Skip to end of metadata
Go to start of metadata




Solution Manager 7.2 introduces several new mechanisms to provide data to SAP for several functions:

  1. Support Hub Connectivity: This is a new step in the SOLMAN_SETUP required on Solution Manager 7.2. For SolMan 7.2 initial shipment through Solution Manager 7.2 SP04, the only key function that has migrated to this new connection mechanism is the sending of EarlyWatch Alert Reports. Starting with Solution Manager 7.2 SP05, many key jobs/functions in Solution Manager that synchronize data with the SAP Support Portal (Engagement/Service Delivery, SAP Customer Incidents, System component/product version information from LMDB to SAP Support, etc.) now use new HTTPS based synchronous/asynchronous connections.
  2. ABAP (Software) Download Service: This is a standard part of the SAP Netweaver stack. In Solution Manager 7.2, configuration of the download service is required for the automatic download of content for Rapid Content Delivery, which provides updated content to Technical Monitoring, the Guided Procedures, and several other applications within Solution Manager. This is also required in order to use the Download Service tile in the Change Management group of the Solution Manager Fiori Launchpad (transaction code SM_WORKCENTER)
  3. Best Practice Content: In order to import Best Practice Content from into Process Management (Solution Documentation) of your Solution Manager, certain connectivity is required.

This page seeks to collect relevant links/documentation for the setup of these steps and to include general troubleshooting information that can be helpful while troubleshooting these connections.

 Key Notes/Documentation

Support Hub Connectivity: How to configure Step ‘Support Hub Connectivity’ in Solution Manager 7.2 system as of SP05 or How to configure Step ‘Support Hub Connectivity’ in Solution Manager 7.2 system up to SP04 as applicable for your release.

Relevant notes:


Rapid Content Delivery:


Best Practice Content:


Potential Areas to Consider:

  1.  If you are in a scenario where your Solution Manager is hosted (either by SAP Cloud Platform (HEC) or another third party host, your hosting provider may have a firewall or network rules that will need to be adjusted to allow traffic to these hosts.
  2. Whether or not you are in a hosted scenario, you may have firewall whitelisting rules required on your (customer) network.
  3. Many customer networks do not provide direct access to the internet. If your organization requires the use of an HTTP/HTTPS Proxy, you will need to input this proxy host/port and username/password (if applicable) into these connections as you set them up. The proxy may also need to be adjusted to allow traffic to the listed hosts/IP addresses.
  4. If your organization uses a tool to inspect SSL by establishing the connection to the server and then re-establishing the SSL under an internal certificate authority (Microsoft ForeFront, Websense, Bluecoat, etc.) then you will either need to exempt the host of SolMan's ABAP Application servers from being inspected, exempt traffic to the listed hosts from being inspected, or instead import the root/intermediate CAs that the content inspection appliance presents into the SSL Client PSE of SolMan ABAP.


Relevant Hosts: 

Tip: If your proxy/firewall/content inspection rules do not permit the whitelisting of hosts but only IPs, you can either log into the server OS level or use ABAP report (SE38) RSDBCOS0 to execute the nslookup command to resolve the host to the current IP address(es) from the OS level of the SolMan app server to whitelist these hosts.
Example: nslookup

HostFunctionality Hub Connectivity Support Hub Connectivity Best Practice Content Best Practice Content Rapid Content Delivery/Download Service Rapid Content Delivery/Download Service Rapid Content Delivery/Download Service  


SSL Certificates

In general, SAP Support Connections use the SSL Client (Anonymous) PSE in ABAP transaction STRUSTSSO2. If you use a systemwide PSE, it will apply to all instances; if you use instance specific PSEs, you will need to import the root and intermediate CA(s) into the certificate list for each instance PSE. The documentation in the Solution Manager setup and the above notes should include mention of the certificates you must import, but you can also visit the above hosts in either Firefox or Chrome while the Developer Console (F12 key as shortcut) is open and under the security tab, view the certificate presented to the browser (security tab → View Certificate → Certification path). You can then double click to open intermediate/root certs and copy them to a file (details tab → Copy to file) and then import that certificate to the STRUSTSSO2 → SSL Client PSE and add them to the certificate lists.

Note: Symantec has elected to sell their SSL Certificate business (includes Symantec,Thawte, Verisign, Equifax, GeoTrust and RapidSSL certificates) to DigiCert, and to re-issue certificates on the new PKI. If you have configured this connectivity before the end of 2018, you will likely need to reimport the appropriate root/intermediate CAs at some point in later 2018 as SAP hosts switch to the new DigiCert certificates. This is due to the pending distrust of Symantec's legacy certificate authorities in pending Google Chrome & Mozilla Firefox releases (currently planned for October 2018).












  • No labels