Using the SAP Cryptographic Library for SNC
The SAP Cryptographic Library is the default security product delivered by SAP for performing encryption functions in SAP systems.
For example, you can use it for providing Secure Network Communications (SNC) between
various SAP server components or for using the Secure Sockets Layer (SSL) protocol with
the AS ABAP. For more information on the SAP Cryptographic Library, see SAP Note
1848999 
.
This documentation describes using the SAP Cryptographic Library for SNC.
For more information about using the library for SSL, see Configuring the AS ABAP for Supporting SSL.
You can use the SAP Cryptographic Library for client encryption as well. For more information, see the related link.
If you want to provide Single Sign-On, you must have a license for SAP NetWeaver Single Sign-On (see SAP Note 1808526 or the SAP NetWeaver Single Sign-On starting page.
When using the SAP Cryptographic Library for SNC, the following information is necessary for the communication infrastructure:
- The server and its communication partners must be configured for using SNC.
- The server must possess a public and private key pair and public-key certificate, which is stored in the server's Personal Security Environment (PSE). Although you may obtain a certificate from a trusted Certification Authority (CA), for easier administration we recommend using a certificate that is signed by the server itself (self-signed). This documentation refers only to configuring the server when using a self-signed certificate.
- At run-time, the server must have active credentials. This is accomplished by using the configuration tool to "open" the server's PSE.
- The server must be able to verify its communication partner's identity. This is accomplished by importing the partner's public-key certificate into the server's own certificate list. As an alternative, you can use the same PSE for all server components. For examples of these scenarios, see:
The SAP Cryptographic Library may be subject to local regulations of your own country that may further restrict the import, use and (re-)export of cryptographic software. If you have any further questions on this issue, contact your local SAP subsidiary.