SNC Scenario 2: Using Individual Key Pairs for Components

Use

In this scenario, you create an individual key pair to use for each component. To establish the necessary trust relationships between these components, you must exchange the corresponding public-key certificates. For each of the servers, export the server's public-key certificate and import it into its partner's PSE or key store. See the graphic below for an example between an AS ABAP and an AS Java.

Note

For SNC between server components, it is sufficient to use self-signed certificates because you always configure explicit communication partners.

Figure 1: Using Individual Key Pairs and Exchanging Public-Key Certificates

Advantages

Security and transparency are increased. Each component possesses its own security identity and information.
Problem analysis is also more transparent. Error messages and trace information contain the component's security identity, and because this information is no longer shared, it is easier to isolate problems if they occur.

Disadvantages

The initial administration tasks are more complex. To establish the necessary trust relationships, you must exchange the public-keys belonging to each of the communication partners for each communication path.