Visual Admin settings/configuration for setting up...

Hi,

I want to set up https conection to my sap ep 7.0. I got self signed certificate (Actual certificate from verisign i will get later and before purchasing the certificate from CA I want to test my https connection and self signed certificate).

please let me know what all steps/configuration I have to do in visual admin and anywhere else (if needed) after getting self signed certificate so that I can access my sap ep 7.0 with https.

Also I have both ABAP stack and java stack for portal installed in the same physical machine, I went to the server and typed the linux commands needed to generate private key pair and csr(certificate signing request) and than self signed certificate I got.

is it correct steps i followed, please let me know.

thanks in advance..

SAP Managed Tags:
NW AS Java Administrator (NWA)

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (2)

Hi Rahul,

By default in SAP EP, HTTPS is enabled.

you can acess portal using HTTPS using port

5NN01

Thanks

Anil

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Anil,

what are the steps i need to do to use pre defined https connection u mentioned?

So you saying i need not generate key. CSR and certificate?

please let me know.. Also,

Hi Anil,

I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator

for setting up SSL connection into SAP EP. I have 2 queries into this

1) Can we generate private key, CSR and certificate either from visual admin way as described in the link above as well as from typing some simple linux commands (My sap ep is installed on linux) in case I do not want to go visual admin way.

wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

2) Suppose I followed the above link and in that at step 8, i do not want to buy certificate from verisign and all instead i want to have self signed certificate, how will I get self signed certificate after performing step 8

Hi Rahul,

Are you going to use this URL from internal LAN or you are going to expose this server on internet ??

Thanks

Anil

Hi Anil,

I guess my customer will use over LAN only, and even if they want to use over internet wat difference it actually makes ?

please clear my queries/doubt mentioned.

Hi Rahul,

1. If customer is going to use in lan, then i will suggest you to use default https setting i.e use URL as

http:/<hostname:5NN01/irj/portal

2. If your customer is going to use on internet, then i will suggest you to get valid certificate from any CA which need to be

imported in KEY STORE ADMINISTRATION.

Also one more thing , if customer is going to use on internet, why you are not going to webdispatcher which will help you for load balacing as well.

Thanks

Anil

Hi Anil,

1) I tried the link http://XXX:5NN01/irj/portal also http://XXX.companyname.com:5NN01/irj/portal but its not working. portal is not opening . (XXX = my portal host name)

Do I have to do any settings configurations for this in visual admin or some where else ?

Also

2) Just let me know if you can help me in generating self signed certificate after step 8 in the link I mentioned. I want to use self signed certificate as I do not want to buy the certificate from CA like verisign or so.

can you please help me on this !!!

3) why i can not use self signed certificate even if customer wants portal accessible over internet ? or why I can not use as suggested by you http://XXX:5NN01/irj/portal if customer wants portal accessible over internet ?

Hi Rahul,

1) I tried the link http://XXX:5NN01/irj/portal also http://XXX.companyname.com:5NN01/irj/portal but its not working. portal is not opening . (XXX = my portal host name)

using jcmon check whether HTTPS port is unable or not.

2) Just let me know if you can help me in generating self signed certificate after step 8 in the link I mentioned. I want to use self signed certificate as I do not want to buy the certificate from CA like verisign or so.

For https i don't think you can do self sign of certificate.

If you want save the cost of certificate, then you can utilise the IIS concept of Windows 2003 server.

There is option in Win 2003 server for generating the CSR certificate, which will be helpful you for saving the cost of certificate.

3) why i can not use self signed certificate even if customer wants portal accessible over internet ? or why I can not use as suggested by you http://XXX:5NN01/irj/portal if customer wants portal accessible over internet ?

Certificate which is signed internally using some tool like IIS or using standarded SAP HTTPS access over internet is not valid,

Reason is becuase this certificate is not valid to be browser, when you use this certificate you get NO VALID error in certificate , even you can use the URL, but the problem is your data will not be encrypted as this certificate is not valid for your browser.

Check in your browser setting you will get all the valid list of CA authority.

Thanks

Anil

Hi Anil.

Do you have any idea how to generate self signed certificate from SAP service market place by copying pasting the content of CSR file .

I think from sap service market place, you can generate self signed certificate by copying and pasting the content of your CSR file.

please let me know if u know this ?

Hi Rahul,

generate self signed certificate from SAP

it will not be called as selfsigned certificate, this certificate will be signed and issued by SAP.

There is 2 option

1. Test certificate.

2. Permanent certificate.

Test certificate has validity of 3 months

Permanent certificate need to be purchased from SAP.

Thanks

Anil

Hi Rahul,

As Olivier pointed out in the other thread, self signed certificates are generated through strust itself.

If you want signed certificate, then you goto marketplace with the url http://service.sap.com/tcs.

You have all the options to get the signed certificates.

Cheers...,

Raghu

Hi Anil

I am able to access my sap ep portal with the default sap EP HTTPS url (default connection that comes with sap ep 7.0, By default in SAP EP, HTTPS is enabled and we can acess portal using HTTPS using port 50001)

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

2) what harm will happen even if I use this default sap ep https url https://<hostname:50001/irj/portal, even when my customer decided to use portal over internet ? why i should not go for this default https url over internet? why do i have to buy certificate when this default url is working ? wat extra advantage that certificate will give me ?? to add into this why anyone should go for certificate method OR web dispatchet method when this default https url is already available in portal.

Why you people are also not using this default URL,to access your portal over LAN or internet and why you people also going for certificate method OR web dispatcher method when this default https url is already available in portal.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu,

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi raghu,

https://<hostname:50001/irj/portal, its working fine. my portal is opening. There is no need of signed certificate to be used.

Certificate is not coming into picture at all. Simply use this url and portal is opening up.

I have few queries:

1) how will I restrict user to use only this default https url that is end user can use either default http url http://<hostname:50000/irj/portal

or he can use default https url https://<hostname:50001/irj/portal, how will I restrict end user . I want they should always use https url only.

3)wat is web dispatcher method to configure https in portal ? can you please guide me on this ? I want to try this method also?

how web dispatcher method is different from certificate method ? Do we have to use certificate even in this web dispatcher method aslo ??

please let me know ?

Hi, Rahul Pradhan.

See the documentation: [Using Client Certificates for User Authentication|http://help.sap.com/saphelp_nw70/helpdata/en/62/881e3e3986f701e10000000a114084/content.htm] and [Configuring the Use of SSL on the J2EE Engine|http://help.sap.com/saphelp_nw70/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm].

Hope it helps.

Regards, Mikhail.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Mikhail,

I am following this sdn blog /people/aniket.tare/blog/2005/03/22/ssl-certificate-installation-procedure-for-sap-j2ee-engine-630-150-steps-in-visual-administrator

for setting up SSL connection into SAP EP. I have 2 queries into this

wat is the difference between this 2 process? which process should I go for, visual admin way OR typing linux commands to generate certificates?

Hi, Rahul Pradhan.

I never used Linux commands for generation certificates, so I can't help there.

Also, I've noticed that the blog you follow concerns SAP J2EE engine 6.30. But you use SAP J2EE engine 7.0.

Maybe you should follow more relevant documentation?

Regards, Mikhail.

Hi Mikhail,

I think the same document will work for sap jee 7.0 as well. I want to give a try to this on my sap j2ee 7.0

Just let me know if you can help me in generating self signed certificate after step 8 in the link I mentioned. I want to use self signed certificate as I do not want to buy the certificate from CA like verisign or so.

can you please help me on this !!!

Ask a Question

Top Q&A Solution Author

User

Count