Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HTTPS Webservice Consumer Proxy - SSL Error

Former Member

‎2014 Sep 17 7:58 AM

0 Likes
1,530

Hello all !

I'm encountering an issue while testing the connection to a HTTPS Webservice

Considering HTTPS and SSL have been installed correctly in our SAP system and the HTTPS is activated (green flag in SMICM)

I have done the following things :

1) I have configured a logical port in SOAMANAGER

Within the Consumer Security TAB (X.509 SSL Client PSE)

I put DFAULT value in the SSL Client PSE (STRUST)

the authentification Method is sapsp:HTTPX509

In the transport settings Port is 443 (port of HTTPS is configured differently in our SAP system)

2) In transaction STRUST I added the certificate of my webservice (imported from Firefox)

in the SSL client (Standard), there is a own certificate self signed by SAP Trust Community for my SAP instance

There I imported my certificate from the Webservice I need to reach and added it to the certificate list.

3)When I ping my WebService,

I receive the following Log in SMICM ==> (Trace Level 3)

[Thr 1286]   SSL NI-sock: local=xxx  peer=xxxx:443

[Thr 1286] <<- SapSSLSetNiHdl(sssl_hdl=116c58850, ni_hdl=129)==SAP_O_K

[Thr 1286] ->> SapSSLSetSessionCredential(sssl_hdl=116c58850, &cred_name=116c58810)

[Thr 1286]   SapISSLComposeFilename(): Filename = "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286]   SecudeSSL_SetSessionCred(): request for default client credentials

[Thr 1286] <<- SapSSLSetSessionCredential(sssl_hdl=116c58850)==SAP_O_K

[Thr 1286]      in: cred_name = "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286] IcmConnInitClientSSL: using pse /usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse, show client certificate if available

[Thr 1286] ->> SapSSLSetTargetHostname(sssl_hdl=116c58850, &hostname=116c587d0)

[Thr 1286] <<- SapSSLSetTargetHostname(sssl_hdl=116c58850)==SAP_O_K

[Thr 1286]      in: hostname = "www.XXX.xx" (hostname of my webservice)

[Thr 1286] ->> SapSSLSessionStart(sssl_hdl=116c58850)

[Thr 1286]   SapISSLUseSessionCache(): Creating NEW session (0 cached)

[Thr 1286] *** ERROR during SecudeSSL_SessionStart() from SSL_connect()==SSL_ERROR_CONNECTION_LOST

[Thr 1286]    session uses PSE file "/usr/sap/XXX/DVEBMGS50/sec/SAPSSLC.pse"

[Thr 1286] No Secude Error present in trace stack!

[Thr 1286]   SSL_get_state() returned 0x00002120 "SSLv3 read server hello A"

[Thr 1286]   No certificate request received from Server

[Thr 1286] <<- ERROR: SapSSLSessionStart(sssl_hdl=116c58850)==SSSLERR_SSL_CONNECT

[Thr 1286] ->> SapSSLErrorName(rc=-57)

[Thr 1286] <<- SapSSLErrorName()==SSSLERR_SSL_CONNECT

[Thr 1286] *** ERROR => IcmConnInitClientSSL: SapSSLSessionStart failed (-57): SSSLERR_SSL_CONNECT {00010077} [icxxconn_mt.c 1989]

[Thr 1286] ->> SapSSLSessionDone(&sssl_hdl=1107eebd8)

[Thr 1286] <<- SapSSLSessionDone()==SAP_O_K

[Thr 1286]      in: sssl_hdl   = 116c58850

[Thr 1286]          ... ni_hdl = 129

Could you tell me what's wrong ? or what I'm missing ?

Is it the right place I have put my certificate in STRUST ? According to the Webservice I call It needs to be a one-way authentification (no client certificate needed)

I saw that the SNC SAPCryptoLib node is not activated, is it the reason of the error ?

I'm a bit lost...

Many Thanks !!!

Kr,

Jonathan,

1 REPLY 1
Read only

Former Member

‎2015 Apr 30 12:42 PM

0 Likes
683

Hello Jonathan,

we're you able to resolve your issue? I am also seeing this in our traces.

Thanks in advance for your feedback.

Kind regards,

Warren