Show TOC Start of Content Area

This graphic is explained in the accompanying text Managing the Credentials and Trusted Certificates to Use SSL  Locate the document in its SAP Library structure

Use

The SSL Provider service also can use the certificates that are generated by the Key Storage service.

Note

You can manage the SSL Provider on both the server and dispatcher nodes. The changes made on the server node apply over all the SSL ports, until the changes made over the dispatcher node SSL Provider are applied only to the dispatcher’s port.

For more information about the Key Storage service, see Managing Keystore Entries.

Prerequisites

The Key Storage service is started on all nodes.

The SSL Provider service on the dispatcher node is started.

Procedure

...

...

...

       1.      Select the socket that you want to configure on the SSL Provider service Runtime tab.

       2.      Select the communication container from the left-hand side list of available communication containers.

       3.      Select the type of socket factory to apply the settings to. You can configure:

...

                            a.      Settings to use for newly created sockets – choose New Sockets.

                            b.      Settings to use for the active sockets – choose Active Sockets. Select the desired IP address and the port it is bound to from Configuration.

Managing Cipher Suites

If the client has the same cipher suites as the ones included in the SSL Provider, you can use it during the handshake phase. On the Cipher Suite tab you can add or remove such suites. Also you can set their priority, that is, you can define the order in which the cipher suites are used.

Managing Credentials

In this tab you can manage the credentials that are used by the SSL Port. If the newly added credentials are of the same type as those that have been already set, the latter are replaced.

Example

If the active socket is configured on port 443 (the port for SSL protocol), all connections using HTTPS use these credentials.

Managing Client Authentication

Choose the Client Authentication tab. You can choose between the following options:

Option

Description

Further Steps

Do not request client certificate

The system does not require the client to give a client certificate during the handshake, although the client can provide it.

 

Request client certificate

The server requests a certificate but the certificate is not required. If the client has a certificate it is sent with the request; otherwise, the system reverts to Basic Authentication. Also, the server only accepts certificates that have been issued by a trusted CA, meaning that the CA’s root certificate has been marked as trusted.

If there are no certificates applied, a warning message is displayed.

Choose Add and select the certificate you want to mark as trusted. Then choose OK.

Require client certificate

The server requests a certificate and the client must send one. Also, the certificate that the client sends must have been issued by a trusted CA.

If there are no certificates applied, a warning message is displayed.

Choose Add button and select the certificate you want to mark as trusted. Then choose OK.

Note

When you add a new certificate, note that each of these entries contains a single public-key certificate that belongs to another party. By importing this certificate as a trusted certificate, you indicate that you trust the owner of this certificate is the identity specified in the certificate’s subject.

 

 

End of Content Area