You can use this procedure to configure the necessary ICM parameters to enable the use of SSL for accessing the AS Java.
SSL is supported for the protocols:
Protocol | Secured Protocol |
---|---|
HTTP |
HTTPS |
IIOP |
IIOPSEC |
P4 |
P4SEC |
The server uses the same key pair and SSL certificates for all of the protocols.
The protocol and port information are specified in the ICM parameter icm/server_port_<xx> , where <xx> is a sequential number. When setting the port for HTTPS, make sure you select a number that is not already being used.
You can use either the ICM Monitor or the Web Administration Interface to check the parameter settings.
Configuration from instance profile filename
You can find the instance profile at the following location in the AS Java host file system: /usr/sap/<SID>/SYS/profile . The profile has the name <SID>_<instance>_<hostname> .
# SSL Configuration: Location of the SAP Cyrptographic Library ssl/ssl_lib = <Location of the SAP Cryptographic Library> # <protocol> port configuration icm/server_port_<xx> = PROT=<protocol>, PORT=5$(SAPSYSTEM)01[, VCLIENT=<0,1,2>]
To configure a different port for HTTPS communication, specify the desired port in the PORT= parameter.
In addition, to specify the server's behavior regarding the use of certificates for client authentication, set the corresponding value in the VCLIENT= parameter:
There are also additional optional parameters. For example, to specify port-specific SSL configurations, use the parameter icm/ssl_config_<xx> . For more information, see icm/server_port_<xx> .
See the example below.
After restarting the ICM instance, the HTTPS port configuration appears in Active Services for the ICM.
The example below shows an extract from an ICM instance profile with SSL and HTTPS port configuration.
... # SSL Configuration: Location of the SAP Cryptographic Library ssl/ssl_lib = $(DIR_EXECUTABLE)/libsapcrypto.so # https port configuration icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1 ...
See also: