Show TOC Entering content frame

Procedure documentation Configuring the SAP Web AS for Supporting SSL

Prerequisites

·        The SAP Cryptographic Library is installed in the $(DIR_EXECUTABLE) directory on the application server. (See Structure linkInstalling the SAP Cryptographic Library.)

Note

If the SAP Cryptographic Library is not installed, then the SSL Server PSE and SSL Client PSE nodes are not included in the trust manager's PSE status section.

·        The following profile parameters are specified in the application server's instance profile. These parameters are normally set during the installation, however, you may want to adjust their default values.

Parameter

Value

icm/server_port_<xx>

HTTPS port

icm/HTTPS/verify_client

0:   Do not use certificates

1:   Allow certificates (default)

2:   Require certificates

Caution

If icm/HTTPS/verify_client = 1, then any users who use Microsoft's Internet Explorer as their Web browser and who do not possess a client certificate will receive an empty certificate selection dialog box when they access the SAP Web Application Server. Therefore, if your users are not going to use client certificates for authentication, then set this parameter to the value 0.

Note

If you make changes to any of the icm profile parameters, then restart the ICManager.

Example

Example Parameters:

icm/server_port_2        PROT=HTTPS, PORT=443, TIMEOUT=15

icm/HTTPS/verify_client  1

Procedure

Creating the SSL Server PSEs

Perform the following to create and maintain the SSL server PSE:

...

       1.      Structure linkCreate the SSL server PSEs.

       2.      Structure linkGenerate a certificate request for each SSL server PSE.

       3.      Structure linkSend the certificate requests to a CA to be signed.

       4.      Structure linkImport the certificate request responses into the server's SSL server PSEs.

       5.      Structure linkMaintain the SSL server PSE's certificate list.

Creating the SSL Client PSEs

Perform the following to create and maintain the SSL client PSEs:

       6.      Structure linkRepeat the procedure for the standard SSL client PSE.

       7.      If you want the application server to be able to use the anonymous identity to communicate with other Web servers, then Structure linkrepeat the procedure for the anonymous SSL client PSE.

       8.      If you want the application server to be able to use individual identities to communicate with other Web servers using SSL, then Structure linkcreate individual SSL client PSEs.

Defining Which SSL Client PSE to Use

       9.      In transaction SM59, you define the HTTP destinations for the SAP Web Application Server. In these destinations, you can specify whether SSL should be used for the connection and which SSL client PSE the server should use. See Structure linkSpecifying that a Connection Should Use SSL.

 

   10.      Restart the ICManager to make sure that any changes take effect.

 

 

 

Leaving content frame