SAP Knowledge Base Article - Preview

2523956 - SAP HANA Web Dispatcher HTTPS does not work

Symptom

You are configuring the SAP HANA WebDispatcher and the HTTPS connection is not working. Upon checking the OS level, you notice the https port in question (43<instance number>) is not being listened by 'hdbwebdispatc' process:

For example, instance number 00: 'netstat -plnt | grep 4300'

In the webdispatcher developer traces, the following messages can be found:

[Thr 139832848807680] =   current UserID: "hanadm",  env-var USER="hanadm"
[Thr 139832848807680] =   found SECUDIR environment variable
[Thr 139832848807680] =   using SECUDIR=/usr/sap/HAN/HDB00/hanahostname-1/sec
[Thr 139832848807680] = [ipf] ssl/server_pse="/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse"
[Thr 139832848807680] =       resulting Filename = "/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse"
[Thr 139832848807680] = [ipf] ssl/ciphersuites="175:PFS:HIGH::EC_HIGH:+EC_OPT"
[Thr 139832848807680] =   creating Envvar SAPSSL_CIPHERSUITES=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139832848807680] = [ipf] ssl/client_ciphersuites="175:PFS:HIGH::EC_HIGH:+EC_OPT"
[Thr 139832848807680] =   creating Envvar SAPSSL_CLIENT_CIPHERSUITES=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139832848807680] *** ERROR =>   secussl_Create_SSL_CTX():  PSE "/usr/sap/HAN/HDB00/hanahostname/sec/sapsrv.pse": File not found! [ssslsecu.c   2502]
[Thr 139832848807680] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed  (4129/0x00001021)

Or a similar error:

[Thr 139831995307776] Mon Nov 19 12:37:58:156 2018
[Thr 139831995307776] =================================================
[Thr 139831995307776] = SSL Initialization    platform tag=(linuxx86_64_gcc43)
[Thr 139831995307776] =   (749_REL patchno 418,Jan 19 2018,mt,ascii, 8/64/64)
[Thr 139831995307776] =   disabled FIPS 140-2 crypto kernel
[Thr 139831995307776] =   found CommonCryptoLib 8.5.19 (Jan 29 2018) [AES-NI,CLMUL,SSE3,SSSE3]
[Thr 139831995307776] =   current UserID: "hanadm",  env-var USER="hanadm"
[Thr 139831995307776] =   found SECUDIR environment variable
[Thr 139831995307776] =   using SECUDIR=/usr/sap/HAN/HDB00/hanahostname/sec
[Thr 139831995307776] = [ipf] ssl/ciphersuites=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139831995307776] = [ipf] ssl/client_ciphersuites=175:PFS:HIGH::EC_HIGH:+EC_OPT
[Thr 139831995307776] *** ERROR =>   secussl_Create_SSL_CTX():  PSE "/usr/sap/HAN/HDB00/hanahostname/sec/1": File not found! [ssslsecu.c   2865]
[Thr 139831995307776] secussl_Create_SSL_CTX: SSL_CTX_set_default_pse_by_name() failed  (4129/0x00001021)
[Thr 139831995307776]    => "The PSE file does not exist."
[Thr 139831995307776] >> ---------- Begin of Secu-SSL Errorstack ---------- >>
[Thr 139831995307776] 0x00001021 | SAPCRYPTOLIB | SSL_CTX_set_default_pse_by_name
[Thr 139831995307776] SAPCRYPTO API error
[Thr 139831995307776] The PSE file does not exist.
[Thr 139831995307776] 0xa1d50108 | TOKEN_TOKPSE | sec_SSL_CTX_set_asc
[Thr 139831995307776] Token application not existing
[Thr 139831995307776] << ---------- End of Secu-SSL Errorstack ----------
[Thr 139831995307776] *** ERROR => SapISSLAddCredential(): Error SSSLERR_PSE_ERROR trying to create SERVER Credential
        for "/usr/sap/HAN/HDB00/hanahostname/sec/1" [ssslxxi.c    3541]
[Thr 139831995307776] *** ERROR => Initialization of SSL library failed -- NO SSL available!
[Thr 139831995307776] =================================================
[Thr 139831995307776]
[Thr 139831995307776] <<- ERROR: SapSSLInit(read_profile=1)==SSSLERR_PSE_ERROR
[Thr 139831995307776] *** ERROR => IcmServInitSSL: SapSSLInit (rc=-40): SSSLERR_PSE_ERROR [icxxserv.c   549]
[Thr 139831995307776] *** WARNING => IcmAddService: Could not start service (rc=-14) PORT=4320,PROT=HTTPS,TIMEOUT=60,PROCTIMEOUT=600,VCLIENT=1 [icxxserv.c   1376]
[Thr 139831995307776] *** INFO => HDBService file (/usr/sap/HAN/HDB00/hanahostname/trace/icm_port_list) sucessfully written


Read more...

Environment

  • SAP HANA Platform
  • Embedded Web Dispatcher

 

Product

SAP HANA, platform edition all versions

Keywords

webdistpatcher, web dispatcher , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.