Skip to Content
avatar image
Former Member

SSL certificate renew problem, problem with PIN, credentials issue

hi, my SSL certificate on ABAP only system is expired, when I try to renew it i have issue with PIN.

when I want to import SAPSSLS.pse using STRUST , it says :can't open PSE.

I am not able to add the credetials for the SAPSSLS.pse for the user SAPServiceSF3. but I could add for <SIDADM> user.

it gives the below error.

H:\usr\sap\SF3\DVEBMGS00\sec>sapgenpse seclogin -p H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse -x 2bs4SF3 -O hg10521\SAPServicesf3

running seclogin with USER="sf3adm"

creating credentials for user "HG10521\SAPServicesf3"...

seclogin: Couldn't open PSE

ERROR in af_open: (1824/0x0720) Wrong PIN for PSE

ERROR in secsw_open: (1824/0x0720) Wrong PIN for PSE

ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong PIN for PSE

below is dev_icm log content

******************************Thr 2624] = SSL Initialization on PC with Windows NT

[Thr 2624] = (640_REL,Aug 12 2007,mt,ascii,SAP_UC/size_t/void* = 16/64/64)

[Thr 2624] SapISSLComposeFilename(): profile param "ssl/ssl_lib" = "H:\usr\sap\SF3\SYS\exe\run\sapcrypto.dll"

resulting Filename = "H:\usr\sap\SF3\SYS\exe\run\sapcrypto.dll"

[Thr 2624] = found SAPCRYPTOLIB 5.5.5C pl29 (Jan 30 2010) MT-safe

[Thr 2624] = current UserID: HG10521\SAPServicesf3

[Thr 2624] = found SECUDIR environment variable

[Thr 2624] = using SECUDIR=H:\usr\sap\SF3\DVEBMGS00\sec

[Thr 2624] *** ERROR => secudessl_Create_SSL_CTX(): PSE "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse" not found! [ssslsecu.c 1296]

[Thr 2624] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --

secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"

[Thr 2624] >> -


Begin of Secude-SSL Errorstack -


>>

[Thr 2624] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse"

ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse"

ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse"

ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse"

ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "H:\usr\sap\SF3\DVEBMGS00\sec\SAPSSLS.pse"

[Thr 2624] << -


End of Secude-SSL Errorstack -


[Thr 2624] *** ERROR => Initialization of SSL library failed -- NO SSL available!

[Thr 2624] =================================================

please help. Pavan KUmar,

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Jun 28, 2010 at 06:40 AM

    Hi,

    First time when you created the SSL certificate you may have provided some password when has been stored in PSE file.

    Now you have provide the same password while renewing the certificate.

    If, you don't remeber the password , then no option, you have to do all the procedure begining from PSE generation.

    Thanks

    Anil

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hello oliver,

      we have already identified this 6 months back, and following secured PIN strategy that is randomly generated by a tool.

      to make the experts like you to understand my situtaion for more clarity, I had given a example, actual passowrd is slightly different. if you want to know passowrd, you do not have any other option except joining my conmpany*, anyway, I accpt your feedback usually custoemers may feel insecure about the post.

      hope you are not one among 100 !

      Regards,

  • avatar image
    Former Member
    Jul 29, 2010 at 04:15 PM

    I have created the .pse file but get the following on the ZSST_TEST_PSE program.

    Test signature

    Signature ERROR - Unknown signer or recipient

    Test encryption

    Encryption ERROR - Unknown signer or recipient

    I do not see how to correct this in note:800240.

    Thanks,

    Sherry

    Edited by: Sherry Samson on Jul 29, 2010 10:47 PM

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 19, 2010 at 07:48 AM

    Hi,

    The problem had to do with setting up the PIN for the correct system user that was starting up the service.

    Try executing the command for the SAPSERVICE<SID> user.

    Regards

    Valavan.SM

    Add comment
    10|10000 characters needed characters exceeded