Show TOC

SSL Scenario 1: Establishing Trust for Server-Side AuthenticationLocate this document in the navigation structure

In this case, the client component needs to verify the identity of the server component, however, it is not necessary for the server to verify the identity of the client component.

To establish the trust relationship for this type of connection when using either of the security products provided by SAP, we recommend the following:

  • Generate the key pair on the server component.

  • Use a public-key certificate that is signed and issued by a CA. In this way, it is easier to establish trust on the client components.

    If you use a self-signed certificate for SSL, then each client has to import the public-key certificate of the server to establish the trust relationship.

  • Make sure the client components trust the issuing CA. Most Web browsers are provided with a list of well-known CAs, however, if you are working with other client components, import the root certificate of the CA on this component.

See the figures below for examples for establishing trust between a Web browser client and SAP NetWeaver Application Server, for server-side authentication only, and using a certificate that is signed by a CA.

Figure 1: Establishing Trust Between a Web Browser Client and SAP NetWeaver Application Server for ABAP
Figure 2: Establishing Trust Between a Web Browser Client and SAP NetWeaver AS for Java

Using this process, SAP NetWeaver Application Server receives a public-key certificate that is signed by a CA. If the client trusts the CA that issued the certificate to SAP NetWeaver Application Server, then trust to SAP NetWeaver Application Server is also established and the client can communicate with the server using a secured connection.