Skip to end of metadata
Go to start of metadata

Transport Layer Security on the Netweaver AS Java

AS Java version 7.1 and higher

In AS Java versions 7.1 and higher when acting as SSL server, the incoming SSL connections to the AS Java are handled in the ICM using the SAP Cryptographic Library. When acting as SSL client, outgoing SSL connections made by the AS Java to other servers are handled using the SAP Java Cryptographic Toolkit.

In dual stack systems the profile parameter ssl/pse_provider determines whether the AS Java or AS ABAP acts as the content provider for PSE files used by the AS ABAP. For further information see notes 1461912 - SSL Administration in a Dual-Stack Installation and 1304687 - "wrong" SSL PSE used by ICM

 

 

AS Java version 6.40 and 7.0x

In AS Java versions 6.40 and 7.0x, when acting as SSL server, the incoming SSL connections are handled in the AS Java dispatcher using the SAP Java Cryptographic Toolkit. When acting as SSL client, outgoing SSL connections made by the AS Java to other servers are handled using the SAP Java Cryptographic Toolkit. In the case of a dual stack system, connections can be made directly to the AS Java using the SSL port of the AS Java or via ICM. In the latter case the profile parameter icm/HTTP/j2ee_<xx> determines whether the connection between ICM and AS Java is encrypted or not. If it is encrypted, then there are two SSL handshakes involved, first between the client (e.g. browser, other server) and ICM and a second between ICM and AS Java (i.e. the AS Java dispatcher)

 

Configuration

Configuring SSL

SAP Help Portal: Configuring the Use of SSL on the AS Java  7.0x 7.1 7.3x

Wiki: 7.20-7.3x AS Java: Configure the AS Java for SSL by adding a new access point

Wiki: Manually configure SSL on the AS Java       

SAP Note: 1304687 - "wrong" SSL PSE used by ICM     7.1 and higher 

SAP Note: 1461912 - SSL Administration in a Dual-Stack Installation  7.1 and higher

SAP Note: 973644 - How to configure HTTPS redirect on J2EE Engine      6.40, 7.0x 

SAP KBA: 1648045 - Remove particular Ciphers from the Cipher Suite  6.40, 7.0x    

 

Configuring SSL via an Intermediary Server

SAP Help Portal: Using SSL With an Intermediary Server 7.0x 7.1 7.3x

SAP Note: 1633696 - X.509 client certificate authentication via SAP Web Dispatcher with End-to-End SSL and ICM - Configuration Overview

Wiki: Configure Web Dispatcher for SSL termination

 

Certificate Management

SAP Note: 1850809 - How to reorder a certificate chain using Netweaver Administrator

SAP KBA: 1548872 - Creating a Certificate with a 2048 bit key in the Visual Administrator   6.40, 7.0x

SAP Note: 1625081 - Configure multiple SSL certificates in Java based SAP servers   6.40, 7.0x

How to secure PSE file in AS Java: PIN/Passphrase for PSE on AS Java

 

Troubleshooting

SAP Note: 1799620 - Logs required for analysis of SSL related issues

SAP Note: 1686848 - NW Java SSL Configuration UI

SAP Note: 973561 - Network related SSL issues

SAP Note: 739043 - How to Check for Full Strength Jurisdiction Policies

Wiki:  Sapstartsrv SSL access: SSLHandshakeException

 

 

 

  • No labels