Skip to end of metadata
Go to start of metadata

In ME version 5.2, to access manufacturing-admin and manufacturing-xml contexts you need to enable SSL. Below is provided step-by-step guidelines how to enable SSL:

   


1.    Copy the sapcrypto.dll and sapgenpse.exe files to the folder: <drive>:\usr\sap\<SID>\SYS\exe\uc\<hardware_type>. To get the files follow these instructions .

(The files should be put in the directory specified by 'DIR_EXECUTABLE' profile parameter. If the files are put to the wrong directory, the appropriate error will be thrown in dev_icm log) 

2.    Copy the file ticket file to the folder: <drive>:\usr\sap\<SID>\<instance_number>\sec

3.    Copy all the *.pse files from <drive>:\usr\sap\<SID>\J<instance_number>\sec to C:\usr\sap\<SID>\SCS01\sec





4.    Open the Java Instance profile  (\\usr\sap\<SID>\SYS\profile\CE1_J<instance_number><machine_name>)_ for writing using notepad.

CAUTION

Create a backup copy of the profile file before editing.

Immediately before the commented line, "# Start J2EE database", add the following lines: ssl/ssl_lib = $(DIR_EXECUTABLE)/sapcrypto.dll

icm/server_port_X = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1

where the "X" is any numeral not being used by another protocol (numeral 4 in the example below):

#-----------------------------------------------------------------------

# SSL Configuration: Location of the SAP Cryptographic Library

#-----------------------------------------------------------------------

ssl/ssl_lib = $(DIR_EXECUTABLE)/sapcrypto.dll

#-----------------------------------------------------------------------

# https port configuration

#-----------------------------------------------------------------------

icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1

Note: The VCLIENT parameter has the following settings:

.               0: No certification is required and the server does not ask for one.

.               1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is performed using another method, for example, basic authentication (default setting).

.               2: The client must transfer a valid certificate to the server, otherwise access is denied.


 

5.    The resulting file should appear similar to the following:

  INSTANCE_NAME = J00

  DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTI386

  DIR_EXECUTABLE = $(DIR_CT_RUN)

  DIR_INSTALL = C:\usr\sap\$(SAPSYSTEMNAME)\SYS

  DIR_INSTANCE = C:\usr\sap\$(SAPSYSTEMNAME)\$(INSTANCE_NAME)

  DIR_EPS_ROOT = $(DIR_INSTALL)\EPS DIR_PROFILE = $(DIR_INSTALL)\profile

  _PF = $(DIR_PROFILE)\CE1_J00_PALN00437300A

  DIR_SAPJVM = $(DIR_CT_SAPJVM)/sapjvm_5

  jstartup/trimming_properties = STANDARD SAPJVM_VERSION = 5.1.010

  jstartup/vm/home = $(DIR_SAPJVM)

  jstartup/max_caches = 500 j2ee/dbdriver = C:\sapdb\programs\runtime\jar\sapdbc.jar

  igs/listener/rfc/disable = 1

   jstartup/nice = 1

  #-----------------------------------------------------------------------

  # SSL Configuration: Location of the SAP Cyrptographic Library

  #-----------------------------------------------------------------------

  ssl/ssl_lib = $(DIR_EXECUTABLE)/sapcrypto.dll

  #-----------------------------------------------------------------------

  # https port configuration

  #-----------------------------------------------------------------------

  icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1

  #-----------------------------------------------------------------------

  # Start J2EE database

  #-----------------------------------------------------------------------

  _DB = $(DIR_CT_RUN)\strbsj2ee.cmd

  Start_Program_00 = immediate $(_DB) CE1 j2EE

  #-----------------------------------------------------------------------

  # Start Java application server

  #-----------------------------------------------------------------------

  _JC = $(DIR_EXECUTABLE)\jstart$(FT_EXE)

  Start_Program_01 = local $(_JC) pf=$(_PF)

  j2ee/instance_id = ID55064


 

6.    If WAS is running in a cluster mode. Repeat the line for "icm/server_port_x" (e.g., icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1) for each server instance with a different SSL PORT number. For example, if the SSL port for a second node was set to 02 (50002). Then add the line for the second port configuration immediately after the first as follows:

#-----------------------------------------------------------------------

  # SSL Configuration: Location of the SAP Cryptographic Library

 #-----------------------------------------------------------------------

  ssl/ssl_lib = $(DIR_EXECUTABLE)/sapcrypto.dll

  #-----------------------------------------------------------------------

  # https port configuration

  #-----------------------------------------------------------------------

  icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1

  icm/server_port_5 = PROT=HTTPS, PORT=5$(SAPSYSTEM)02, VCLIENT=1

7.    Reboot the cluster for the changes to take affect.                


SAP Note 1359784 - 'P4 service could not start due to wrong port configuration' contains useful information to troubleshoot P4 problems that may occur.

 

 

Required conditions to access manufacturing-admin and manufacturing-xml contexts starting ME version 6.0 are provided below:

a) SSL is not required to access manufacturing-admin and manufacturing-xml contexts in ME 6.0 any more;

b) User must have 'SAP ME Administrators' role assigned in NWA, Identity Management to access manufacturing-admin and manufacturing-xml contexts.