Configuring an RFC Destination to use a Secure Network Connection (SNC) 

Prerequisites

When started from the SAPMMC, the J2EE Engine is running in a process owned by the user "SAPServiceC11" (this is the case only if you have not changed it during the installation). Therefore, you should use a certificate issued especially for this user. To activate a certificate, proceed as follows:

       1.      Copy the PSE file to a directory and make sure it can be accessed by the user who will later own the process.

       2.      Activate it with sapgenpse.exe and sapcrypto.dll (you need the PIN that protects the PSE file; the syntax is "sapgenpse seclogin –p filename -x pin –O user") – this creates a cred_v2-file.

Shutdown the PSE Management when using another PSE.

Procedure

       1.      In the J2EE Engine Visual Administrator, choose Server → Services → JCo RFC Provider →Runtime → SNC Settings.

       2.      Choose the Use SNC option to start the configuration process.

       3.      In the SNC Name field, enter the name of the SNC certificate owner. This is a specific string containing the user name and some additional product information. The normal format is: <name type>:<external name>

Examples of SNC names:

p:CN=miller, OU=ADMIN, O=SAP, C=DE

p/secude:CN=miller, OU=ADMIN, O

       4.      In the SNC Quality of Service dropdown menu, select one of the following options:

                            a.      Authentication Only– with this protection level, the system verifies the identity of the communication partners. This is the minimum protection level offered by SNC. No actual data protection is provided.

                            b.      Integrity Protection– with this protection level, the system detects any changes or manipulation of the data which may have occurred between the two end points of a communication. Integrity protection also includes authentication.

                            c.      Privacy Protection – with this protection level, the system encrypts the messages being transferred to make eavesdropping useless. Privacy protection also includes integrity protection of the data. This is the maximum level of protection provided by SNC.

                            d.      Default Protection

                            e.      Maximum Protection

       5.      In the SNC Library Path field, specify the path to the “secude.dll” library.

       6.      In the Authorization Partner field, enter the SNC name of the authorization partner. This name can be obtained from the SNC settings of the corresponding RFC destination configured in the ABAP system, for example.