cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SHA-2 & Secude Version

former_member315894
Explorer

on ‎08-24-2016 9:45 PM

0 Kudos

What's the version of Secude that supports SHA-2 certificates?

We have a Java Application (Delego) that's currently configured to talk to the ABAP back-end via RFC's and authenticate using the old SHA-1 certificate pairs.

Because we'll be replacing the backend (SNC) certificates to SHA-2 (generated from SLS) for the ABAP front-ends- tested successfully- subsequently, we're required to update the client side cert as well from the Delego server.

We created a SLS SNC client SHA-2 certificate for Delego and replaced the Secude SHA-1 cert on said server; we receive errors that appear to be on the Java side when calling the Secude software on Delego server (original software to create SNC certs for client and servers).

Most of the Delego services don't even start; so a valid RFC registration never takes place.  They don't even show as connections in back-end ABAP gateway.

Our version of Secude looks to be: Secude SDK Version 7.6.44.0, date of executable is September 2009.

The vendor is asking us to verify what version of Secude supports SHA-2 certs.

Thanks in advance,

Chris

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member200373
Participant
‎08-25-2016 10:34 AM
0 Kudos

Chris,

all SAP security technology based on SECUDE SDK has been acquired by SAP in 2011. So there is no more SECUDE SDK, and SECUDE SDK 7.6 is more than outdated.

SAP offers CommonCryptoLib aka SAPCRYPTOLIB, which is the one and only successor. However, it comes with a reduced set of functionality. There is no PKI command line interface, so you cannot use it to sign certification requests as PKI CA.

Can you tell us some more details about how the customer is using this old SDK? This would allow me to give a better advice.

-- Stephan

Show replies
Show replies
former_member315894
Explorer
‎08-31-2016 2:05 PM
0 Kudos

Hi Stephan:

The software Delego is a certified SAP bolt-on used for Credit Card payments.  There's an external Java engine that connects to SAP via SNC or by passing traditional credentials (userid/password).  In SAP there's a RFC that is configured and called within sapgui that hits this Java engine and out to verify CC info. and such.

We talked to the vendor and they confirmed if we update the vendor ini file with the user credentials that doesn't break any Security policy as this information is never communicated outside of the gateway connection into R3- all internal on a switched network.

So, our plan is to go with passing credentials the old-school way as we are also transitioning to another CC vendor solution in the near term.  Hopefully, the new vendor supports SNC certificates.

Thanks.

Chris

Ask a Question