Skip to Content
avatar image
Former Member

web dispatcher/WAS getting SSL error

We have 2 SAP web dispatcher configured to have HTTPS protocol, with re-encryption in our BW and CRM system.

Both of them are configured identical. However, in the web dispatcher trace file I see that the CRM environment have auth_type =0 (no client cert) and the BW has auth_type = 3 (use client cert). I am not sure what sets this parameter, and how can I change the CRM to have auth_type=3.

In our CRM web dispatcher log we get the following message:

<<- SapSSLSessionInit()==SAP_O_K

[Thr 2612] in: args = "role=0 (SERVER), auth_type=0 (NO_CLIENT_CERT)"[Thr 2612] <<- SapSSLSessionStart(sssl_hdl=1132BF30)==SSSLERR_CONN_CLOSED

In our BW web dispatcher log we get the following message:

->> SapSSLSessionInit(&sssl_hdl=11342124, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))[Thr 2668] <<- SapSSLSessionInit()==SAP_O_K

In the CRM WAS server we are getting the following error message:

SecudeSSL_Read: SSL_read() failed --

secude_error 4865 (0x00001301) = "ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)"

[Thr 2732] >> -


Begin of Secude-SSL Errorstack -


>>

[Thr 2732] ERROR in BIO_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)

ERROR in sock_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)

[Thr 2732] << -


End of Secude-SSL Errorstack -


No error messages in the BW WAS server.

Thanks for any help 😊

Helen

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Apr 22, 2006 at 06:55 PM

    Hi,

    Auth types simply defines if it is mandatory or optional for client to have valid certificates for authentication with the server.

    0 = no client certificate required

    1 = client certificate optional, server can accept client certificates, but it is not mandatory for clients to have them

    2 = client certificates are mandatory.

    In order to enable proper insight

    could you mail both the dispatcher profile files

    also start the webdispatcher higher trace level

    sapwebdisp pf=<profile> -f <trace-file-name> -t 3

    mail the trace file which is created. with the command.

    you can mail me at hindujachetan@gmail.com

    cheers,

    chetan

    Add comment
    10|10000 characters needed characters exceeded

  • Jun 27, 2006 at 10:05 AM

    Kindly check the value of the following profile parameter (e.g. using ABAP transaction RZ11):

    icm/HTTPS/verify_client

    You also need to differentiate between the two different "roles":

    - SSL client

    - SSL server

    See also my posting in ssl-certificates-not-visible-while-rfc-destination

    Best regards, Wolfgang

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      I am trying to implement SSO thru Web Based Gui and using Digital Certificate for the user authentication.I have done the followings

      1- I have configured my SAP ECC AS ABAP Server for SSO / HTTPS.

      2- My server is signed with SAP AG test root Server certificate.

      3- I am using x.509 free generator to generate Client certificate

      4- I have mapped this client certificate in table USREXTID

      5- I have also installed the above client certificate in my browser.

      Now, when I am accessing the Server thru HTTPS web link, I am getting this Windows:

      See the screenshot from the link.

      http://www.zshare.net/image/812282264b4e0cc2/

      On clicking Continue, the System asks for the User ID and Password:

      See the screenshot from the link.

      http://www.zshare.net/image/81228268eda10f1c/

      I believe it shouldnu2019t ask for the user ID and password I as have installed the digital certificate and have maintained it under VUSREXTID

      My SMICM log can be access thru

      http://www.zshare.net/download/81220708a199f079/

      Pls. advice

      Saqib Ayub Khan