SSL Scenario 1: Establishing Trust for Server-Side Authentication
In this case, the client component needs to verify the identity of the server component, however, it is not necessary for the server to verify the identity of the client component. To establish the trust relationship for this type of connection when using either of the security products provided by SAP, we recommend the following:
-
Generate the key pair on the server component.
-
Use a public-key certificate that is signed and issued by a CA. In this way, it is easier to establish trust on the client components.
If you use a self-signed certificate for SSL, then each client has to import the server's public-key certificate to establish the trust relationship.
-
Make sure the client components trust the issuing CA. Most Web browsers are provided with a list of well-known CAs, however, if you are working with other client components, you must import the CA's root certificate on this component.
See the figures below for examples for establishing trust between a Web browser client and an AS ABAP or AS Java server, for server-side authentication only, and using a certificate that is signed by a CA.
Using this process, the AS ABAP receives a public-key certificate that is signed by a CA. If the client trusts the CA that issued the AS ABAP its certificate, then trust to the AS ABAP is also established and the client can communicate with the server using a secured connection.