Escolar Documentos
Profissional Documentos
Cultura Documentos
ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary
TheBestRunBusinessesRunSAP
Technology
SAPNetWeaverPlatform
7.4
ConfiguringSSLforSAPHostAgenton
Windows
ThissectionexemplarilydescribesSSLconfigurationfortheSAPHostAgentonWindows.
Prerequisites
YoumustbeloggedonasamemberofthelocalAdministratorsgroup.
Context
InthefollowingprocedureweassumethatyouareusingthedefaultnamingfortheserverPSE.Ifyou
wanttooverridethedefault.psename,youcanusethefollowingvalueintheprofilefileofSAPHost
Agent(host_profile):
ssl/server_pse=<PathtoServerPSE>
Procedure
1. PreparetheenvironmentforSAPCryptographicLibrary:
1. Openacommandlinepromptandchangetothe%PROGRAMFILES%\SAP\hostctrl\exe
directory.
2. CreateasubdirectorynamedsecandsettheSECUDIRenvironmentvariabletorefertothe
newdirectoryusingthefollowingcommands:
%PROGRAMFILES%\SAP\hostctrl\exe>mkdirsec
%PROGRAMFILES%\SAP\hostctrl\exe>set
SECUDIR=%PROGRAMFILES%\SAP\hostctrl\exe\sec
Note
Alternatively,youcanalsouseanotherdirectory,butthenyouhavetospecifythe
locationofthePSEfileusingtheparameterssl/server_pseasdescribedabove.
http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm
1/3
1/19/2015
ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary
Recommendation
SetupSECUDIRasanabsolutepathinordertoavoidtroublewiththesapgenpsetool.
3. Makesurethatthefilesarereadableandexecutablebyusersapadm.
2. PreparethePersonalSecurityEnvironment(PSE)fortheserver:
TheserverPSEcontainstheservercertificate,whichispresentedtotheclientwhenestablishing
theSSLconnection,andthenamesandpublickeysofthetrustedcertificates.Trusted
certificatescanbeeithercertificatesissuedbyaCertificationAuthority(CA)orindividuallytrusted
certificates.
1. CreatetheserverPSE,theservercertificatetherein,andtheCertificateSigningRequest
(CSR).
Example
%PROGRAMFILES%\SAP\hostctrl\exe>sapgenpsegen_psep
SAPSSLS.psexpasswd1rmyhostcsr.p10
"CN=myhost.wdf.sap.corp,O=SAPAG,C=DE"
ThiscommandcreatesaPSEfilenamedSAPSSLS.pse(nameisfixed),whichcanbe
usedtoauthenticatemyhost.wdf.sap.corpforincomingSSLconnections.The
accesstothePSEfileisprotectedwithpasswd1.Usetheroptiontodirectthe
certificatesigningrequesttoafile,oromititifyouintendtocopyandpastetheCSR
intoaWebform.
2. GranttheSAPHostAgentaccesstotheserverPSE.
Example
%PROGRAMFILES%\SAP\hostctrl\exe>sapgenpsesecloginp
SAPSSLS.psexpasswd1Osapadm
3. Getthecertificateasfollows:
1. Ifyoudonotuseindividuallytrustedcertificates,sendthecertificatesigningrequest
toanappropriateCA.
2. Copythesignedcertificatefromtheoutputareaincludingthe"BEGIN
CERTIFICATE"and"ENDCERTIFICATE"linesandpaste
itintoatextfile,forexamplemyhost.p7b.
4. ImportthesignedcertificateintotheserverPSE.
Example
%PROGRAMFILES%\SAP\hostctrl\exe>sapgenpseimport_own_certp
SAPSSLS.psexpasswd1cmyhost.p7b(iftheusedformatisPKCS#7).
5. Verifytheservercertificatechain.
http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm
2/3
1/19/2015
ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary
Example
%PROGRAMFILES%\SAP\hostctrl\exe>sapgenpseget_my_namep
SAPSSLS.psexpasswd1v
3. RestartSAPHostAgent.
4. PreparethePersonalSecurityEnvironment(PSE)fortheclient:
TheclientPSEcontainstheclientcertificatethatissenttoSAPHostAgentwhenestablishing
theSSLconnection,andthenamesandpublickeysofthetrustedcertificates.Fortheclient,
trustedcertificatescanonlybecertificatesthatareissuedbyaCertificationAuthority(CA).
Theconfigurationstepsareclientspecific,thatiswhyweonlydescribetheminagenericway.
Followtheinstructionsinthespecificclientdocumentation.
ExamplesforpossibleclientsaretheSAPManagementConsole(SAPMC),theDiagnostics
AgentinSAPSolutionManager,ortheSAPLandscapeVirtualizationManagement(LVM)
software(formerlyknownasAdaptiveComputingController(ACC)).
Results
Recommendation
Ifyousuccessfullyappliedtheproceduredescribedabove,SAPHostAgentalsoservesport1129
forSSLcommunication.
RelatedInformation
SSLConfigurationfortheSAPHostAgent
C OPYR I GH T BY SAP SE OR AN SAP AF F I LI AT E C OM PAN Y. ALL R I GH T S R ESER VED .
PR I N T ED F R OM SAP H ELP POR T AL. (ht t p: / / help. s ap. c om )
http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm
3/3