Currently Being Moderated

Some of the BSP examples coming with the Testdrive need HTTPS to run. The application “HTMLB_samples” is  one of them. Also Peter White asked SAP NetWeaver Application Server: Configuring SSL/SSF on MiniWAS. Here a short how to guide to get HTTPS running.

Prerequisites

  • SAP NetWeaver Testdrive SR1 on Linux up and running
  • You can logon via SAP GUI to the application Server
  • SAP Cryptolib downloaded from http://service.sap.com/swdc/ -> Download -> SAP Cryptographic Software

Unpack and install SAP Cryptolib

Copy the SAP Cryptolib to your Linux box and do the next commands as User nw4adm:

mkdir /tmp/sap-crypto
cd /tmp/sap-crypto
SAPCAR -vxf [your-path]/sap-crypto-lib.CAR
cd linux-glibc2.2.2
cp * /usr/sap/NW4/SYS/exe/run

Setup

Now shutdown your Application Server as User nw4adm with the Command:

stopsap R3 nw4host

Now Edit the File /sapmnt/home/nw4adm/.cshrc and add this line at the end of the file:

setenv SECUDIR /usr/sap/NW4/DVEBMGS00/sec

Logout from the user nw4adm and login again. Now the environment variable SECUDIR must been set. Now edit   the instance profile file “/usr/sap/NW4/SYS/profile/NW4_DVEBMGS00_nw4host” and add this lines:

DIR_EXECUTABLE = /usr/sap/NW4/SYS/exe/run
sec/libsapsecu = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so
ssf/ssfapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so
ssf/name = SAPSECULIB
snc/gssapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so
sec/rsakeylengthdefault = 2048
icm/server_port_1 = PROT=HTTPS,PORT=8443
icm/HTTPS/verify_client = 0

Now you can start your application server again with:

startsap R3 nw4host

Create Certificate

Logon to your SAP System via SAP GUI and start Transaction STRUSTSSO2

click right on the SSL-Server and choose “create” now you can enter Org. and Comp. like:

image

Press enter to save the settings. Press enter to close this screen:

image

When you have a Service Marketplace Account, then you can get a test certificate from http://service.sap.com/tcs -> SSL Test Server   Certificates. Export the Certificate Request by clicking on the “Create Certificate Request” button. Copy   the Request into the clipboard and paste it into the Text field on the Service Marketplace. Choose server   type “SAP Web Application Server 6.20 and newer”. Copy the returned certificate and import it via the   “Import Cert. Response”.

Finally go to the download Area of the SAP Trust Center and import the “mySAP.com Test CA Certificate”   into your Certificate store.

Start SSL Server

If the SSL Server is not already running try to start it via SMICM:

  • Click on Services (Shift + F1)
  • Choose the Line “HTTPS”
  • Choose Service -> Activate

Test

Test your settings with

netstat -an | grep 8443

It should return something like:

tcp        0      0 0.0.0.0:8443            0.0.0.0:*              LISTEN

Start BSP Application which needs HTTPS

SE80, open the BSP-Application “HTMLB_samples” and run the test by pressing F8.

More detailed information about the SSL Configuration of the Web AS can be found in the Help at “Configuring the SAP Web AS for Supporting SSL”.

Comments

Actions

Filter Blog

By author:
By date:
By tag: