SAP PO – Unable to create a socket and encrypt SSL, illegal key size message
When executing some application call for https you receive sample error:
The reason is JCE policy files on the server are limited and not allowing the particular cipher/key size.
What we can do in this situation
It depends on the version of the SAP JVM which You using in the configuration. If You use JVM lower than 9 You should download and install the unlimited JCE policy files. The files put here:
<JDK dir>/jre/lib/security for example: /sapmnt/SID/exe/jvm/linuxx86_64/sapjvm_8.1.067/sapjvm_8/jre/lib/security
If You use newer version You can simply uncomment the parameter #crypto.policy = unlimited in the java.security file. The directory is the same as above. At the end restart SAP instance.
Sometimes You can find in logs errors like below on the screen. I have in mind exactly: “…java.io.IOException: Communication over HTTPS. Unable to create a socket…“
In this situation You should check note: 2708581 and prepare external SSL profile, for example, with name SSLContext.properties. When You have Your file ready, place it in the directory: /usr/sap/<SID>/SYS/global.
Now all that’s left is to point to the created file in ConfigTool -> cluster-data -> instance -> VM Parameteres -> System Tab. Use this property:
iaik.security.ssl.configFile=file:/usr/sap/<SID>/SYS/global/SSLContext.properties
At the end restart SAP instace.