SSL Administration in a Dual-Stack Installation 

SSL communications are handled by the Internet Communication Manager (ICM) for both the AS Java and the AS ABAP servers in a dual-stack system. However, the administration tools and infrastructure for each stack are different and therefore, in a dual-stack installation, you should only perform the configuration and administration activities using one set of tools.

The tool to use is dependent on the profile parameter ssl/pse_provider. If the profile parameter is set to ABAP, then use the trust manager on the AS ABAP to maintain the SSL PSEs. If it is set to JAVA, use the Key Storage service on the AS Java for maintaining the SSL keystore entries. Note the following:

·        The parameter applies to all SSL PSEs (both client and server).

·        The parameter is set by default according to the type of installation (AS ABAP only, AS Java only, or dual-stack). For a dual-stack installation, the default is ABAP.

·        If you change the value of this parameter after maintaining SSL PSEs or keystore entries, and later maintain the information using the other tool, then you may get unexpected results due to conflicting PSEs.

If you initially maintain the PSEs on the AS ABAP using the trust manager and then change the value of the parameter to JAVA, then the PSEs that you created on the AS ABAP will no longer be visible in the trust manager. However, they do still exist on the server and will be distributed to the system's application servers using the AS ABAP distribution mechanisms. This process could in turn overwrite any PSEs that were created using the Key Storage service.