Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Errors encountered during setup of PSE for SSL

Former Member

‎10-02-2006 7:32 AM

0 Kudos

Hi SDN'ers,

We have followed the steps for setting up SSL in SAP ECC 5.0 development environment we made use of the Test certificates from the SAP TCS. We encountered some issues with the CAS trust and therefore decided to delete the PSE's.

During the deletion actions the process did not complete and now we encounter the following messages:

PSE locked for changes.

PSE missing on database.

Internal error while locking PSE.

The PSE "own certificate is empty" but the SSL Server certificate is filled.

When trying to change and error is displayed: "Error while loading PSE" Message no. TRUST025.

We have tried replacing the PSE but then afterwards we get an error message when trying to accept the entries: "Internal error while locking PSE"

When trying to delete a message is being displayed: "PSE locked for changes"

When trying to distribute the system comes back with the message: "All local PSE's are OK"

We have deactivated the HTTP'S service in SMICM but this didn't help during the above actions either. We have also tried stopping the ICM and as well as stopping SAP to get this solved but this did not help either.

Is there another way of deleting the entries for example table maintenance (or is this to harsh).

Please assist.

Thanks in advance

Dries

9 REPLIES 9

gregorw
Active Contributor

‎10-02-2006 8:27 AM

0 Kudos

Hello Dries,

what OS is your instance running on? On my Linux Box running ERP 2004 the PSE's are in the /usr/sap/IDS/DVEBMGS00/sec directory. What you can try: Shutdown your system and then delete SAPSSLS.pse.

Regards

Gregor

Former Member
In response to gregorw

‎10-03-2006 7:38 AM

0 Kudos

Hi Gregor,

We are running Windows 64bit, IBM x-series. SAP kernel is 640, 32bit. Yes I found the location of the file. Are you only refering to stopping and starting SAP or are you also talking about rebooting the server?? We will try the "shutdown" tonight and delete the SAPSSLS.pse and let you know the outcome.

In the table SSF_PSE_H i see the following entry.

120654

In the table SSF_PSE_D if have

120654 001

120654 002

120654 003

120654 004

120654 005

120654 006

I there any way of managing this problem by deleting the entries from the tables starting with the DATA and then the HEADER or will this cause a data integrity risk.

So by the way we want to complement you on the weblogs you created in the past. Good reference materials!!

Regards Dries

gregorw
Active Contributor
In response to gregorw

‎10-03-2006 9:26 AM

0 Kudos

Hello Dries,

thank's for the compliments :-). I refer only to stopping and starting the SAP instance. I wouldn't delete any of the Table entries. Was the file deletion sucessfull? If not you should get OSS to help you on this topic.

Regards

Gregor

Former Member
In response to gregorw

‎10-04-2006 6:15 AM

0 Kudos

Hi Gregor,

We stopped SAP and deleted the file SAPSSLS.pse. We also had the entry SAPSYS.pse, which is correct. This entry is used for the portal certifcates. However the only entry that was deleted was SAPSSLS.pse. After starting SAP up again we still experienced the same problem.

At the same time when I logged this topic I also created a customer message which was already answered by SAP. SAP referred to note 515662 and note 354819. I tried the actions suggested by them but this didn't help either. Running the function module SSFPSE_REMOVE resulted in "PSE does not exist in database". Running the program ZREPAIR_SSF_PSE_H resulted in the following:

-

Note 515662-Incorrect PSE files on the application server

Current content of table SSF_PSE_H:

120654 xrdmid01 00 SAPSSLS.pse CN=sapr3dev.bcx.co.za, OU=I1710000164, OU=SAP Web AS, O=SAP Trust Community, C=DE

SYSPSE 00 SAPSYS.pse CN=XRD Check for invalid instance-id's...

Check for wrong distinguished names...

Check for multiple entries...

Done. -

Do you have any further suggestions?

Thanks and best regards

Dries Yssel

gregorw
Active Contributor
In response to gregorw

‎10-04-2006 1:54 PM

0 Kudos

Hello,

sorry, no suggestions. Please try to get OSS to have a look on your system.

Regards

Gregor

Former Member
In response to gregorw

‎10-11-2006 3:24 PM

0 Kudos

Hi Gregor,

OSS had a look at the system and eventually they managed to solve the problem the same way we tried with the execution of the function module SSFPSE_REMOVE. We think/believe that deleting the SAPSSLS.pse in OSS and stopping SAP ECC assisted in solving the problem.

Regards Dries

Former Member
In response to gregorw

‎04-17-2012 9:27 AM

0 Kudos

Please give me step by step guide to doing this. I have a similar problem. OSS are taking forever processing my message.

Also note that in location F:\usr\sap\SOL\DVEBMGS06\sec , I don't have file SAPSSLS.pse. I  have LASVerify.pse and ticket file.

Former Member
In response to gregorw

‎04-14-2013 6:05 AM

0 Kudos

Dear,

I have resolved it following up the instruction of the SAP note "1514656 - STRUST shows error message "PSE locked for changes" when opening SSL Server PSE"

You will find a step by step into the note.

After that I have to regenerate the "SSL Server Standard" taking care of use Name = *.<WebAS domain> as mentioned the SAP note Note 510007 - Setting up SSL on Web Application Server ABAP"

Hope help,

Best regards,

José Maciel

former_member445936
Discoverer

‎06-18-2015 9:30 PM

0 Kudos

I resolved the same issue with the directions from sap note "1514656 - STRUST shows error message "PSE locked for changes" when opening SSL Server PSE"

Thanks everybody!!!!