VarjuOrg

Linux / Windows – what's the difference…

HTTPS/SSL on SAP as Client (Configuring the AS ABAP for Supporting SSL)

There may be a need for adding SSL client capabilities for SAP server. Here is how it worked for me:

1. Download SAPCryptoGraphy library:
service.sap.com/support -> Maintenence and Services -> SAP Trust Center Services -> Download Area
2. Extract SAPCryptoGraphy library files a’la:
SAPCAR -xvf SAPCRYPTOLIB_XX-XXXXXXXX.SAR
3. Install SAP Crypto files:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/49/236897bf5a1902e10000000a42189c/content.htm
NB! Dont forget environmental variable SECUDIR
For csh:
vi .cshrc
setenv SECUDIR /usr/sap/SID/DVEBMGSXX/sec/

For bash:
vi .bashrc
export SECUDIR=/usr/sap/SID/DVEBMGSXX/sec/

4. Setting the Profile Parameters for Using SSL:
http://help.sap.com/saphelp_nw70ehp2/helpdata/en/49/23691cbf5a1902e10000000a42189c/content.htm
In my case following parameters were needed to be add:
ssl/ssl_lib = /usr/sap/SID/SYS/exe/run/libsapcrypto.so
sec/libsapsecu = /usr/sap/SID/SYS/exe/run/libsapcrypto.so
ssf/ssfapi_lib = /usr/sap/SID/SYS/exe/run/libsapcrypto.so
ssf/name = SAPSECULIB

icm/server_port_1 = PROT=HTTPS, PORT=1443, TIMEOUT=900
icm/HTTPS/verify_client = 1

5. Stop and start SAP as sidadm:
sudo su - sidadm
stopsap r3
startsap r3

6. Log on to SAP with your admin user vi saplogon GUI
7. Go to trans: STRUST
There should be now:
System PSE
SSL Server standard
SSL Client (anonymous)
SSL Client (Standard)
and others …
8. Generate “System PSE” (right click – create)
No matter what the name is – just save default 😉
9. Generate “SSL Client (Standard)” (right click – create)
No matter what the name is – just save default 😉
10. Go to website to/from you want data to be sent:
a’la: https://somesecure.server.com
NB! Save and export that servers cert!
(Perferrably to some location that you can access it within SAPGui)
11. Goto STRUST -> SSL Client -> PSE (click on your server name)
Find „Certificate“ , press „Import Certificate“ small green button.
File path should be the location and filename of your previously saved sertificate!
Check „Base64“
Enter
12. Now add newly added cert to list via button: „Add to Certificate List“
13. Generate also “SSL SERVER STANDARD” (This is to avoid problems with HTTPS service!)
13. Save and restart ICM
14. Congrats! Now you can add secure outgoing HTTPS connections via SM59.

(NB! Should you enconter problems witn ICM then check trans SMICM logs/status/services and also tracelog: /usr/sap//DVEBMGS/work/dev_icm)

Ref: Configuring the AS ABAP for Supporting SSL via SAP HELP PORTAL
Also – Many thanks to my friend Reemet who helped to put this little customized HowTo together and provided links 😀

, ,

Leave a Reply

Your email address will not be published. Required fields are marked *