SAP PO – Unable to create a socket and encrypt SSL, illegal key size message

When executing some application call for https you receive sample error:

The reason is JCE policy files on the server are limited and not allowing the particular cipher/key size.

What we can do in this situation

It depends on the version of the SAP JVM which You using in the configuration. If You use JVM lower than 9 You should download and install the unlimited JCE policy files. The files put here:

<JDK dir>/jre/lib/security
for example: /sapmnt/SID/exe/jvm/linuxx86_64/sapjvm_8.1.067/sapjvm_8/jre/lib/security

If You use newer version You can simply uncomment the parameter #crypto.policy = unlimited in the java.security file. The directory is the same as above. At the end restart SAP instance.

Sometimes You can find in logs errors like below on the screen. I have in mind exactly: “…java.io.IOException: Communication over HTTPS. Unable to create a socket…

In this situation You should check note: 2708581 and prepare external SSL profile, for example, with name SSLContext.properties. When You have Your file ready, place it in the directory: /usr/sap/<SID>/SYS/global.

Now all that’s left is to point to the created file in ConfigTool -> cluster-data -> instance -> VM Parameteres -> System Tab. Use this property:

 iaik.security.ssl.configFile=file:/usr/sap/<SID>/SYS/global/SSLContext.properties
ConfigTool

At the end restart SAP instace.

Copyright © 2021. SAPBasisWorld.com Privacy Policy