Specifying that a Connection Should Use SSL

Use

Use the following procedure to specify the connections that should use SSL when the AS ABAP is the client component in the connection.

Prerequisites

The HTTP destination for the connection is defined in transaction SM59.

Procedure

Using the maintenance transaction for RFC destinations (SM59):

From the RFC destination tree, select the HTTP destination to modify.

Details about the RFC destination appear.
Select the Logon/Security tabstrip.
If the target system is an AS ABAP system, then select the logon method to use.

When you activate SSL with client authentication (see step 4), then the logon method that you specify here is only used if the server that you are connecting to is not configured to accept client authentication. The following options are available:
- Basic Authentication
- SAP Standard (logon tickets)
- SAP Trusted System (RFC trusted systems)
Under SSL, select Active and enter the name of the SSL client PSE to use in the field provided, for example, DFAULT (standard), ANONYM (anonymous), or the name of one of your individual SSL client PSEs.

Note

If you select the standard or an individual SSL client PSE, then the system will attempt to use SSL with mutual authentication. However, if the server you are connecting to is only configured for SSL with server authentication, then the system reverts to the logon method that you specified above (in step 3).

If you select the anonymous SSL client PSE, then the SSL connection is set up for SSL with server authentication only and the system will use the logon method that you specified above.
If you want to protect the use of the connection with an authorization, enter the value of the activity allowed in the Authorization field. The system then checks for the authorization when the destination is used. The authorization object used is S_ICF.

Example

For example, if you enter the value CHECK, then the user must have the following authorization: S_ICF-ICF_FIELD = 'DEST' and S_ICF-ICF_VALUE = 'CHECK' to be able to use the HTTP destination.
If the connection is set up for client authentication (not anonymous), then note the Distinguished Name for the server that applies to the PSE you selected.
1. Call the trust manager (transaction STRUST).
2. Select the PSE that you specified to use for the connection with a double-click.
  
  The server's Distinguished Name appears in the Owner field in the Own Certificate section.
3. Note this Distinguished Name. You will need it in the next step (see Maintaining the User Mapping for Incoming Connections that Use Authentication).