Hello
I am trying to configure https/ssl connnection for our hana web server but i am kind of struggling with the configuration.
I am following this document http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/00b45687-0613-3110-7183-de49e84a35b0?QuickLink=index&…
But the trace file shows me several errors.
| = SSL Initialization | platform tag=(linuxx86_64_gcc43) |
[Thr 140624459200256] = (740_REL,Sep 20 2013,mt,ascii,SAP_UC/size_t/void* = 8/64/64)
[Thr 140624459200256] DIR_INSTANCE="inblrllssc29"
[Thr 140624459200256] DIR_LIBRARY="exe"
[Thr 140624459200256] ssl/ssl_lib="/usr/sap/HA0/SYS/global/security/lib/libsapcrypto.so"
[Thr 140624459200256] profile param "ssl/ssl_lib" = "/usr/sap/HA0/SYS/global/security/lib/libsapcrypto.so"
| [Thr 140624459200256] | resulting Filename = "/usr/sap/HA0/SYS/global/security/lib/libsapcrypto.so" |
[Thr 140624459200256] = found SAPCRYPTOLIB 5.5.5C pl36 (Jul 3 2013) MT,AESNI,NB
[Thr 140624459200256] = current UserID: "ha0adm", env-var USER="ha0adm"
[Thr 140624459200256] = found SECUDIR environment variable
[Thr 140624459200256] = using SECUDIR=/usr/sap/HA0/HDB00/inblrllssc29/sec
[Thr 140624459200256] ssl/server_pse="/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] profile param "ssl/server_pse" = "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
| [Thr 140624459200256] | resulting Filename = "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse" |
[Thr 140624459200256] ssl/ciphersuites="193:HIGH:MEDIUM:+e3DES"
[Thr 140624459200256] ssl/client_ciphersuites="192:HIGH:MEDIUM:+e3DES"
[Thr 140624459200256] *** ERROR => secussl_Create_SSL_CTX(): PSE "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse": unable to use! [ssslsecu.c 1896]
[Thr 140624459200256] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed --
[Thr 140624459200256] secude_error 1824 (0x00000720) = "Wrong or Missing PIN for PSE"
[Thr 140624459200256] >> ---------- Begin of Secude-SSL Errorstack ---------- >>
[Thr 140624459200256] ERROR in SSL_CTX_set_default_pse_by_name: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] ERROR in ssl_set_pse: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] ERROR in af_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] ERROR in secsw_open: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] ERROR in sec_parse_PSEInfo_cont: (1824/0x0720) Wrong or Missing PIN for PSE : "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse"
[Thr 140624459200256] << ---------- End of Secude-SSL Errorstack ----------
[Thr 140624459200256] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
| for "/usr/sap/HA0/HDB00/inblrllssc29/sec/SAPSSL.pse" [ssslxxi.c | 2721] |
[Thr 140624459200256] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 140624459200256] =================================================
[Thr 140624459200256]
[Thr 140624459200256] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 140624459200256] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 362]
[Thr 140624459200256] *** WARNING => IcmAddService: Could not start service (rc=-14) PORT=4300,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=600,VCLIENT=0 [icxxserv.c 981]
[Thr 140624459200256] *** WARNING => IcmAddService: Protocol WEBSOCKET cannot be explicitely added, ignore call [icxxserv.c 750]
[Thr 140624459200256] *** WARNING => IcmAddService: Protocol WEBSOCKETS cannot be explicitely added, ignore call [icxxserv.c 750]
[Thr 140624459200256] *** INFO => HDBService file (inblrllssc29/trace/icm_port_list) sucessfully written
Could somebody help me out here ?
Best Regards
Vivek