Wednesday, 26 June 2019

Setting up SSL on Application Server S/4HANA

This blog post is for setting up SSL for Application server S/4HANA for successful connection with SAC (SAP Analytics Cloud).

Background –


When we are connecting SAC (SAP Analytics Cloud) to SAP S/4HANA system with direct live connection, we need to make trusted connection.

Else error can be seen as –

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

Setting Up SSL


Check CommonCryptoLib version

Login into <Applicaion Server Host> as <sid>adm

server: <sid>adm > cdexe

server: <sid>adm > pwd

/sapmnt/<SID>/exe/uc/linuxx86_64

server: <sid>adm > sapgenpse -l /sapmnt/<SID>/exe/uc/linuxx86_64/libsapcrypto.s

.

.

.

Using -l parameter to load CommonCryptoLib

   -l "/sapmnt/<SID>/exe/uc/linuxx86_64/libsapcrypto.so"


  Platform:   linux-gcc-4.3-x86-64   (linux-gcc-4.3-x86-64)

  Versions:   SAPGENPSE       8.5.28 (May  8 2019)

              CommonCryptoLib 8.5.28 (May  8 2019) [AES-NI,CLMUL,SSE3,SSSE3]

                Build change list: 238087


  USER="<sid>adm"


  Environment variable $SECUDIR is defined:

  "/usr/sap/<SID>/DVEBMGS00/sec"

Update SAP Crypto library


1. Download latest crypto library from SAP market place:

SAPDownload à Support Packages & Patches à By Category à SAP CRYPTOGRAPHIC SOFTWARE à SAPCRYPTOLIB à COMMONCRYPTOLIB 8 à <Select appropriate OS version> à Download latest SAR file

SAPCRYPTOLIBP_8528-20011697.SAR —- for Linux X86_64

1. Move SAR file from download basket to application server

Use winscp to move to application server

1. UNCAR SAR file : (login with <SID>adm into application server

SAPCAR -xvf SAPCRYPTOLIBP_8528-20011697.SAR

1. Move uncared all content to Kernel

mv * /sapmnt/<SID>/exe/uc/linuxx86_64

Profile Parameters


Login into <Applicaion Server Host> as <sid>adm and remove below profile parameter

ssf/name

ssf/ssfapi_lib

sec/libsapsecu

ssl/ssl_lib

Define Https parameter 


Add below entry into Instance profile

icm/server_port_1 = PROT=HTTPS,PORT=52$$,TIMEOUT=30,PROCTIMEOUT=60

and restart the application server

Generate Certificate


1. Transaction Code – /nstrust and click on edit.

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning, SAP HANA Certifications Exam

2. Right click on SSL Server Standard and Select Create

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

3. Click on OK

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

4. Update entry as mentioned in the screenshot

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

5. Make sure Algorithm Overview as below –

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

6. Once you click on OK, you can see entry has been created.

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

7. Now, Create Certificate Request by clicking on button

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

8. Select algorithm as SHA256

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning

And click on OK

9. Download certificate locally.

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning, SAP HANA Certifications Exam

10. Save to your local machine.

SAP HANA Certifications, SAP HANA Study Materials, SAP HANA Tutorials and Material, SAP HANA Learning
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)