Showing results for 
Search instead for 
Did you mean: 

configuring ssl for java in dual stack installation

Former Member
0 Kudos


we are facing an issue when configuring https on java as in dual stack installation.

we are under PI 7.3, we have flowed sap document to configuring sSL ON JAVA AS

in instance parameter profile (ABAP instance) we have add flowing parameter:

ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

sec/libsapsecu = $(ssl/ssl_lib)

ssf/ssfapi_lib = $(ssl/ssl_lib)

icm/server_port_5 = PROT=HTTPS,PORT=8443, TIMEOUT=1800,PROCTIMEOUT=1800

on AS java we have created and imported signed certificate successfully as motioned in link above

Now, when try to activate in SMICM tcode the https service we got :

Thr 7092] = SSL Initializationplatform tag=(NTAMD64)

Thr 7092] =   (720_REL,Mar 20 2012,mt,ascii-uc,SAP_UC/size_t/void* = 16/64/64)

Thr 7092] =   found SAPCRYPTOLIB  5.5.5C pl32  (Apr  2 2011) MT-safe

Thr 7092] =   current UserID: AR\SAPServicePID

Thr 7092] =   found SECUDIR environment variable

Thr 7092] =   using SECUDIR=J:\usr\sap\PID\DVEBMGS00\sec

Thr 7092] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse": File not found! [ssslsecu.c

Thr 7092] secudessl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed

Thr 7092]   secude_error 4129 (0x00001021) = "The PSE does not exist"

Thr 7092] >>        Begin of Secude-SSL Errorstack        >>

Thr 7092] ERROR in SSL_CTX_set_default_pse_by_name: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\

Thr 7092] ERROR in ssl_set_pse: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse"#

Thr 7092] ERROR in af_open: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse"#

Thr 7092] ERROR in secsw_open: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse"#

Thr 7092] ERROR in secsw_open_pse_or_extension: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse"#

Thr 7092] ERROR in sec_get_PSEtype: (4129/0x1021) The PSE does not exist : "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse"#

Thr 7092] <<        End of Secude-SSL Errorstack

Thr 7092] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential

for "J:\usr\sap\PID\DVEBMGS00\sec\SAPSSLS.pse" [ssslxxi.c2417]
Thr 7092] *** ERROR => Initialization of SSL library failedNO SSL available!

Thr 7092] =================================================

Thr 7092]

Thr 7092] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR

Thr 7092] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   254]

Thr 7092] *** WARNING => Could not reactivate service (rc=-14) PORT=8443,PROT=HTTPS,TIMEOUT=1800,PROCTIMEOUT=1800,VCLIENT=1 [icxxse

Thr 7092] *** ERROR => IcmHandleMonServMsg: IcmActivateService failed for 8443, 2(rc=-14) [icxxmsg.c2738]

Thr 10748] Wed Oct 17 13:48:39 2012

Thr 10748] *** ERROR => NiIShutdownHandle: SiShutdown failed for hdl 231/sock 7492

thank you in advance for your help

View Entire Topic
Former Member
0 Kudos

problem solved by adding view parameter pse_location

0 Kudos

Hi there, We have many errors in PI dual stack system 7.31 in ICM log:

Thr 9140] *** ERROR => NiIShutdownHandle: SiShutdown failed for hdl 452/sock 22076

where is the parameter pse_location configured ? thanks in advance.

Former Member
0 Kudos


Go to NWA --> key and certificate

click on ICM_SSL_xx --> you find parameter

hope this help