Show TOC

Procedure documentationConfiguring the AS ABAP for Supporting SSL Locate this document in the navigation structure


Use this procedure to configure the AS ABAP to support SSL.

Note Note

There are also templates available for automating some of the configuration tasks and for validating the configuration. For more information, see  Installation and Upgrade Guides   SAP Business Suite Applications   Cross-Applications Tools   Automated Configuration  .

End of the note.


You have downloaded the SAP Cryptographic Library. For more information, see The SAP Cryptographic Library Installation Package.


  1. Install the SAP Cryptographic Library on the application server.

  2. Set the profile parameters.

  3. Create and maintain the SSL Server PSEs as follows:

  4. Creating the SSL client PSEs as follows:

    1. Repeat the procedure for the standard SSL client PSE.

    2. If you want the application server to be able to use the anonymous identity to communicate with other Web servers, then repeat the procedure for the anonymous SSL client PSE.

    3. If you want the application server to be able to use individual identities to communicate with other Web servers using SSL, then create individual SSL client PSEs.

  5. Define which SSL client PSE to use for each connection as follows:

    1. In transaction SM59, you define the HTTP destinations for the AS ABAP. In these destinations, you can specify whether SSL should be used for the connection and which SSL client PSE the server should use. See Specifying that a Connection Should Use SSL.

    2. If SSL with mutual authentication should be used for the configuration, then you must also maintain a mapping between the identity found in the client certificate used for the connection and the user ID to use for the connection. Maintain this mapping in the table USREXTID in the target system. See Maintaining the User Mapping for Incoming Connections that Use Authentication.

    3. Restart the ICM to make sure that any changes take effect.

  6. Test the connections.

Note Note

After completing the configuration, make sure that application or scenario-specific configuration changes are also made. Examples of changes that may be necessary include:

  • Changing the protocol from HTTP to HTTPs in URLs or other parameters.

  • Changing the hostname from a short name to a full-qualified hostname in URLs or other parameters.

  • Changing the HTTP port to the target HTTPs port in URLs or other parameters.

End of the note.

For more information, see the application or scenario-specific configuration documentation.

More Information

See also SAP Note 1527879 for more information about switching from HTTP to HTTPS in a complete landscape.