This website is not affiliated with, sponsored by, or approved by SAP AG.

SNC - could not open PSE

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

SNC - could not open PSE

Postby ivoncek » Mon Mar 26, 2007 11:18 am


I have system R/3 Ent. 470x110, Windows 2003 Server, Oracle 9i and the next problem:

I have this item of type PM3 in sm21 with text: "At least 003 errors found when certificates checked". When I run report SSF_ALERT_CERTEXPIRE, parts "System PSE" are "SNC (SAPCryptolib)" ok, but in parts "SSL Client (Anonymous)", " SSL Client (Standard)" and "SSL Server" I have the same error:

Error during SSF Get: could not open PSE
Use the Trust Manager (transaction STRUST) for error analysis

- but I think everything is ok in STRUST.

I run in report rsbdcos0 command "sapgenpse seclogin -l 2>&1" result:

running seclogin with user "SAPService[SAPSID]"

O: CN=[my_SAPSID], OU=[my_OU], O=[myO], C=SK
Options: LIFETIME= [date and time]

1 readable SSO-Credentials available

when I run command "sapgenpse seclogin -l" in command prompt as user [sapsid]adm, I've got output:

O: [...]
NOT readable for [sapsid]adm

NO readable SSO-Credentials available (total 1)

I read about setting environment variable USER with value SAPService[SAPSID] - I set it for user [sapsid]adm in domain-user form, but ... result was the same (no effect).

All SAP services in Windows run with user SAPService[SAPSID].

I understand, that PSE is created for user SAPService[SAPSID] - therefore when I am logged on server as [sapsid]adm, I cannot read PSE. But why I cannot read PSE from SAP system, report SSF_ALERT_CERTEXPIRE, and can read it from report rsbdcos0?

I checked my system according to SAP note 800240 and everything seems to be ok.

Have you any idea how to solve it?
Posts: 20
Joined: Sun May 02, 2004 5:19 am

Return to SAP Security

Who is online

Users browsing this forum: No registered users and 8 guests

This website is not affiliated with, sponsored by, or approved by SAP AG.