Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • 26145

    Încărcat de

    prn1008
    30 vizualizări17 pagini
    DOC 26145

    Titlu original

    DOC-26145

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    DOC 26145

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    30 vizualizări17 pagini

    26145

    Încărcat de

    prn1008
    DOC 26145

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 17

    SSL (HTTPS) Configuration in SAP PI

    Systems as of release PI 7.10 – Step-by-


    step procedure

    Applies to:
    As of release SAP NetWeaver PI 7.10.
    Summary
    This document will guide you to setup Secure Socket Layer (SSL) configuration, nothing but enabling secure
    data transfer (through HTTPS) between server and client in PI systems as of release 7.10.
    In earlier SAP PI versions, there are some methods to configure SSL. One was in ABAP stack and the
    other one was in J2EE stack. As of PI 7.10 all configuration is made in the ICM component and NetWeaver
    Administrator.
    Author(s): Siva Kumar Arivinti
    Company: Deloitte Consulting India Pvt Ltd.
    Created on: 31 March 2012
    Author Bio

    Siva Kumar Arivinti is currently working with Deloitte Consulting India Pvt Ltd., as Consultant in AMS service
    line.
    SAP NetWeaver Consultant with around 5 years of experience in SAP Basis and DB2 DBA Administration.
    Expertise in Production support, Installations and Software Life Cycle Management including EHP/Release
    Upgrades.

    Benefits
    It allows the exchange of encrypted information through SAP PI via Secure Socket Layer (SSL). SSL use
    asymmetric method for interchange the secret key, this method use a private key and public key. The private
    key is in server side and the public key is used by client for encrypt or decrypt the messages.
    HTTPS redirect configuration is also covered in this document.

    Pre-requisites
    1. Update the instance profile with the following parameters.

    Parameter Name Value

    Generated by Jive on 2016-09-13Z


    1
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    ssf/name SAPSECULIB

    ssl/ssl_lib /usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

    sec/libsapsecu /usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

    ssf/ssfapi_lib /usr/sap/<SID>/SYS/exe/run/libsapcrypto.o

    icm/HTTPS/verify_client 0 (zero)

    icm/server_port_<x> PROT=HTTPS,PORT=84$
    $,TIMEOUT=900,PROCTIMEOUT=600

    Note: PORT value is a unique number. It means HTTPS, SMTP and HTTP port numbers should not be same.
    2. Create directory sec under /usr/sap/<SID>/<Instance> and update SAP environment variable
    .sapenv_<hostname>.sh (or .sapenv_<hostname>.sh) with the following value with user SIDADM.
    SECUDIR=/usr/sap/<SID>/<Instance>/sec; export SECUDIR

    Installation
    I. Create Private key and Certificates and generate CSR certificate
    1. Open NetWeaver Administrator (http://<FQDN>:5<XX>00/nwa)

    2. Go to Configuration Management --> Certificates and Keys

    Generated by Jive on 2016-09-13Z


    2
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    3. Select ICM_SSL_<ID> and you will find the default Private key and Certificate when SSL has not yet been
    configured.

    4. Rename or delete the old/obsolete certificates.

    Generated by Jive on 2016-09-13Z


    3
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    5. Create new Private Key (ssl-credentials) as shown in the below screenshots.

    Generated by Jive on 2016-09-13Z


    4
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

         Note: Certificate (ssl-credentials-cert) will be generated automatically when we choose ‘Store
    Certificate’ in the above screenshot.

    Generated by Jive on 2016-09-13Z


    5
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    Country Name and Common Name (CN) are mandatory fields.


    Just click NEXT

    Generated by Jive on 2016-09-13Z


    6
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    Click Finish

    Generated by Jive on 2016-09-13Z


    7
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    6. Now you should be able to see Subject name and Issuer name as CN=<Fully qualified name>, L=
    <Locality Name>, O=<Organization Name>, ST=<State or Province>, C=<Country Name>.
    7. Select ssl-credentials and click on ‘Generate CSR Response’

    Generated by Jive on 2016-09-13Z


    8
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    8. Click Download and save the CSR certificate in text format with .csr extension and send it to Certificate
    Authority for entrust certificates.

    Generated by Jive on 2016-09-13Z


    9
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    II. Import entrust certificates.


    1. Go to NWA-->Configuration Management --> Certificates and Keys and select ICM_SSL_<ID>.
    Click on ‘Import CSR response’

    Generated by Jive on 2016-09-13Z


    10
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    Note: We will get 3 certificates from CA, Web Server, Entrust cross and Entrust root. Import them in the
    same order.
         Once all 3 certificates are added, and then only click on ‘Import’ button.

    Generated by Jive on 2016-09-13Z


    11
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    2. Now you should be able to see chain certificates Certificate[0], Certificate[1] and Certificate[2]
    and Issuer name as ‘Entrust Certification Authority’.

    Generated by Jive on 2016-09-13Z


    12
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    3. We should do Export View to PSE after steps 1 and 2 are completed successfully.

    You should be able to see successful message at the top left screen.

    4. Restart SSL Provider service.

    Generated by Jive on 2016-09-13Z


    13
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    5. Restart ICM from transaction SMICM.


    Administration --> ICM --> Exit Hard --> Global

    6. Double click on lock symbol at the bottom of the browser and now you should be able to see Issued by:
    <Certificate Authority>.

    Generated by Jive on 2016-09-13Z


    14
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    III. Setup HTTPS auto redirect, if necessary.


    1. Open NWA-->Configuration Management --> Infrastructure --> Java System Properties

    2. Select HTTP Provider service and update Proxy Mappings field.

    Generated by Jive on 2016-09-13Z


    15
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    ProxyMappings 5<XX>00=(Host:<FQDN>,Port:84<XX>,Scheme:https,Override:true)

    3. Click SAVE AS to save the settings.


    Now when you give http://<FQDN>:5<XX>10, it should redirect to https://<FQDN>:84<XX> (https).

    Generated by Jive on 2016-09-13Z


    16
    SSL (HTTPS) Configuration in SAP PI Systems as of release PI 7.10 – Step-by-step procedure

    Related Content
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/f7/c2953fc405330ee10000000a114084/frameset.htm
    http://help.sap.com/saphelp_nwpi71/helpdata/EN/8c/2ec59131d7f84ea514a67d628925a9/frameset.htm
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2ba66?
    QuickLink=index&overridelayout=true

    Generated by Jive on 2016-09-13Z


    17

    S-ar putea să vă placă și