I did a Weblog on Setup HTTPS for the SAP NetWeaver Testdrive SR1 on Linux some time ago. Now here is the Guide for the NetWeaver 04 ABAP Edition on Windows.
Update: Correction according to SAP Note No. 510007.
- Sneak Preview SAP NetWeaver 04 ABAP Edition on Windows up and running
- You can logon via SAP GUI to the application Server
- SAP Cryptolib downloaded from http://service.sap.com/swdc/ -> Download -> SAP Cryptographic Software -> SAP Cryptographic Library Microsoft Win32 for x86/IA32. I’ve saved the file as “SAPCryptoLibWin32.CAR” in C: emp
Unpack and install SAP Cryptolib
Copy the SAP Cryptolib to temporary directory and extract it with SAPCAR on the Command Line (Start -> Run -> cmd):
c: cd emp mkdir sap-crypto cd sap-crypto SAPCAR -vxf ..sap-crypto-lib.CAR cd ntintel copy * usrsapNSPSYSexe un
Now shutdown your Application Server via the SAP Management Console.
Now set the Environment Variable “SECUDIR” via Start -> Control Panel -> System -> Extended -> Environment Variables. Add a new System Variable SECUDIR with Value C:usrsapNSPDVEBMGS00sec:
Close the command line and start it again. The Command “echo %SECUDIR%” must return “C:usrsapNSPDVEBMGS00sec”. Now edit the instance profile file “C:usrsapNSPSYSprofile NSP_DVEBMGS00_hostname” and add these lines:
# SSL sec/libsapsecu = C:usrsapNSPSYSexe unsapcrypto.dll ssf/ssfapi_lib = C:usrsapNSPSYSexe unsapcrypto.dll ssf/name = SAPSECULIB snc/gssapi_lib = C:usrsapNSPSYSexe unsapcrypto.dll sec/rsakeylengthdefault = 2048 icm/server_port_1 = PROT=HTTPS,PORT=8443 icm/HTTPS/verify_client = 0
Now you can start your application server again with the SAP Management Console.
Logon to your SAP System via SAP GUI and start Transaction STRUSTSSO2
Execute a right click on the SSL-Server and choose “create” do not replace the “*”. Enter Org. and Comp. and Country. To enter the Country you had to click on the toggle Button:
Press enter to save the settings. Press enter to close this screen which shows you the Instance PSE's:
Now expand the SSL Server node and doubleclick on your hostname:
You will notice that the Certificate is currently self signed. When you have a Service Marketplace Account, then you can get a test certificate from http://service.sap.com/SSLTest. Export the Certificate Request by clicking on the “Create Certificate Request” button:
Copy the Request into the clipboard and paste it into the Text field on the Service Marketplace. Choose server type “SAP Web Application Server 6.20 and newer”. Copy the returned certificate and import it via the “Import Cert. Response”:
Finally go to the download Area of the SAP Trust Centre and download the “mySAP.com Test CA Certificate” and also the “SAP Server CA Certificate”. I’ve saved them to C: empsap-cryptogetCert.cer and “getCertSAP Server CA Certificate.cer”. Import it into your Certificate store:
And add it to the Certificate List:
Also add these Certificates to your local Certificate store via double click on them in the Windows Explorer. So you will not get any error Messages from your Browser that the Certificate is not valid.
Start SSL Server
If the SSL Server is not already running try to start it via SMICM:
- Click on Services (Shift + F1)
- Choose the Line “HTTPS”
- Choose Service -> Activate
Test your settings on the command line with
It should find one line like:
TCP 0.0.0.0:8443 0.0.0.0:0 ABHÖREN
Start BSP Application which needs HTTPS
SE80, open the BSP-Application “HTMLB_samples” and run the test by pressing F8. To force that HTTPS is used you can set this in SE80 via Menu Utilities -> Settings. In the Tab “Business Server Pages” enter Log, Application Server and Port:
Save the setting and run the application via F8. Your browser will start and