Salut Michel,

you must have some "PSE" (personal security environment) on your client side too. This is possible (but costly) using "NW-SSO" product of SAP.

Otherwise, you have to fizzle around with sapcryptolib/common cryptolib and supply a certificate for the client. As we have NW-SSO working, this is easy, but I don't know how to do it without.

In your cleint configuration you're using two different Libs for SNC. As GUI is still a 32-Bit application the 32-Bit common cryptolib should be sufficient.

Maybe if you do the same things with "sapgenpse" you did apparently on the server side, also on the client side to create a PSE on the client side helps?

Cordialement,

Jürgen

Edit:

Just because of curiosity:

I installed a recent cryptolib 32-Bit SAPCRYPTOLIBP_8435-20011731.SAR, then, after extracting it, on command prompt:

😆 cd D:\test\SAP\SAPCRYPTOLIBP_8435-20011731

😆 sapgenpse

...

  Environment variable $SECUDIR is not defined!

  Fallback selection of SECUDIR through APPDATA:

  "somewhere\Users\gaertner\AppData\Local\sec"

...

Aha. It expects the same stuff as the server does, but on a different location. So I extrported my X509-Cert from Firefox and put it in a PKCS12-file. On the prompt again:

😆 mkdir somewhere\Users\gaertner\AppData\Local\sec

😆 D:\test\SAP\WinX64_SAPCRYPTOLIBP_8430-20011729>sapgenpse import_p12 -p test.pse x:\somewhere\Certificate.p12

import_p12: MISSING password for PKCS#12 file "d:\work\JG\LUH.p12"

Please enter PKCS#12 encryption  password: ********

PKCS#12/PFX file contains 1 keypair:

  1. FriendlyName = "Leibniz Universitaet Hannover ID von Juergen Gaertner #2"

    X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)

    Subject="CN=Juergen Gaertner,...

Choose a PIN/Passphrase for your new PSE "somewhere\Users\gaertner\AppData\Local\sec\test.pse"

Please enter PSE PIN/Passphrase: *******

Please reenter PSE PIN/Passphrase: *******

!!! WARNING: For security reasons it is recommended to use a PIN/passphrase

!!! WARNING: which is at least 8 characters long and contains characters in

!!! WARNING: upper and lower case, numbers and non-alphanumeric symbols.

So the PSE is generated in "somewhere\Users\gaertner\AppData\Local\sec\test.pse". Now we have to create the credentials:

TT

😆 D:\test\SAP\WinX64_SAPCRYPTOLIBP_8430-20011729>sapgenpse seclogin -p test.pse

which creates "somewhere\Users\gaertner\AppData\Local\sec\cred_v2". Now, we can start the SAPgui using SNC-Syntax:

😆 set SNC_LIB=D:\test\SAP\WinX64_SAPCRYPTOLIBP_8430-20011729\sapcrypto.dll

😆 "C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPgui.exe" SNC_PARTNERNAME="p:Distinguish Name of Server" SNC_QOP=9 /H/Server-IP/S/sapdp00

et voila, ca marche...

Message was edited by: Jürgen Gärtner