Setting the Profile Parameters for Using
SSL 
...
1. Set the profile parameters SAP Web AS’s instance profile as shown in the tables below. If you used the recommended directory DIR_EXECUTABLE, then use the following values for the location of the SAP Cryptographic Library:
¡ On Unix: $(DIR_EXECUTABLE)/libsapcrypto.<ext>
¡ On Windows NT: $(DIR_EXECUTABLE)\sapcrypto.dll
Trust Manager Parameters
Profile Parameter |
Value |
Examples |
ssl/ssl_lib |
Path and file name of the SAP Cryptographic Library |
UNIX: /usr/sap/<SID>/SYS/exe/ Windows NT: <DRIVE>:\usr\sap\<SID>\ |
sec/libsapsecu |
Path and file name of the SAP Cryptographic Library |
UNIX: /usr/sap/<SID>/SYS/exe/ Windows NT: <DRIVE>:\usr\sap\<SID>\ |
ssf/ssfapi_lib |
Path and file name of the SAP Cryptographic Library |
UNIX: /usr/sap/<SID>/SYS/exe/ Windows NT: <DRIVE>:\usr\sap\<SID>\ |
ssf/name |
SAPSECULIB |
SAPSECULIB |
Ignore the warnings that the parameters are not known to the system.
ICM Parameters
Profile Parameter |
Value |
Examples |
icm/server_port_<xx> |
PROT=HTTPS,
PORT=<port>, TIMEOUT=<timeout_in_
|
PROT=HTTPS, PORT=1443, TIMEOUT=900
|
icm/HTTPS/verify_client |
0: Do not use certificates 1: Allow certificates (default) 2: Require certificates |
1 |
icm/http/j2ee_<xx> |
PREFIX=<uri-prefix>, [HOST=<host>,] CONN=<no_of_connects>, PORT=<port> |
PREFIX=/, CONN=0-10, |
The parameter
icm//HTTP/j2ee_<xx> is used for cases where the ICM directs
requests to a J2EE Engine. For more information, see 
icm/HTTP/j2ee_<xx>.
If icm/HTTPS/verify_client = 1, then any users who use Microsoft's Internet Explorer as their Web browser and who do not possess a client certificate will receive an empty certificate selection dialog box when they access the SAP Web Application Server. Therefore, if your users are not going to use client certificates for authentication, then set this parameter to the value 0.
2. Restart the application server or the ICM.
If you only make changes to the ICM parameters, then it suffices to only restart the ICM.