We have small requirement for our AS ABAP for SSL implementation, we need this because we need Secure Coomunication between backend (ECC) and SAP EP (AS JAVA).
For our customer side, they are already buy Public Key from Thawte Inc and we can directly assign in their system (Non SAP and SAP).
First of all, we need Public Key (zip file) from Our customer , password of Public Key so we can deploy at Our SAP system.
Lets start it
In this step we already create PSE (please check at SAPSSL.pse at that directory), but we are not finish yet....
We need generate cred_v2 for running SSL at particular port (for example 8001 by user root)
please run this command by user root.
we need add user <sid>adm which can run SSL at particulat port.
OK...in this case, we almost done..
back to SAP gui, please restart services SSL by tcode SMICM and make sure you have configured this parameters :
Done..enjoy the SSL.
For our customer side, they are already buy Public Key from Thawte Inc and we can directly assign in their system (Non SAP and SAP).
First of all, we need Public Key (zip file) from Our customer , password of Public Key so we can deploy at Our SAP system.
Lets start it
- if we chek at ABAP with transaction code STRUST, we dont configure SSL anything!!!
- Please download sapgenpse,libcrypto.so from http://service.sap.com based on your OS
- Please ask the customer, we need Public Key from Thawte for example xxxsslkey.p12
- After download sapgenpse, libcrypto.so from SMP, you have to copy both files to /usr/sap/SID/DVEBMGS00/sec
- Copy xxxsslkey.p12 to /usr/sap/SID/DVEBMGS00/sec
- please make sure this environment configured, if not you can set now by :
- #export LIBPATH=/usr/sap/SID/DVEBMGS00/sec
- #export SECUDIR=/usr/sap/SID/DVEBMGS00/sec
- In the console you need run this command
#export SECUDIR=/usr/sap/SID/DVEBMGS00/sec
#./sapgenpse import_p12 -p /usr/sap/SID/DVEBMGS00/sec/SAPSSLC.pse /usr/sap/SID/DVEBMGS00/sec/xxxsslkey.p12after you execute those command, you will receive this
You have to put xxxsslkey.p12 password (ask the customer or Thawte consultan) , after you put the password you receive the messageimport_p12: MISSING password for PKCS#12 file "/usr/sap/DEV/DVEBMGS00/sec/axisworld.p12"
Please enter PKCS#12 encryption password: *************PKCS#12/PFX file contains 1 keypair:
PIN, you need put PIN here, PIN is free, you can fill anything, its best idea, same with password.1. FriendlyName = "<none>"
X.509v3 (type=Both) RSA-2048 (signed with sha1WithRsaEncryption)
Subject="CN=*.domain.co.id, OU=IT, O=Company, L=Jakarta Selatan, SP=DKI Jakarta, C=ID"
Issuer ="CN=Thawte SSL CA, O="Thawte, Inc.", C=US"
Choose a PIN for your new PSE "/usr/sap/SID/DVEBMGS00/sec/SAPSSLC.pse"
Please enter PIN: *************
Please reenter PIN: *************
In this step we already create PSE (please check at SAPSSL.pse at that directory), but we are not finish yet....
We need generate cred_v2 for running SSL at particular port (for example 8001 by user root)
please run this command by user root.
we need add user <sid>adm which can run SSL at particulat port.
#./sapgenpse seclogin -p SAPSSL.pse -x <PIN> -O <sid>admafter you can run this command, you will receive
running seclogin with USER="root"after successfully runned, you need check file cred_v2, you must see file cred_v2
creating credentials for secondary user "<sid>adm" ...
Added SSO-credentials for PSE "/usr/sap/SID/DVEBMGS00/sec/SAPSSLC.pse"
"CN="
OK...in this case, we almost done..
back to SAP gui, please restart services SSL by tcode SMICM and make sure you have configured this parameters :
- ssl/server_pse has value /usr/sap/SID/DVEBMGS00/sec/SAPSSLC.pse
- ssf/ssfapi_lib has value /usr/sap/SID/SYS/exe/run/libsapcrypto.o
- sec/libsapsecu has value /usr/sap/SID/SYS/exe/run/libsapcrypto.o
- ssl/ssl_lib has value /usr/sap/SID/SYS/exe/run/libsapcrypto.o
- ssf/name has value SAPSECULIB
Done..enjoy the SSL.
0 Response to "SSL Thawte and AS ABAP"
Posting Komentar