Symptom
You are configuring the SAP HANA WebDispatcher and the HTTPS connection is not working. Upon checking the OS level, you notice the https port in question (43<instance number>) is not being listened by 'hdbwebdispatc' process:
For example, instance number 00: 'netstat -plnt | grep 4300'
In the webdispatcher developer traces, the following messages can be found:
[Thr 139832848807680] = current UserID: "hanadm", env-var USER="hanadm"
[Thr 139832848807680] = found SECUDIR environment variable
[Thr 139832848807680] = using SECUDIR=/usr/sap/HAN/HDB00/hanahostname-1/sec
[Thr 139832848807680] = [ipf] ssl/server_pse="/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse"
[Thr 139832848807680] = resulting Filename = "/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse"
[Thr 139832848807680] = [ipf] ssl/ciphersuites="175:PFS:HIGH::EC_HIGH:+EC_OPT"
[Thr 139832848807680] = creating Envvar SAPSSL_CIPHERSUITES=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139832848807680] = [ipf] ssl/client_ciphersuites="175:PFS:HIGH::EC_HIGH:+EC_OPT"
[Thr 139832848807680] = creating Envvar SAPSSL_CLIENT_CIPHERSUITES=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139832848807680] *** ERROR => secussl_Create_SSL_CTX(): PSE "/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse": File not found! [ssslsecu.c 2502]
[Thr 139832848807680] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed (4129/0x00001021)
Or a similar error:
[Thr 139831995307776] Mon Nov 19 12:37:58:156 2018
[Thr 139831995307776] =================================================
[Thr 139831995307776] = SSL Initialization platform tag=(linuxx86_64_gcc43)
[Thr 139831995307776] = (749_REL patchno 418,Jan 19 2018,mt,ascii, 8/64/64)
[Thr 139831995307776] = disabled FIPS 140-2 crypto kernel
[Thr 139831995307776] = found CommonCryptoLib 8.5.19 (Jan 29 2018) [AES-NI,CLMUL,SSE3,SSSE3]
[Thr 139831995307776] = current UserID: "hanadm", env-var USER="hanadm"
[Thr 139831995307776] = found SECUDIR environment variable
[Thr 139831995307776] = using SECUDIR=/usr/sap/HAN/HDB00/hanahostname/sec
[Thr 139831995307776] = [ipf] ssl/ciphersuites=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139831995307776] = [ipf] ssl/client_ciphersuites=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139831995307776] *** ERROR => secussl_Create_SSL_CTX(): PSE "/usr/sap/HAN/HDB00/hanahostname/sec/1": File not found! [ssslsecu.c 2865]
[Thr 139831995307776] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed (4129/0x00001021)
[Thr 139831995307776] => "The PSE file does not exist."
[Thr 139831995307776] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 139831995307776] 0x00001021 | SAPCRYPTOLIB | SSL_CTX_set_default_pse_by_name
[Thr 139831995307776] SAPCRYPTO API error
[Thr 139831995307776] The PSE file does not exist.
[Thr 139831995307776] 0xa1d50108 | TOKEN_TOKPSE | sec_SSL_CTX_set_asc
[Thr 139831995307776] Token application not existing
[Thr 139831995307776] << ---------- End of Secu-SSL Errorstack ----------
[Thr 139831995307776] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
for "/usr/sap/HAN/HDB00/hanahostname/sec/1" [ssslxxi.c 3541]
[Thr 139831995307776] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139831995307776] =================================================
[Thr 139831995307776]
[Thr 139831995307776] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139831995307776] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c 549]
[Thr 139831995307776] *** WARNING => IcmAddService: Could not start service (rc=-14) PORT=4320,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=600,VCLIENT=1 [icxxserv.c 1376]
[Thr 139831995307776] *** INFO => HDBService file (/usr/sap/HAN/HDB00/hanahostname/trace/icm_port_list) sucessfully written
Read more...
Environment
- SAP HANA Platform
- Embedded Web Dispatcher
Product
Keywords
webdistpatcher, web dispatcher , KBA , BC-CST-WDP , Web Dispatcher , HAN-DB-SEC , SAP HANA Security & User Management , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.