As an alternative to the use of access control lists (ACL), SAP NetWeaver Application Server ABAP (SAP NetWeaver AS) enables you to set up a simple public-key infrastructure (PKI) to secure the communication between internal components of a system.
After enabling the profile parameter system/secure_communication, SAP NetWeaver AS creates a PKI to encrypt communication among internal components with Secure Sockets Layer (SSL). All instances of the server are integrated into the PKI and receive an instance-specific certificate with a private key. The instances use the private key to authenticate and encrypt system internal communication with other system instances.
The system automatically renews these certificates when they expire, removing any administration overhead. The system stores the root PSE file on the secure store. All other related PSE files are encrypted with a PIN and stored in the secure store as well.
Using SSL to encrypt internal communication results in a higher CPU consumption, which can have an impact on performance. Once enabled, external components that directly access internal ports of server components can no longer connect to those components.
For more information about known limitations and required adaptations, see SAP Note 2040644 .