Show TOC

Encrypting Internal Server Communication of SAP NetWeaver Application Server ABAPLocate this document in the navigation structure

As an alternative to the use of access control lists (ACL), SAP NetWeaver Application Server ABAP (SAP NetWeaver AS) enables you to set up a simple public-key infrastructure (PKI) to secure the communication between internal components of a system.

Prerequisites

This procedure requires you to restart the system. Plan for the required downtime.

Context

After enabling the profile parameter system/secure_communication, SAP NetWeaver AS creates a PKI to encrypt communication among internal components with Secure Sockets Layer (SSL). All instances of the server are integrated into the PKI and receive an instance-specific certificate with a private key. The instances use the private key to authenticate and encrypt system internal communication with other system instances.

The system automatically renews these certificates when they expire, removing any administration overhead. The system stores the root PSE file on the secure store. All other related PSE files are encrypted with a PIN and stored in the secure store as well.

Using SSL to encrypt internal communication results in a higher CPU consumption, which can have an impact on performance. Once enabled, external components that directly access internal ports of server components can no longer connect to those components.

For more information about known limitations and required adaptations, see SAP Note 2040644 Information published on SAP site.

Procedure

  1. Stop all instances of the system.
  2. Add the following profile parameter to the default profile of the system.
    system/secure_communication = ON
  3. Restart all SAP Start Services of all instances of the system.
  4. Restart the system.
Related Information