GSS-API(maj) : No credential were supplied , Unable to establish security context

I want to Configure SAP Abap (standalone) to use X509 Authentication.

I followed the following steps.

1. Created the profile parameter

• ssf/name= SAPSECULIB
• ssl/ssl_lib =  C:\usr\sap\XYZ\SYS\exe\uc\NTAMD64\sapcrypto.dll
• sec/libsapsecu = C:\usr\sap\XYZ\SYS\exe\uc\NTAMD64\sapcrypto.dll
• ssf/ssfapi_lib = C:\usr\sap\XYZ\SYS\exe\uc\NTAMD64\sapcrypto.dll
• snc/gssapi_lib = C:\usr\sap\xyz\SYS\exe\uc\NTAMD64\sapcrypto.dll
• snc/identity/as = p:CN=sr3, OU=I0020217358, O=Mycompany Inc, C=US
• Restart the server .

  2.  Created pse for server

• Transaction strust
• created sapcryptolib pse
• SNC ID which is taken from the instance parameter "snc/identity/as."
• Assign Password

  3. Create PSE for the Client

• Set the Environment variable SECUDIR to sec folder
• Executed the command : sapgenpse gen_pse -v -p SR3.pse
• Created pse with DN : CN=sr3, OU=I0020217358, O=XYZ Enterprise Solutions Holdings Inc, C=US
• signed that certificate from ca authority and get sr3.crt ,
  
• sapgenpse export_own_cert -v -p SR3.pse -o SR3.crt

4. Imported the Client Certificate to Server PSE.

• Open the Node SNC (SAPCryptolib) again
• Enter the SAPCryptolib password.
• Import certificate button.
• Set the file format to Base64 and choose the file
• Added to Certificate List

  5.     Exported the Server Certificate.

• At node SNC (SAPCryptolib),
• Export certificate.
• From the File tab, choose Base64 for the File format and provide a name for the file.

6.   Imported the Server Certificate to the Client PSE

• sapgenpse maintain_pk -v -a SR3.crt -p SR3.pse

7. Created the cred_v2 file

• sapgenpse seclogin  -p SR3.pse -x 123456 -O [<Windows_Domain>\]<sidadm>
• runned sucessfully.

8.  Allowed SNC RFC Connection.

• Start Transaction SM30 and enter the view VSNCSYSACL.
• Choose "E" for the Type of ACL entry.
• Enter System ID and SNC name.
• Save the entry.

9. Map the X.509 Certificate to the User.

The X.509 Certificate must be accepted for a successful Login.

• Start Transaction SM30.
• Enter VUSREXTID and click Maintain.
• Using the view VUSREXTID, you can setup a mapping between the Distinguished Name provided by a X.509 Certificate and an ABAP User.
• Choose the Distinguished Name for the External ID type.
• Create a new entry and activate it.

10. set the Environment variable : snc_lib: C:\Program Files (x86)\SAP\FrontEnd\SAPgui\Encryption\secgss.dll .on th host where sap gui is installed.

I followed all this step successfully.

but when i am using sap gui with SCN enabled  DN : p:CN=sr3, OU=I0020217358, O=Infor Enterprise Solutions Holdings Inc, C=US

i am receiving error.

GSS-API(maj) : No credential were supplied , Unable to establish security context.

Is there any thing  I did wrong or missed in this steps?

Does Out of box pki is necessery for sap gui to use x509 certificate?