Some of the BSP examples coming with the Testdrive need HTTPS to run. The application “HTMLB_samples” is one of them. Also Peter White asked SAP NetWeaver Application Server: Configuring SSL/SSF on MiniWAS. Here a short how to guide to get HTTPS running.
Prerequisites
- SAP NetWeaver Testdrive SR1 on Linux up and running
- You can logon via SAP GUI to the application Server
- SAP Cryptolib downloaded from http://service.sap.com/swdc/ -> Download -> SAP Cryptographic Software
Unpack and install SAP Cryptolib
Copy the SAP Cryptolib to your Linux box and do the next commands as User nw4adm:
mkdir /tmp/sap-crypto cd /tmp/sap-crypto SAPCAR -vxf [your-path]/sap-crypto-lib.CAR cd linux-glibc2.2.2 cp * /usr/sap/NW4/SYS/exe/run
Setup
Now shutdown your Application Server as User nw4adm with the Command:
stopsap R3 nw4host
Now Edit the File /sapmnt/home/nw4adm/.cshrc and add this line at the end of the file:
setenv SECUDIR /usr/sap/NW4/DVEBMGS00/sec
Logout from the user nw4adm and login again. Now the environment variable SECUDIR must been set. Now edit the instance profile file “/usr/sap/NW4/SYS/profile/NW4_DVEBMGS00_nw4host” and add this lines:
DIR_EXECUTABLE = /usr/sap/NW4/SYS/exe/run sec/libsapsecu = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so ssf/ssfapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so ssf/name = SAPSECULIB snc/gssapi_lib = /usr/sap/NW4/SYS/exe/run/libsapcrypto.so sec/rsakeylengthdefault = 2048 icm/server_port_1 = PROT=HTTPS,PORT=8443 icm/HTTPS/verify_client = 0
Now you can start your application server again with:
startsap R3 nw4host
Create Certificate
Logon to your SAP System via SAP GUI and start Transaction STRUSTSSO2
click right on the SSL-Server and choose “create” now you can enter Org. and Comp. like:
Press enter to save the settings. Press enter to close this screen:
When you have a Service Marketplace Account, then you can get a test certificate from http://service.sap.com/tcs -> SSL Test Server Certificates. Export the Certificate Request by clicking on the “Create Certificate Request” button. Copy the Request into the clipboard and paste it into the Text field on the Service Marketplace. Choose server type “SAP Web Application Server 6.20 and newer”. Copy the returned certificate and import it via the “Import Cert. Response”.
Finally go to the download Area of the SAP Trust Center and import the “mySAP.com Test CA Certificate” into your Certificate store.
Start SSL Server
If the SSL Server is not already running try to start it via SMICM:
- Click on Services (Shift + F1)
- Choose the Line “HTTPS”
- Choose Service -> Activate
Test
Test your settings with
netstat -an | grep 8443
It should return something like:
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN
Start BSP Application which needs HTTPS
SE80, open the BSP-Application “HTMLB_samples” and run the test by pressing F8.
More detailed information about the SSL Configuration of the Web AS can be found in the Help at “Configuring the SAP Web AS for Supporting SSL”.
Comments