Skip to Content

Certificate renew: SSL ports not active in SAP NW

Hi,

We are working on SAP PI 7.4 SP17. Few months ago, we enabled 2 HTTPS ports in SAP NW using wildcard certificate which was expiring soon. In order to renew the certificate, we deleted the old certificate key and .cert file for one of the port and imported the new certificate using (private key) .pks file and (certificate).cert(X.509) file. After changing the certificate, we restarted our PI application but we started facing the issue with both the ports as SSL port not active.

When we check in the SAP MMC console, both the ports are shown as inactive.

I had changed certificates for one SSL port whereas both the ports have stopped working now. the only difference we observed in the certificates is the difference of key size i.e 2048 bits & 4096 bits.

We are now confused whether the issue was in our procedure or with the ICM or the certificates provided to us.

Request your valuable inputs to help us resolve the issue.

Regards,

Somesh

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jan 17 at 09:24 PM

    Dear Somesh,


    This issue can be caused by multiple reasons. The most often ones are the followings:


    1. Relevant ports are occupied by another processes. To find the process see the KBA: 1845121 - Address already in use - how to find the process listening on port ... then kill the process and restart icm.


    2. HTTPS is working but the error displays. It is caused by additional checks of sapstartsrv. In this case implement the wiki: https://wiki.scn.sap.com/wiki/x/CI2rGg.


    3. ICM misconfiguration -> for this please check the dev_icm file in insatce work directory (\usr\sap\<SID>\<instnr>\work) for relevant errors and based on them continue investigation. Also configure the port correctly in instance profile (\usr\sap\<SID>\SYS\profile\<SID>_<instnr>_<hostname>.<X>) as per SAP Help: https://help.sap.com/saphelp_nw73EhP1/helpdata/en/09/392712944fc6478c9f1ff198b6b0a7/frameset.htm


    Best Regards,
    Barnabás Paksi

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Barnabas, Thanks you for the help.

      Our issue is now resolved. You inputs helped us to analyse the root cause. We were facing the issue because of the .pse file which was not imported for the particular KeyView in NWA after the certificate change.

      Once, I imported the keyView and took a application restart, the problem solved. !!!

      Thanks,

      Somesh