cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSL Enablement on ABAP/ JAVA

Former Member

on ‎02-03-2012 6:02 PM

0 Kudos

All,

I am not sure if this is the correct forum -

We are on PI 7.1 EHP1. SSL has to be enabled on this server.

As per Note 510007 (and also - http://help.sap.com/saphelp_nwpi711/helpdata/en/49/23501ebf5a1902e10000000a42189c/frameset.htm)

all the steps have been performed.

1. Install the SAP Cryptographic Library on the application server.

2. Set the profile parameters.

3. Create and maintain the SSL Server PSEs as follows:

a.Create the SSL server PSEs.

b.Generate a certificate request for each SSL server PSE.

c.Send the certificate requests to a CA to be signed.

d.Import the certificate request responses into the server's SSL server PSEs.

e.Maintain the SSL server PSE's certificate list.

We have done this on ABAP stack using - STRUST.

I have tested the https url - and is working.

Question:

1. Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.

When I am looking at the following doc (NW04):

http://help.sap.com/saphelp_nw04/helpdata/en/a6/98f73dbc570302e10000000a114084/frameset.htm

I see a step - "Assigning the Key Pair to Use for a Specific SSL Port".

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

prateek
Active Contributor
‎02-06-2012 2:11 AM
0 Kudos

>>Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.

What is your end to end scenario? Which adapter are you planning to use? Soap or HTTP, at sender or receiver?

>>The public key certificate that is signed and imported in this process has to be exchanged with the business partners - right - Am I correct?

We have to share our public key (created at out server and if required signed by certification authority) with the partner.

Regards,

Prateek Raj Srivastava

Show replies
Show replies
Former Member
‎02-06-2012 3:32 AM
0 Kudos

Hi Prateek,

We are using CIDX adapter - HTTPS protocol with the business partner.

when we create CSR request, what would be CSR request created against - actual server name (say Dev server for ex) or the public server name, (which is part of public url)?

If I get it signed against the name of the public server name, I can use the same public key across all the environments...Am I correct in my apporach?

Also, Prateek, Could you please look at my original post of this thread and share your thoughts.

prateek
Active Contributor
‎02-06-2012 3:43 AM
0 Kudos

If it is CIDX adapter, SSL should be enabled on J2EE. You have to create/install your certificate in NetWeaver Administrator and the public key should be sent to the partner.

http://help.sap.com/saphelp_nw04/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/content.htm

CSR is created against the server information and the your public key (created in your server). This is then sent to CA.

You can use the same certificate across, however, it is not a recommended practice. Test and Production level certificates must be different.

Regards,

Prateek Raj Srivastava

baskar_gopalakrishnan2
Active Contributor
‎02-03-2012 7:24 PM
0 Kudos

You can do either in STRUST TC in Abap stack or in the java stack.

>1. Where in the configuration - are we telling to use SSL port (say - 50001) against a keypair.

I believe the notes talk about java stack.

Go to Netweaver Administration in RWB --> configuration management -->certificates and keys

Show replies
Show replies
Former Member
‎02-03-2012 7:32 PM
0 Kudos

Gopal,

I did not find it "certificates and keys". Could you please help me.

I am looking for the step where it would say - use this keypair for the HTTPS port 50001.

And another question would be -

The public key certificate that is signed and imported in this process has to be exchanged with the business partners - right - Am I correct?

Help is greatly appreciated.

baskar_gopalakrishnan2
Active Contributor
‎02-03-2012 9:19 PM
0 Kudos

Login to NWA and do the mentioned steps.

>The public key certificate that is signed and imported in this process has to be exchanged with the business partners - right - Am I correct?

Yes.

Ask a Question