SSL Configuration of the SAP Host Agent

Sometimes you can see this error : [Thr 140186850277248] *** ERROR =>   secudessl_Create_SSL_CTX():  PSE "/usr/sap/hostctrl/exe/sec/SAPSSLS.pse": File not found! [ssslsecu_mt. 1796]

As user root:


# cd /usr/sap/hostctrl/
# cd exe
# mkdir sec
# cd sec


Set envrionment


# export SECUDIR=/usr/sap/hostctrl/exe/sec

Create server PSE


# /usr/sap/hostctrl/exe/sapgenpse get_pse -p SAPSSLS.pse -noreq -x <PASSWORD> “CN=<HOSTNAME>”
# ls /usr/sap/hostctrl/exe/sec/SAPSSLS.pse



Grant Host Agent access to the server PSE


# /usr/sap/hostctrl/exe/sapgenpse seclogin -p SAPSSLS.pse -x <PASSWORD> -O sapadm



Verify the chain
# /usr/sap/hostctrl/exe/sapgenpse get_my_name -p SAPSSLS.pse -x <PASSWORD> –v

Allow file access
# chmod 644 /usr/sap/hostctrl/exe/sec/SAPSSLS.pse

Restart Host Agent
# /usr/sap/hostctrl/exe/saphostexec –restart pf=/usr/sap/hostctrl/exe/host_profile

SAP Host Agent should now be listening on port 1129
# cd /usr/sap/hostctrl/work
# grep 1129 /usr/sap/hostctrl/work/sapstartsrv.log

Webservice SSL thread started, listening on port 1129

Trusted https connect via Unix domain socket ‘/tmp/.sapstream1129’ enabled.

https://blogs.sap.com/2016/02/24/ssl-configuration-of-the-sap-host-agent/