Using the SAP Cryptographic Library for SNC

The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems.

For example, you can use it for providing Secure Network Communications (SNC) between various SAP server components or for using the Secure Sockets Layer (SSL) protocol with the AS ABAP. For more information on the SAP Cryptographic Library, see SAP Note 1848999 Information published on SAP site .

This documentation describes using the SAP Cryptographic Library for SNC.

For more information about using the library for SSL, see Configuring the AS ABAP for Supporting SSL.

Integration

When using the SAP Cryptographic Library for SNC, the following information is necessary for the communication infrastructure:

The server and its communication partners must be configured for using SNC.
The server must possess a public and private key pair and public-key certificate, which is stored in the server's Personal Security Environment (PSE). Although you may obtain a certificate from a trusted Certification Authority (CA), for easier administration we recommend using a certificate that is signed by the server itself (self-signed). This documentation refers only to configuring the server when using a self-signed certificate.
At run-time, the server must have active credentials. This is accomplished by using the configuration tool to "open" the server's PSE.
The server must be able to verify its communication partner's identity. This is accomplished by importing the partner's public-key certificate into the server's own certificate list. As an alternative, you can use the same PSE for all server components. For examples of these scenarios, see:
- Scenario 1: Using a Single PSE for All Components
- Scenario 2: Using Individual PSEs for Components

Additional Information

For more information, see: