The server possesses a public and private key pair and public-key certificate.
The SSL protocol uses public-key technology to provide its protection. Therefore, the server must possess a public and private key pair and a corresponding public-key certificate. It must possess one key pair and certificate to identify itself as the server component and if it is to identify itself as a client component, another key pair and certificate. These key pairs and certificates are stored in the Personal Security Environments (PSEs) of the server, the SSL server PSE and the SSL client PSE, respectively.
For more information, see Public-Key Technology.
Use the Secure Sockets Layer (SSL) protocol to secure HTTP connections to and from SAP NetWeaver Application Server for ABAP. When using SSL, the data being transferred between the two parties (client and server) is encrypted and the two partners can be authenticated. For example, if a user must transfer his or her account information, then you can use SSL to authenticate the user and encrypt the information during transfer.
There are also templates available for automating some of the configuration tasks and for validating the configuration. For more information, see http://service.sap.com/instguides .
In Configuration of RFC Connections (transaction SM59), you define the HTTP destinations for SAP NetWeaver Application Server for ABAP. In these destinations, you can specify whether SSL is used for the connection and which SSL client PSE the server should use.
For more information, see Specifying that a Connection Should Use SSL.
If SSL with mutual authentication should be used for the configuration, then maintain a mapping between the identity found in the client certificate used for the connection and the user ID to use for the connection. Maintain this mapping in the table USREXTID in the target system.
For more information, see Maintaining the User Mapping for Incoming Connections that Use Authentication.
After completing the configuration, make sure that application or scenario-specific configuration changes are also made. Examples of changes that may be necessary include:
Changing the protocol from HTTP to HTTPS in URLs or other parameters.
Changing the hostname from a short name to a full-qualified hostname in URLs or other parameters.
Changing the HTTP port to the target HTTPS port in URLs or other parameters.
For more information, see the application or scenario-specific configuration documentation.
See also SAP Note 1527879 for more information about switching from HTTP to HTTPS in a complete landscape.