Setting the SNC Profile Parameters
Use
The last step in the configuration procedure on the AS ABAP is to set the SNC-relevant profile parameters.
Setting the profile parameter snc/enable to 1 activates SNC on the application server. If this parameter is set but the SNC PSE and credentials do not exist, then the application server will not start. Therefore, setting the SNC parameters should be the last step in the configuration procedure.
Prerequisites
The SNC PSE and the corresponding credentials exist for the application server.
Procedure
...
1. Set the following profile parameters on the application server so that the server can communicate using SNC.
There are additional parameters, but the most important ones are listed below. For a complete list, see Profile Parameter Settings on AS ABAP.
SNC Profile Parameters
Profile Parameter |
Value |
Example |
snc/enable |
1 |
1 |
snc/gssapi_lib |
Path and file name where the SAP Cryptographic Library is located |
UNIX: usr/sap/<SID>/SYS/exe/ Windows: D:\usr\sap\<SID>\SYS\exe\run\sapcrypto.dll |
snc/identity/as |
Application server's SNC name Syntax: p:<Distinguished_Name>
The Distinguished Name part must match the Distinguished Name that you specify when creating the SNC PSE. |
p:CN=ABC, OU=Test, O=MyCompany, C=US |
snc/data_protection/max |
1: Authentication only 2: Integrity protection 3: Privacy protection |
3 |
snc/data_protection/min |
1: Authentication only 2: Integrity protection 3: Privacy protection |
1 |
snc/data_protection/use |
1: Authentication only 2: Integrity protection 3: Privacy protection 9: Use the value from snc/data_protection/max |
9 |
snc/accept_insecure_cpic |
0: do not accept 1: accept |
1 |
snc/accept_insecure_gui |
0: do not accept 1: accept |
1 |
snc/accept_insecure_r3int_rfc |
0: do not accept 1: accept |
1 |
snc/accept_insecure_rfc |
0: do not accept 1: accept |
1 |
2. Restart the application server.
Result
The application server can use SNC.