"I can only imagine that SNC is not setup correctly at ABAP side."

In this regard, it is also interesting to know, that some old SAP Systems used port 3300 for both, plain-text and SNC communication. Newer SAP Systems use 3300 for plain and 4800 for SNC communication. Perhaps your SAP system is still using 3300 for both? You can try out by removing jco.client.sysnr=00 and adding jco.client.gwserv = 3300 for the SNC case.

As far as I know, port 48nn was always mandatory for SNC, and 33nn could only be configured in addition, but not exclusively.
Anyway, removing jco.client.sysnr won't work. This is a mandatory parameter for RFC direct application server logons.

Thank you.

I have verified that sysnr alone is not sufficient because the default is 4800. It still needs gwserv as well.

Will try snc_sso=0 and check with Basis if server is listening to 4800.

No, specifying sysnr alone is sufficient. It results in 33<sysnr> for normal and 48<sysnr> for SNC connections. You can see in your error message that this worked.
Of course, the backend server must listen to this port.

@ulrich.schmidt

As suggested, I tried using jco.client.gwserv = 3300 and jco.client.snc_sso=0 as seen below:
My use case is simply passing SNC parameters to SAP Application Server from a java client on Windows using sapjco.jar connector.
jco.client.ashost=nn.nnn.nnn.nnn
jco.client.sysnr=00jco.client.gwserv = 3300jco.client.client=800jco.client.user=<userId>jco.client.passwd=<passwd>jco.client.lang=enjco.client.snc_mode=1
jco.client.snc_qop=1jco.client.snc_myname=p:CN=XQ3jco.client.snc_lib=C:/SAPWorkdir/sapcrypto.dlljco.client.snc_partnername=p:CN=XQ3, OU=I0090125263, O=SAP Web ASjco.client.snc_sso=0Now I got a credential error from the security context as follows:
No credentials were supplied
Unable to establish the security contexttarget="p:CN=XQ3, OU=I0090125263, O=SAP Web AS"
What did I miss?

The configuration of the SNC PSE. See https://me.sap.com/notes/1525059

"My use case is simply passing SNC parameters to SAP Application Server from a java client on Windows using sapjco.jar connector."

This is wrong. Neither sapjco.jar nor the SAP Application Server have anything to do with the SNC parameters! What you are really doing is to pass SNC parameters to a third-party cryptographic library (which in this case happens to be sapcrypto.dll), and this third-party library then does some operating system dependent stuff, using security tokens or certificates to establish a trusted & encrypted connection with the same third-party library on SAP AS side.

In this case, the crypto library happens to be from SAP, so we can say a bit more about what it does, and what the error message means: on Windows, sapcrypto.dll accesses a special Certificate Store on the machine and tries to find a certificate associated with the current Windows user. (Not to be confused with the ABAP user specified in jco.client.user!)

The error message "No credentials were supplied" means, that the Windows user, under which the java.exe process is running, does not have permission to access the Certificate Store. How does it get that permission? Well, here the first question to ask is: are you using Secure Login Client or did you just download the CommonCrypto Lib and copy it to C:\SAPWorkdir?

I would recommend to install and use Secure Login Client (SLC), because it comes for free and makes the management of your user certificate very easy. If you are not using SLC, you are responsible for setting up everything yourself, e.g. defining the correct SECUDIR environment variable, so the PSE file can be found, and using sapgenpse to grant the current Windows user, under which java.exe is running, the necessary permissions to access and use the certificates in the PSE file (or in the Microsoft Certificate Store).

No, I haven't installed and used SLC yet. Can I bypass SLC by specifying jco.client.snc_lib=/usr/sap/XQ3/SYS/exe/run/libsapcrypto.so

located on SAP AS (instead of C:/SAPWorkdir/sapcrypto.dll on my desktop). Or SLC is mandatory in either library?

Is this question serious?

This is nonsense for two reasons:
a) a program running on your Windows desktop cannot access files located in the filesystem of the SAP AS...
b) a library compiled for Linux cannot be used by the Windows operating system...