webdispatcher as ssl, error!

Dear All,

I have made https/ssl access of portal which is inside infirewall. I have a webdispatcher in DMZ i have configured the http access from DMZ to central server. I am stuck in configuring https access with the same dispatcher. I made pse file and incorporated the CA response to pse but still i get the following error.

Trace of webdispatcher

==========================================================================

trc file: "dev_webdisp", trc level: 1, release: "700"

sysno 00

sid

systemid 562 (PC with Windows NT)

relno 7000

patchlevel 0

patchno 110

intno 20050900

make: multithreaded, ASCII, 64 bit, optimized

pid 6024

Thr 10256 started security log to file dev_icm_sec

Thr 10256 SAP Web Dispatcher running on:myhost

Thr 10256 MtxInit: 30001 0 2

Thr 10256 IcmInit: listening to admin port: 65000

Thr 11492 *** WARNING => HttpPlugInInit: Parameter icm/HTTPS/trust_client_with_issuer or icm/HTTPS/trust_client_with_subject not set => do not trust any intermediary

X.509 cert data will be removed from header http://http_plgrt.c 670

Thr 11492 HttpExtractArchive: files from archive ./wdispadmin.SAR in directory . are up to date

Thr 11492 HttpSubHandlerAdd: Added handler HttpAdminHandler(slot=0, flags=4101) for /sap/wdisp/admin:0

Thr 11492 CsiInit(): Initializing the Content Scan Interface

Thr 11492 PC with Windows NT (mt,ascii,SAP_CHAR/size_t/void* = 8/64/64)

Thr 11492 CsiInit(): CSA_LIB = ".\sapcsa.dll"

Thr 11492 HttpSubHandlerAdd: Added handler HttpAuthHandler(slot=1, flags=12293) for /:0

Thr 11492 HttpSubHandlerAdd: Added handler HttpWebDispHandler(slot=2, flags=28677) for /:0

Thr 11492 Started service 80 for protocol HTTP on host "myhost"(on all adapters) (processing timeout=60, keep_alive_timeout=30)

Thr 11492 =================================================

Thr 11492 = SSL Initialization on PC with Windows NT

Thr 11492 = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)

Thr 11492 SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"

resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"

Thr 11492 SapISSLComposeFilename(): profile param "ssl/server_pse" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"

resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"

Thr 11492 = found SAPCRYPTOLIB 5.5.5C pl23 (Jan 24 2008) MT-safe

Thr 11492 = current UserID: NT AUTHORITY\SYSTEM

Thr 11492 = found SECUDIR environment variable

Thr 11492 = using SECUDIR=C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir

Thr 11492 *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" not found! http://ssslsecu.c 1296

Thr 11492 secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --

secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"

Thr 11492 >> Begin of Secude-SSL Errorstack >>

Thr 11492 ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" Thr 11492 << End of Secude-SSL Errorstack Thr 11492 *** ERROR => Initialization of SSL library failed -- NO SSL available!

Thr 11492 =================================================

Thr 11492 <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR

Thr 11492 *** ERROR => IcmAddService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR http://icxxserv.c 319

.........................................

.......Thr 10256 IcmCreateWorkerThreads: created worker thread 99............................

...........................................

Thr 11672 IcmWatchDogThread: watchdog started

Thr 9236 Sat Mar 15 10:35:44 2008

Thr 9236 =================================================

Thr 9236 = SSL Initialization on PC with Windows NT

Thr 9236 = (700_REL,May 21 2007,mt,ascii,SAP_UC/size_t/void* = 8/64/64)

Thr 9236 SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"

resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll"

Thr 9236 SapISSLComposeFilename(): profile param "ssl/server_pse" = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"

resulting Filename = "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse"

Thr 9236 = found SAPCRYPTOLIB 5.5.5C pl23 (Jan 24 2008) MT-safe

Thr 9236 = current UserID: NT AUTHORITY\SYSTEM

Thr 9236 = found SECUDIR environment variable

Thr 9236 = using SECUDIR=C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir

Thr 9236 *** ERROR => secudessl_Create_SSL_CTX(): PSE "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" not found! http://ssslsecu.c 1296

Thr 9236 secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --

secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"

Thr 9236 >>

Begin of Secude-SSL Errorstack >>

Thr 9236 ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse" Thr 9236 << End of Secude-SSL Errorstack Thr 9236 *** ERROR => Initialization of SSL library failed -- NO SSL available!

Thr 9236 =================================================

Thr 9236 <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR

Thr 9236 *** ERROR => IcmIActivateService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR http://icxxserv.c 737

Thr 9236 *** ERROR => ICP_icm_mod_service: ModService(7) failed for 8443, HTTPS(rc=-14) http://icrxxadmin.c 4134

===========================================================================

my webdisp.pfl file contains

===============================================

1. Profile generated by sapwebdisp bootstrap

1. unique instance number

SAPSYSTEM = 0

1. add default directory settings

DIR_EXECUTABLE = .

DIR_INSTANCE = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64

1. Accessibility of Message Servers

rdisp/mshost = myhost

ms/http_port = 8101

ms/htps_port = 8443

1. SAP Web Dispatcher Parameter

wdisp/auto_refresh = 120

wdisp/max_servers = 100

wdisp/shm_attach_mode = 6

1. configuration for large scenario

icm/max_conn = 16384

icm/max_sockets = 16384

icm/req_queue_len = 6000

icm/min_threads = 100

icm/max_threads = 250

mpi/total_size_MB = 500

mpi/max_pipes = 21000

#maximum number of concurrent connections to one server

wdisp/HTTP/max_pooled_con = 2000

wdisp/HTTPS/max_pooled_con = 2000

1. SAP Web Dispatcher Ports

icm/server_port_0 = PROT=HTTP,PORT=80

icm/server_port_1 = PROT=HTTPS,PORT=8443

1. Parameters for the SAP Cryptographic Library

ssl/ssl_lib = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\sapcrypto.dll

ssl/server_pse = C:\usr\sap\WD1\SYS\exe\nuc\NTAMD64\secudir\SAPSSL.pse

wdisp/ssl_encrypt = 2

1. SAP Web Dispatcher Web Administration

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=./admin,AUTHFILE=icmauth.txt

wdisp/add_client_protocol_header = true

================================================================

please help me out to succeed in https access. i am not able to trace where i am doing wrong.

Awaiting for earliest reply,

regards,

Baskar