Skip to Content
0
Former Member
Nov 23, 2006 at 03:23 PM

Portal 2004s and webdispatcher ssl issue

39 Views

Hello all,

I'm trying to set up a ssl re-encryption for webdispatcher and EP but have some problems..

I created a pse and imported a SAP test certificate into webdispatcher and it works, now I would like to setup the portal with ssl, and if I connect directly to the EP it works (also here I signed the csr with a test certificate).

What doesn't work is the webdispatcher re-encryption through the portal, I did set these parameters in webdisp profile :

ssl/ssl_lib = D:\webdispatcher\sec\sapcrypto.dll

ssl/server_pse = D:\webdispatcher\sec\mio.pse

  1. Parameters for Using SSL to the backend server

wdisp/ssl_encrypt = 2

wdisp/ssl_auth = 2

wdisp/ssl_cred = D:\webdispatcher\sec\mio.pse

wdisp/ssl_certhost = myhost

But I'm getting this errors :

[Thr 2604] << -


End of Secude-SSL Errorstack -


[Thr 2604] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 2604] SSL socket: local=10.219.28.25:1553 peer=10.209.10.181:53001

[Thr 2604] <<- ERROR: SapSSLSessionStart(sssl_hdl=025CFF08)==SSSLERR_SSL_CONNECT

[Thr 2604] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxpool.c 2077]

[Thr 2604] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL

[Thr 2604] session uses PSE file "D:\webdispatcher\sec\mio.pse"

[Thr 2604] SecudeSSL_SessionStart: SSL_connect() failed --

secude_error 9 (0x00000009) = "the verification of the server's certificate chain failed"

[Thr 2604] >> -


Begin of Secude-SSL Errorstack -


>>

[Thr 2604] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed

ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=xxx, OU=yyy, O=Portal, C=IT"

ERROR in get_path: (27/0x001b) Found root certificate of <CN=xxx, OU=yyy, O=Portal, C=IT> which does not fit the given PKRoot

ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=xxx, OU=yyy, O=Portal, C=IT> which does not fit the given PKRoot

[Thr 2604] << -


End of Secude-SSL Errorstack -


[Thr 2604] SSL_get_state() returned 0x00002131 "SSLv3 read server certificate B"

[Thr 2604] SSL socket: local=10.219.28.25:1554 peer=10.209.10.181:53001

[Thr 2604] <<- ERROR: SapSSLSessionStart(sssl_hdl=025CFF08)==SSSLERR_SSL_CONNECT

[Thr 2604] *** ERROR => IcmConnPoolConnect: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT [icxxpool.c 2077]

I know there's some missing parameter somewhere, but which 😊 ?

Any suggestions ?

Thanks and regards,

Michele