cancel
Showing results for 
Search instead for 
Did you mean: 

web dispatcher/WAS getting SSL error

Former Member
0 Kudos

We have 2 SAP web dispatcher configured to have HTTPS protocol, with re-encryption in our BW and CRM system.

Both of them are configured identical. However, in the web dispatcher trace file I see that the CRM environment have auth_type =0 (no client cert) and the BW has auth_type = 3 (use client cert). I am not sure what sets this parameter, and how can I change the CRM to have auth_type=3.

In our CRM web dispatcher log we get the following message:

<<- SapSSLSessionInit()==SAP_O_K

[Thr 2612] in: args = "role=0 (SERVER), auth_type=0 (NO_CLIENT_CERT)"[Thr 2612] <<- SapSSLSessionStart(sssl_hdl=1132BF30)==SSSLERR_CONN_CLOSED

In our BW web dispatcher log we get the following message:

->> SapSSLSessionInit(&sssl_hdl=11342124, role=1 (CLIENT), auth_type=3 (USE_CLIENT_CERT))[Thr 2668] <<- SapSSLSessionInit()==SAP_O_K

In the CRM WAS server we are getting the following error message:

SecudeSSL_Read: SSL_read() failed --

secude_error 4865 (0x00001301) = "ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)"

[Thr 2732] >> -


Begin of Secude-SSL Errorstack -


>>

[Thr 2732] ERROR in BIO_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)

ERROR in sock_write: (4865/0x1301) ERROR send(hdl=64996,buf=1DC1A818,len=27)=-1, GetLastError()=10038 (0x00002736)

[Thr 2732] << -


End of Secude-SSL Errorstack -


No error messages in the BW WAS server.

Thanks for any help

Helen

Accepted Solutions (0)

Answers (2)

Answers (2)

WolfgangJanzen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Kindly check the value of the following profile parameter (e.g. using ABAP transaction RZ11):

icm/HTTPS/verify_client

You also need to differentiate between the two different "roles":

- SSL client

- SSL server

See also my posting in

Best regards, Wolfgang

Former Member
0 Kudos

I am trying to implement SSO thru Web Based Gui and using Digital Certificate for the user authentication.I have done the followings

1- I have configured my SAP ECC AS ABAP Server for SSO / HTTPS.

2- My server is signed with SAP AG test root Server certificate.

3- I am using x.509 free generator to generate Client certificate

4- I have mapped this client certificate in table USREXTID

5- I have also installed the above client certificate in my browser.

Now, when I am accessing the Server thru HTTPS web link, I am getting this Windows:

See the screenshot from the link.

http://www.zshare.net/image/812282264b4e0cc2/

On clicking Continue, the System asks for the User ID and Password:

See the screenshot from the link.

http://www.zshare.net/image/81228268eda10f1c/

I believe it shouldnu2019t ask for the user ID and password I as have installed the digital certificate and have maintained it under VUSREXTID

My SMICM log can be access thru

http://www.zshare.net/download/81220708a199f079/

Pls. advice

Saqib Ayub Khan

Former Member
0 Kudos

Hi,

Auth types simply defines if it is mandatory or optional for client to have valid certificates for authentication with the server.

0 = no client certificate required

1 = client certificate optional, server can accept client certificates, but it is not mandatory for clients to have them

2 = client certificates are mandatory.

In order to enable proper insight

could you mail both the dispatcher profile files

also start the webdispatcher higher trace level

sapwebdisp pf=<profile> -f <trace-file-name> -t 3

mail the trace file which is created. with the command.

you can mail me at hindujachetan@gmail.com

cheers,

chetan