SAP Knowledge Base Article - Preview

3339092 - SSL certificate set up in the message server

Symptom

  • Need instructions on how to set up the certificate for the ASCS server.

  • HTTPS port initialization on the message server fails with following error displayed on its trace file:

    [Thr ..] *** ERROR =>   secussl_Create_SSL_CTX():  PSE "/usr/sap/<SID>/ASCS<number>/sec/SAPSSLS.pse": File not found! [ssslsecu.c   2910]
    [Thr ..] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed  (4129/0x00001021)
    [Thr ..]    => "The PSE file does not exist."
    [Thr ..] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
    [Thr ..] 0x00001021 | SAPCRYPTOLIB | SSL_CTX_set_default_pse_by_name
    [Thr ..] SAPCRYPTO API error
    [Thr ..] The PSE file does not exist.
    [Thr ..] 0xa1d50108 | TOKEN_TOKPSE | SSL_CTX_set_default_pse_by_name
    [Thr ..] Token application not existing
    [Thr ..] Cannot open PSE (PSE=/usr/sap/<SID>/ASCS<number>/sec/SAPSSLS.pse, SECUDIR=/usr/sap/<SID>/ASCS<number>/sec, user=<sid>adm <sid>adm <sid>adm)
    [Thr ..] 0xa1d50108 | TOKEN_TOKPSE | sec_SSL_CTX_set_asc
    [Thr ..] Token application not existing
    [Thr ..] << ---------- End of Secu-SSL Errorstack ----------
    [Thr ..] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
            for "/usr/sap/<SID>/ASCS<number>/sec/SAPSSLS.pse" [ssslxxi.c    3553]
    [Thr ..] <<- ERROR: SapSSLCreateCredHdl()==SSSLERR_PSE_ERROR
    [Thr ..]      in: cred_name      = "**DEFAULT**"
    [Thr ..]      in: cache_size     = -1
    [Thr ..]      in: cache_lifetime = -1
    [Thr ..] *** ERROR => MsHttpsInit: SapSSLCreateCredHdl(server-default) (rc=-40): SSSLERR_PSE_ERROR [msxxhttp.c   3389]

  • Or either:

    *** ERROR =>   secussl_Create_SSL_CTX():  PSE "/usr/sap/<SID>/ASCS<number>/sec/SAPSSLS.pse": PSE does not exist or File not found! [ssslsecu.c   3369]
    (...)
    *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_NOT_EXISTING trying to create SERVER Credential
    for "/usr/sap/<SID>/ASCS<number>/sec/SAPSSLS.pse" [ssslxxi.c    3553]
    <<- ERROR: SapSSLCreateCredHdl()==SSSLERR_PSE_NOT_EXISTING
         in: cred_name      = "**DEFAULT**"
         in: cache_size     = -1
         in: cache_lifetime = -1
    *** ERROR => MsHttpsInit: SapSSLCreateCredHdl(server-default) (rc=-83): SSSLERR_PSE_NOT_EXISTING [msxxhttp.c   3389]


Read more...

Product

SAP NetWeaver all versions

Keywords

File not found!, SSL_CTX_set_default_pse_by_name() failed, Error SSSLERR_PSE_ERROR trying to create SERVER Credential, PSE does not exist or File not found!, SSSLERR_PSE_NOT_EXISTING, Open HTTPS port for message server, SECUDIR , KBA , BC-CST-MS , Message Service , BC-SEC-SSL , Secure Sockets Layer Protocol , BC-SEC-SSF , Secure Store and Forward , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.