Show TOC Start of Content Area

Function documentation Using the Secure Sockets Layer Protocol with the AS ABAP  Locate the document in its SAP Library structure

Use

You can use the Secure Sockets Layer (SSL) protocol to secure HTTP connections to and from the SAP Web Application Server. When SSL is used, the data being transferred between the two parties (client and server) is encrypted and the two partners can be authenticated. For example, if a user must transfer his or her account information, then you can use SSL to authenticate the user and encrypt the information during transfer.

Note

Users that access a service that is protected with SSL use the prefix https: in the URL instead of http:.

Prerequisites

      The server possesses a public and private key pair and public-key certificate.

The SSL protocol uses public-key technology to provide its protection. Therefore, the server must possess a public and private key pair and a corresponding public-key certificate. It must possess one key pair and certificate to identify itself as the server component and another key pair and certificate if it is to identify itself as a client component. These key pairs and certificates are stored in the server's own Personal Security Environments (PSEs), the SSL server PSE and the SSL client PSE, respectively. (For more information, see Public-Key Technology.)

      You are authorized to receive the SAP Cryptographic Library.

Caution

The distribution of the SAP Cryptographic Library is subject to and controlled by German export regulations and is not available to all customers. In addition, the library may be subject to local regulations of your own country that may further restrict the import, use and (re-)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.

Features

By supporting SSL, the AS ABAP can provide the following:

      Server-side authentication

With server-side authentication, the server identifies itself to the client when the connection is established, which reduces the risk of using "fake" servers to gain information from clients.

      Client-side authentication

With client-side authentication, the client identifies itself when the connection is established. You can use SSL client-side authentication, for example, to authenticate users instead of using user IDs and passwords.

      Mutual authentication

In this case, both the server and the client are authenticated.

      Data encryption

In addition to authenticating the communication partners, the data being transferred between the client and server is encrypted, which provides for integrity and privacy protection. An eavesdropper cannot access or manipulate the data.

Integration

Use the following functions to maintain the server's SSL information:

      Profile parameter maintenance (transaction RZ10)

      Trust manager (transaction STRUST)

For more information, see Using the Trust Manager.

      RFC destination maintenance (transaction SM59)

      ICM Monitor (transaction SMICM)

For more information, see Monitoring the ICM with the ICM Monitor.

      Configuration tool sapgenpse (for configuring a stand-alone SAP Web Dispatcher)

See also:

For more information about public-key technology and SSL, see:

      Public-Key Technology

      Terminology and Abbreviations

End of Content Area