Specifying that a Connection Should Use SSL (SAP Library

Specifying that a Connection Should Use SSL

Use

Use the following procedure to specify the connections that should use SSL when the SAP Web AS is the client component in the connection.

Prerequisites

The HTTP destination for the connection is defined in transaction SM59.

Procedure

Using the maintenance transaction for RFC destinations (SM59):

From the RFC destination tree, select the HTTP destination to modify.

Details about the RFC destination appear.

Select the Logon/Security tabstrip.
If the target system is an SAP System, then select the logon method to use.

When you activate SSL with client authentication (see step 4), then the logon method that you specify here is only used if the server that you are connecting to is not configured to accept client authentication. The following options are available:

Basic Authentication
SAP Standard (logon tickets)
SAP Trusted System (RFC trusted systems)

Under SSL, select Active and enter the name of the SSL client PSE to use in the field provided, for example, DFAULT (standard), ANONYM (anonymous), or the name of one of your individual SSL client PSEs.

Note

If you select the standard or an individual SSL client PSE, then the system will attempt to use SSL with mutual authentication. However, if the server you are connecting to is only configured for SSL with server authentication, then the system reverts to the logon method that you specified above (in step 3).

If you select the anonymous SSL client PSE, then the SSL connection is set up for SSL with server authentication only and the system will use the logon method that you specified above.

If you want to protect the use of the connection with an authorization, enter the value of the activity allowed in the Authorization field. The system then checks for the authorization when the destination is used. The authorization object used is S_ICF.

Example

For example, if you enter the value CHECK, then the system checks for this value in the user's authorizations when he or she uses this HTTP destination. In this case, the user must have the following authorization: S_ICF-ICF_FIELD = 'DEST' and S_ICF-ICF_VALUE = 'CHECK' to be able to use the HTTP destination.

Result

The system will use HTTPS connections for this destination using the client identity contained in the SSL client PSE that you specify.