Skip to Content

HTTPS Configuration error.

Hi,

for configuring https in ABAP stack of portal, i have added some profile parameters in RZ10 transaction, and in one of the profile parameter icm/server_port_2 I have given this value PROT=HTTPS,PORT=443,TIMEOUT=180 . I have restarted the portal server

Than i went to the transaction SMICM --> Goto --> Services. And when I select HTTPS and click on Service --> Activate, it is giving the following error:

Operation failed (rc=1)

Message no. ICM006

than I went back to rz10 and change the port value from 443 to 50001 and again restarted the portal server and again went to the transaction SMICM --> Goto --> Services. And when I select HTTPS and click on Service --> Activate, it still giving the following error:

Operation failed (rc=1)

Message no. ICM006

What could be the problem

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

5 Answers

  • author's profile photo
    Former Member
    Posted on Jun 18, 2010 at 04:20 AM

    Hi Rahul,

    Please verify whether you have followed the complete steps for HTTPS configuration in this order:

    1. Installing the SAP Cryptographic Library on the AS ABAP

    http://help.sap.com/saphelp_nw70/helpdata/en/96/709b3ad94e8a3de10000000a11402f/content.htm

    2. Setting the Profile Parameters for Using SSL

    http://help.sap.com/saphelp_nw70/helpdata/en/85/46453c3ff4110ee10000000a11405a/content.htm

    3. Creating the SSL Server PSE

    http://help.sap.com/saphelp_nw70/helpdata/en/20/37c33ae8361838e10000000a11402f/content.htm

    And finally, you can test the configuration:

    http://help.sap.com/saphelp_nw70/helpdata/en/2f/18453caff4f703e10000000a114084/content.htm

    Regards,

    Shitij

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Shitij,

      I went to STRUST transaction and i have created the node that is in transaction STRUST I have selected the System PSE node and click on create and a sub node with green color indication is created.

      like wise I have clicked on create button on all the nodes available in the left pane in transaction STRUST, and in all the Nodes a sub node with green color indication is created.

      and than I went to transaction SMICM and try to activate https service, its still giving error Operation failed (rc=1)

      Message no. ICM006

      I have seen the trace fiel also, and this is the trace file output.

      [Thr 1099946304] Wed Jun 23 11:04:45 2010

      [Thr 1099946304] =================================================

      [Thr 1099946304] = SSL Initialization on AMD/Intel x86_64 with Linux

      [Thr 1099946304] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

      [Thr 1099946304] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

      resulting Filename = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

      [Thr 1099946304] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe

      [Thr 1099946304] = current UserID: "epdadm", env-var USER="epdadm"

      [Thr 1099946304] = using SECUDIR=/usr/sap/EPD/DVEBMGS00/sec

      [Thr 1099946304] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" not found! [ssslsecu_m

      [Thr 1099946304] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed

      secude_error 4129 (0x00001021) = "The PSE does not exist"

      [Thr 1099946304] >> Begin of Secude-SSL Errorstack >>

      [Thr 1099946304] *** ERROR => secudessl_Create_SSL_CTX(): PSE "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" not found! [ssslsecu_m

      [Thr 1099946304] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed

      secude_error 4129 (0x00001021) = "The PSE does not exist"

      [Thr 1099946304] >> Begin of Secude-SSL Errorstack >>

      [Thr 1099946304] ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SA

      ERROR in ssl_set_pse: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

      ERROR in af_open: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

      ERROR in secsw_open: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

      ERROR in secsw_open_pse_or_extension: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

      ERROR in sec_get_PSEtype: (4129/0x1021) The PSE does not exist : "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse"

      [Thr 1099946304] << End of Secude-SSL Errorstack

      [Thr 1099946304] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential

      for "/usr/sap/EPD/DVEBMGS00/sec/SAPSSLS.pse" [ssslxxi_mt.c 2278]

      [Thr 1099946304] *** ERROR => Initialization of SSL library failed NO SSL available!

      [Thr 1099946304] =================================================

      [Thr 1099946304] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR

      [Thr 1099946304] *** ERROR => IcmIActivateService: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv_mt. 737]

      [Thr 1099946304] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 50001, 2(rc=-14) [icxxmsg_mt.c 1872]

      [Thr 1099417920] Wed Jun 23 11:12:22 2010

      [Thr 1099417920] =================================================

      [Thr 1099417920] = SSL Initialization on AMD/Intel x86_64 with Linux

      [Thr 1099417920] = (700_REL,Jan 23 2008,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

      [Thr 1099417920] profile param "ssl/ssl_lib" = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

      resulting Filename = "/usr/sap/EPD/SYS/exe/run/linux-x86_64-glibc2.3/libsapcrypto.so"

      [Thr 1099417920] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe

      [Thr 1099417920] = current UserID: "epdadm", env-var USER="epdadm"

      [Thr 1099417920] = using SECUDIR=/usr/sap/EPD/DVEBMGS00/sec

      [Thr 1099417920] = Success SapCryptoLib SSL ready!

      [Thr 1099417920] =================================================

      [Thr 1099417920] *** ERROR => NiIBindSocket: SiBind failed for hdl 7 / sock 24

      (SI_EPORT_INUSE/98; I4; ST; 0.0.0.0:50001) [nixxi.cpp 3227]

      [Thr 1099417920] *** ERROR => IcmBindService: NiBuf2Listen failed for host epdsrv.spmcil.com:50001 (rc=-4): NIESERV_USED [icxxse

      [Thr 1099417920] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 50001, 2(rc=-1) [icxxmsg_mt.c 1872]

  • author's profile photo
    Former Member
    Posted on Jun 17, 2010 at 03:29 PM

    For configuring HTTPs follow the below steps:

    1. Download the SAP Cryptographic file from service market place.

    2. extract it and copy it to your kernel dir (/sapmnt/SID/exe)

    3. set the following parameter in RZ10

    icm/HTTPS/verify_client 1

    ssf/name SAPSECULIB

    sec/libsapsecu /sapmnt/SID/exe/libsapcrypto.so

    ssf/ssfapi_lib /sapmnt/SID/exe/libsapcrypto.so

    ssl/ssl_lib /sapmnt/SID/exe/libsapcrypto.so

    icm/server_port_1 PROT=HTTPS,PORT=8200,TIMEOUT=900

    4. Restart the server and then go to smicm and activate the port.

    For information on parameter you can check in market place.

    Thanks

    Shaz

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member User Satyam

      Hi Rahul,

      ERROR => Loading of SSL library failed NO SSL available

      As I said, please verify that all steps in the links I provided to you are completed.

      This error also tells you that the SSL configuration is not properly done.

      Regards,

      Shitij

  • author's profile photo
    Former Member
    Posted on Jun 17, 2010 at 03:34 PM

    Rahul-

    We need to activate the service in Tcode- SICF.

    Thanks,

    George Rayi

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Jun 23, 2010 at 06:17 AM

    Its not answered still

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on Jun 23, 2010 at 07:07 AM

    you can restart the ICM, smicm->administration->Exit Soft and then try to activate the port. if same problem then try to change the port number and see if its working for other port numbers.

    Remember if you do any changes you need to restart ICM.

    Thx

    Add comment
    10|10000 characters needed characters exceeded