Show TOC

Procedure documentationSetting the Profile Parameters for Using SSL Locate this document in the navigation structure

Procedure

  1. Set the profile parameters in AS ABAP's instance profile as shown in the tables below. If you used the recommended directory DIR_EXECUTABLE, then use the following values for the location of the SAP Cryptographic Library:

    • Unix: $(DIR_EXECUTABLE)/libsapcrypto.<ext>

    • Windows: $(DIR_EXECUTABLE)\sapcrypto.dll

    Trust Manager Parameters

    Profile Parameter

    Value

    Examples

    ssl/ssl_lib

    Path and file name of the SAP Cryptographic Library

    UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so

    Windows: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll

    sec/libsapsecu

    Path and file name of the SAP Cryptographic Library

    UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so

    Windows: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll

    ssf/ssfapi_lib

    Path and file name of the SAP Cryptographic Library

    UNIX: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so

    Windows: <DRIVE>:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll

    ssf/name

    SAPSECULIB

    SAPSECULIB

    ssl/ciphersuites (optional)

    List of available cipher suites.

    For more information, see SAP Note 510007.

    !eNULL:MEDIUM:HIGH:LOW:EXPORT

    Note Note

    Ignore the warnings that the parameters are not known to the system.

    End of the note.
    ICM Parameters

    Profile Parameter

    Value

    Examples

    icm/server_port_<xx>

    PROT=HTTPS, PORT=<port>,TIMEOUT=<timeout_in_ seconds>

    PROT=HTTPS, PORT=1443, TIMEOUT=900

    icm/HTTPS/verify_client

    0: Do not use certificates

    1: Allow certificates (default)

    2: Require certificates

    1

    icm/http/j2ee_<xx>

    PREFIX=<uri-prefix>, [HOST=<host>,] CONN=<no_of_connects>,PORT=<port>[, SSLENC=<n>,TYPE=<t>,CRED=<file>,SPORT=<HTTPS-port> ]

    PREFIX=/, CONN=0-10,PORT=50000,SPORT=50003,SSLENC=1,TYPE=2,CRED=SAPSSLC.pse

    Note Note

    The parameter icm/HTTP/j2ee_<xx> is used for cases where the ICM directs requests to an AS Java. For more information, see icm/HTTP/j2ee_<xx>.

    End of the note.

    Note Note

    If icm/HTTPS/verify_client = 1, then any users who use Microsoft's Internet Explorer as their Web browser and who do not possess a client certificate will receive an empty certificate selection dialog box when they access the AS ABAP. Therefore, if your users are not going to use client certificates for authentication, then set this parameter to the value 0.

    End of the note.

  2. Restart the application server or the ICM.

    Note Note

    If you only make changes to the ICM parameters, then it suffices to only restart the ICM.

    End of the note.