

      [Thr 2314] NiIWrite: hdl 121 sent data (wrt=160,pac=1,RAW_IO)

      [Thr 2314] NiIRead: hdl 121 recv would block (errno=EAGAIN)

      [Thr 2314] Fri Sep 12 14:42:49 2014

      [Thr 2314] NiIRead: hdl 121 received data (rcd=39,pac=1,RAW_IO)

      [Thr 2314] data (39) from proxy:

      [Thr 2314] HTTP/1.1 200 Connection established#

      [Thr 2314] #

      [Thr 2314]

      [Thr 2314] ICT: IctIHttpOpenMessage: 1177e5f70 typ=2

      [Thr 2314] ICT: IctHttpCloseMessage( 1177e5f70 ) -> u=0 rc=0

      [Thr 2314] <<- SapSSLSessionInit()==SAP_O_K

      [Thr 2314]      in: args = "role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT)"

      [Thr 2314]     out: sssl_hdl = 11779bbf0

      [Thr 2314] NiIBlockMode: set blockmode for hdl 121 TRUE

      [Thr 2314]   SSL NI-sock: local=xxx.xx.xx.xx:32937  peer=Xx.xx.x.xx:8080

      [Thr 2314] <<- SapSSLSetNiHdl(sssl_hdl=11779bbf0, ni_hdl=121)==SAP_O_K

      [Thr 2314]   SapISSLComposeFilename(): Filename = "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

      [Thr 2314] <<- SapSSLSetSessionCredential(sssl_hdl=11779bbf0)==SAP_O_K

      [Thr 2314]      in: cred_name = "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

      [Thr 2314] IcmConnInitClientSSL: using pse /usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse, show client certificate if available

      [Thr 2314] <<- SapSSLSetTargetHostname(sssl_hdl=11779bbf0)==SAP_O_K

      [Thr 2314]      in: hostname = "servicos.portaldasfinancas.gov.pt"

      [Thr 2314] Fri Sep 12 14:42:50 2014

      [Thr 2314] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

      [Thr 2314]    session uses PSE file "/usr/sap/XIE/DVEBMGS26/sec/SAPSSLWPSTAT.pse"

      [Thr 2314] No Secude Error present in trace stack!

      [Thr 2314]   SSL_get_state() returned 0x000021d0 "SSLv3 read finished A"

      [Thr 2314]   No certificate request received from Server

      [Thr 2314] <<- ERROR: SapSSLSessionStart(sssl_hdl=11779bbf0)==SSSLERR_SSL_CONNECT

      [Thr 2314] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

      [Thr 2314] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010073} [icxxconn_mt.c 198

      [Thr 2314] <<- SapSSLSessionDone()==SAP_O_K

      [Thr 2314]      in: sssl_hdl   = 11779bbf0

      [Thr 2314]          ... ni_hdl = 121