SAP Knowledge Base Article - Preview

2629916 - sapcontrol returns: Creating credential from instance PSE failed, Loading instance PSE failed or Peer not trusted


The SUM is failing reporting the following error:

[Error ]: The following problem has occurred during step execution: SUM has detected that the SystemPKI is supported by your system. To continue, you have to configure it as described in SAP Note 2200230.

Running the sapcontrol command triggered by SUM reports the following error:

sapcontrol -nr <NR> -host <host> -systempki /usr/sap/<SID>/SYS/profile/<profile> -function AccessCheck Stop

Creating credential from instance PSE failed
Loading instance PSE failed
Failed to verify peer certificate. Peer not trusted.

Using sapcontrol on debug mode something similar to following:

sapcontrol -nr <NR> -host <host> -systempki <profile path> -debug -function AccessCheck Stop

[Thr 139770004993824] *** ERROR => secussl_Create_SSL_CTX(): PSE "#_MemPSE_#498392645980839848367840": File not found! [ssslsecu.c 2413]
[Thr 139770004993824] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed (4129/0x00001021)
[Thr 139770004993824] => "The PSE file does not exist."
[Thr 139770004993824] SapISSLDeleteCTX(): deleting SSL_CTX (cred "<NULL>",refcount=0)
[Thr 139770004993824] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create CLIENT Credential
for "#_MemPSE_#498392645980839848367840" [ssslxxi.c 3109]
[Thr 139770004993824] <<- ERROR: SapSSLCreateCredHdl()==SSSLERR_PSE_ERROR
Creating credential from instance PSE failed


[Thr 01] SSL_get_state()==0x2131 "TLS read server certificate B"
[Thr 01] *** ERROR during SecuSSL_SessionStart() from SSL_connect()==SSL_ERROR_SSL
[Thr 01] SecuSSL_SessionStart: SSL_connect() failed (536872221/0x2000051d)
[Thr 01] => "Failed to verify peer certificate. Peer not trusted."
[Thr 3608] *** ERROR => Exit ssfPkiCreateOnTheFlyInstancePSE: Could not get root PSE [ssfxxpki.c 1305]
[Thr 3608] *** ERROR => ssfPkiGetInstancePSE: Could not get instance PSE [ssfxxpki.c 591]
Loading instance PSE failed
ERROR => ssfAuxCreateMemoryPSE: Could not open instance PSE F:\usr\sap\<SID\<instance>\sec\sap_system_pki_instance.pse [ssfxxpki.c 478]
Loading instance PSE failed



  • SAP NetWeaver


SAP NetWeaver all versions


SystemPKI, 2200230, AccessCheck, Creating credential from instance PSE failed, Loading instance PSE failed, Failed to verify peer certificate, Peer not trusted, secussl_Create_SSL_CTX, SSL_CTX_set_default_pse_by_name, SapISSLAddCredential, SSSLERR_PSE_ERROR, SSSLERR_PSE_ERROR, ssfPkiCreateOnTheFlyInstancePSE, ssfPkiGetInstancePSE, ssfAuxCreateMemoryPSE, Could not open instance PSE, ssf/name, ssl/ssl_lib, ssf/ssfapi_lib, sec/libsapsecu, SECUDIR, UpdateSystemPKI, ssfPkiCreateRootPSE, RSecSSFsCreateDirectories , KBA , could not get pin from secstorefs , BC-CST-STS , Startup Service , BC-CST , Client/Server Technology , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.