Some of the BSP examples coming with the Testdrive need HTTPS to run. The application HTMLB_samples is one of them. Also Peter White asked SAP NetWeaver Application Server: Configuring SSL/SSF on MiniWAS. Here a short how to guide to get HTTPS running.
- SAP NetWeaver Testdrive SR1 on Linux up and running
- You can logon via SAP GUI to the application Server
- SAP Cryptolib downloaded from http://service.sap.com/swdc/ -> Download -> SAP Cryptographic Software
Unpack and install SAP Cryptolib
Copy the SAP Cryptolib to your Linux box and do the next commands as User nw4adm:
mkdir /tmp/sap-crypto cd /tmp/sap-crypto SAPCAR -vxf [your-path]/sap-crypto-lib.CAR cd linux-glibc2.2.2 cp * /usr/sap/NW4/SYS/exe/run
Now shutdown your Application Server as User nw4adm with the Command:
stopsap R3 nw4host
Now Edit the File /sapmnt/home/nw4adm/.cshrc and add this line at the end of the file:
setenv SECUDIR /usr/sap/NW4/DVEBMGS00/sec
Logout from the user nw4adm and login again. Now the environment variable SECUDIR must been set. Now edit the instance profile file /usr/sap/NW4/SYS/profile/NW4_DVEBMGS00_nw4host and add this lines:
DIR_EXECUTABLE = /usr/sap/NW4/SYS/exe/run sec/libsapsecu = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so ssf/ssfapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so ssf/name = SAPSECULIB snc/gssapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so sec/rsakeylengthdefault = 2048 icm/server_port_1 = PROT=HTTPS,PORT=8443 icm/HTTPS/verify_client = 0
Now you can start your application server again with:
startsap R3 nw4host
Logon to your SAP System via SAP GUI and start Transaction STRUSTSSO2
click right on the SSL-Server and choose create now you can enter Org. and Comp. like:
Press enter to save the settings. Press enter to close this screen:
When you have a Service Marketplace Account, then you can get a test certificate from http://service.sap.com/tcs -> SSL Test Server Certificates. Export the Certificate Request by clicking on the Create Certificate Request button. Copy the Request into the clipboard and paste it into the Text field on the Service Marketplace. Choose server type SAP Web Application Server 6.20 and newer. Copy the returned certificate and import it via the Import Cert. Response.
Finally go to the download Area of the SAP Trust Center and import the mySAP.com Test CA Certificate into your Certificate store.
Start SSL Server
If the SSL Server is not already running try to start it via SMICM:
- Click on Services (Shift + F1)
- Choose the Line HTTPS
- Choose Service -> Activate
Test your settings with
netstat -an | grep 8443
It should return something like:
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
Start BSP Application which needs HTTPS
SE80, open the BSP-Application HTMLB_samples and run the test by pressing F8.
More detailed information about the SSL Configuration of the Web AS can be found in the Help at Configuring the SAP Web AS for Supporting SSL.