Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member
0 Kudos

Hi,

As part of some business requirements like Form 16 generation, sometimes you need to setup ADS to connect through SSL to ABAP stack.

That setup is described on SAP Help guides, but I'll give a short description about what should be done.

Official SAP guides/notes:

    - Adobe Document Services for Form Processing - version 73X

    - Adobe Document Services Configuration Guide - version 70X

    - Form 16 central note for ADS configuration

My brief description for adapting your existing working ADS configuration to run also using SSL:

  1. Configure SSL port at Java ADS server;

  1.2. Test it using a browser, when calling   https://<JAVA_host>:<HTTPS_port>/   it should work;

  1.3. Export Java SSL port certificate as 'base64', save it locally on your machine.

  2. Create ADS_HTTPS rfc on ABAP server (check above guides for configuration details);

             Path Prefix:                     /AdobeDocumentServicesSec/Config?style=rpc

             Logon Procedure:        No Logon

             SSL Client Certificate: <choose a SSL client identity from strust transaction>

  2.1. Import Java certificate from 1.3 section in the same SSL client identity you are using on ADS_HTTPS rfc;

  2.2. Export Owner certificate of that SSL client identity as 'base64' and save locally;

  2.3. Restart ICM :  SMICM -> Administration -> ICM -> Exit Soft -> Global

  3. Import Owner certificate from 2.2 section into Java ADS and assign it to ADSUSER.

  ** For Java 73X versions, "SecureConfigPort_Document" entry should be added on "Destination Template Management"

Common mistakes:

  1. Missing HTTPS port on ICM at ABAP side, so connection will not initiate;

  2. Missing configuration on Java SSL port, "Request client certificate" should be checked;

  3. Not matching certificates, so SSL error is raised when testing ADS_HTTPS rfc.

      ** You should set ICM level 3 trace, reproduce the issue and check on trace why certificates are not matching.

          This is related to section 2.1.

  4. Using self-signed certificates, it should be also added on Trusted CAs at Java side.

  5. UME parameter should be set to TRUE on Java side:  ume.logon.allow_cert

  6. ClientCertLoginModule authentication module isnt set to AdobeDocumentServicesSec

For further investigation, if after all configurations were done but ADSUSER authentication using certificates are still not working:

- SAP note 846610   - How to activate ADS trace

- SAP note 1045019 - Web diagtool for collecting traces

- SAP note 1128476 - How to activate ADS trace in NW7.10 and higher

- SAP note 1332726 - Troubleshooting Wizard