- SAP crypto library (download the platform specific SAP crypto library from the SAP marketplace)
- Administrator's credentials for SAP and the server machine on which SAP runs
- Administrator's credentials for BOE XI3.1 and the server machine on which BOE XI3.1 is running
2.Configuring SAP server-side trust step by step
(Please refer XI3.1 Integration for SAP Solutions Install and Admin guide - Chapter 6, pages 96 - 100)
- On the SAP machine copy the SAP crypto library and the sapgenpse tool to <DRIVE>:\usr\sap\<SID>\SYS\exe\run\ directory (on Windows)
- Copy the file named ticket that came with the SAP Crypto library to the <DRIVE>:\usr\sap\<SID>\<instance>\sec\ directory.
- Create the system environment variable named SECUDIR, which points to the directory where the ticket resides.
- In SAP GUI, go to transaction RZ10 and Change the instance profile in extended mode
- In profile edit mode, point SAP profile variables to the Cryptographic Library and give the SAP system a Distinguished Name (DN). These variables should follow the LDAP naming convention. Example: for SAP System R36 it looks like: p:CN=R36, OU=PG, O=BOBJ, C=CA . (Please refer XI3.1 Integration for SAP Solutions Install and Admin guide - Chapter 6, page 98, step 7 for description of each tag)
- Enter the following profile values, substituting for your SAP system where necessary:
- Restart your SAP instance
- When the system is running again, log on and go to transaction STRUST, which should now have additional entries for SNC and SSL
- Right-click the SNC node and click Create. The identity you specified in RZ10 should now appear.
- Click OK.
- To assign a password to the SNC PSE, click the lock icon. (Do not lose this password. You will be prompted for it by STRUST every time you view or edit the SNC PSE.)
- Save the changes. If you omit this step, your application server will not start again once you have enabled SNC!
- Return to transaction RZ10 and add the remainder of the SNC profile parameters:
The minimum protection level is set to authentication only (1) and the maximum is privacy (3). The snc/data_protection/use value defines that only authentication is to be used in this case, but could also be (2) for integrity, (3) for privacy and (9) for maximum available. The snc/accept_in secure_rfc, snc/accept_insecure_r3int_rfc, snc/accept_insecure_gui, and snc/accept_insecure_cpic values set to (1) ensure that previous (and potential unsecure) communication methods are still permitted.
- Restart your SAP system