The S ecure S ockets L ayer Protocol (SSL protocol) is used for secure communication through the TREX Java client between the TREX components and the Java application using TREX (for example, SAP Enterprise Portal). For communication among the TREX servers, the TREXNet is used. This is a special protocol developed for TREX-internal communication. Like HTTP, it is based on TCP/IP. You then configure TREXNet for secure communication.
SSL with client authentication ensures:
Confidentiality - The data is transmitted in encoded form and cannot be intercepted.
Data integrity - The recipient can be sure that the transmitted data cannot be changed during the transmission.
Authentication - The communication partners know with whom they are communicating.
Secure communication is based on the use of electronic certificates. A certificate contains the public key of the owner and information on the owner, for example, his or her name (common name), organizational unit, or e-mail address. Certificates are issued by a certification authority (CA) that confirms the identity of the certificate's owner. The public and private certificates of the certificate owner are kept in a keystore ( P ersonal S ecurity E nvironment or PSE) that is protected by a password.
The two communication partners can then encrypt their messages before sending them. Administrators provide the necessary certificates. They also configure the security settings for the components and modify security-relevant parameters in the TREX configuration files.
If you have distributed the TREX installation on several hosts, you have to carry out the configuration steps listed in this documentation on each separate host. The hosts have to authenticate themselves to each other in order to ensure secure communication. For detailed information about the distributed installation of TREX, see SAP Service Marketplace at.
In your enterprise, you have built up a public key infrastructure with your own CA that issues certificates.
You are working with any organization that offers the issuing of certificates.
Secure Communication Areas
There are the following areas of secure communication between the TREX components and the application using TREX:
Secure communication using HTTPS between the TREX Preprocessor and the Web Server of the Application (HTTPS)
Secure communication using HTTPS between the TREX Web Server and the TREX Java Client (HTTPS)
Secure communication using HTTPS between the TREX Web Server and the TREX Name Server (HTTPS)
The graphic below gives an overview of the components involved and the communication methods used.