SSF Parameters
The following parameters define the SSF configuration on the front ends and on the application servers:
SSF Parameters
Parameter |
Description |
Path and file name of the SSF library |
|
|
Message Digest Algorithm |
|
|
Symmetric Encryption Algorithm |
|
|
Trace level for recording SSF activities |
|
SSF_NAME (as of Release 4.5B) |
Name of the
security product |
For complete descriptions and default values, see the documentation for each of the individual parameters.
Defining the SSF Parameters on the Front End Computers
On the front ends, you can specify the SSF parameters either in environment variables (as of Release 4.5A) or in the SSF initialization file ssfrfc.ini. For more information about using ssfrfc.ini, see The SSF Initialization File.
Entries in the SSF initialization file override those in environment variables. If no entries exist in either environment variables or in the ssfrfc.ini, the system uses the default values.
Defining the SSF Parameters on the Application Servers
On the application servers, you can use either environment variables (as of Release 4.5A) or profile parameters to specify the SSF information. Profile parameters values override those in environment variables. If you do not use either option, then the system uses the default values.
Defining SSF Parameters when Using Several Security Products (Application Servers Only)
As of Release 4.5B, you can use up to three different security products for different applications. To differentiate between the SSF parameters for each application, there are three sets of SSF parameters that you can define on the application servers. The syntax for these parameter sets are as follows:
· Environment variables:
¡ Product 1: SSF_...
¡ Product 2: SSF2_...
¡ Product 3: SSF3_...
· Profile parameters:
¡ Product 1: ssf/...
¡ Product 2: ssf2/...
¡ Product 3: ssf3/...
Note however, that you can only install multiple security products on the application servers. You can only configure a single product on the front ends.
The SAP ArchiveLink II HTTP content server 4.5 interface uses SAPSECULIB as the security provider to create digital signatures. In Quality Management, a security product <product> is used for signing inspection lots. This product also uses a different hash algorithm for creating digital signatures than SAPSECULIB. The following application server profile parameter definitions specify different values for each of these applications.
Example of Application Server Profile Parameters when Using Different Products
Application: SAP ArchiveLink II HTTP content server 4.5 interface
Product: SAPSECULIB |
|
Parameter |
Value |
ssf/ssfapi_lib |
Name and location of the SAPSECULIB library libssfso |
|
ssf/name |
SAPSECULIB |
ssf/ssf_md_alg |
MD5 |
Application: Quality Management
Product: <product> |
|
Parameter |
Value |
ssf2/ssfapi_lib |
Name and location of the product's library |
|
ssf2/name |
<product> |
ssf2/ssf_md_alg |
SHA1 |
In addition, use transaction SSFA to specify the <product> for the application quality certificate handling. For more information, see Maintaining Application-Specific Information.
We describe the individual parameters in the topics that follow.