Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Configuring SSL For SAP Host Agent On Windows - SAP Host Agent - SAP Library

    Enviado por

    Lokesh Grc
    250 visualizações3 páginas
    Configuring SSL for SAP Host Agent on Windows - SAP Host Agent - SAP Library

    Título original

    Configuring SSL for SAP Host Agent on Windows - SAP Host Agent - SAP Library

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    Configuring SSL for SAP Host Agent on Windows - SAP Host Agent - SAP Library

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    250 visualizações3 páginas

    Configuring SSL For SAP Host Agent On Windows - SAP Host Agent - SAP Library

    Enviado por

    Lokesh Grc
    Configuring SSL for SAP Host Agent on Windows - SAP Host Agent - SAP Library

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 3

    1/19/2015

    ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary

    TheBestRunBusinessesRunSAP

    Technology

    SAPNetWeaverPlatform

    7.4

    ConfiguringSSLforSAPHostAgenton
    Windows
    ThissectionexemplarilydescribesSSLconfigurationfortheSAPHostAgentonWindows.

    Prerequisites
    YoumustbeloggedonasamemberofthelocalAdministratorsgroup.

    Context
    InthefollowingprocedureweassumethatyouareusingthedefaultnamingfortheserverPSE.Ifyou
    wanttooverridethedefault.psename,youcanusethefollowingvalueintheprofilefileofSAPHost
    Agent(host_profile):
    ssl/server_pse=<PathtoServerPSE>

    Procedure
    1. PreparetheenvironmentforSAPCryptographicLibrary:
    1. Openacommandlinepromptandchangetothe%PROGRAMFILES%\SAP\hostctrl\exe
    directory.
    2. CreateasubdirectorynamedsecandsettheSECUDIRenvironmentvariabletorefertothe
    newdirectoryusingthefollowingcommands:
    %PROGRAMFILES%\SAP\hostctrl\exe>mkdirsec
    %PROGRAMFILES%\SAP\hostctrl\exe>set
    SECUDIR=%PROGRAMFILES%\SAP\hostctrl\exe\sec

    Note
    Alternatively,youcanalsouseanotherdirectory,butthenyouhavetospecifythe
    locationofthePSEfileusingtheparameterssl/server_pseasdescribedabove.

    http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm

    1/3

    1/19/2015

    ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary

    Recommendation
    SetupSECUDIRasanabsolutepathinordertoavoidtroublewiththesapgenpsetool.
    3. Makesurethatthefilesarereadableandexecutablebyusersapadm.
    2. PreparethePersonalSecurityEnvironment(PSE)fortheserver:
    TheserverPSEcontainstheservercertificate,whichispresentedtotheclientwhenestablishing
    theSSLconnection,andthenamesandpublickeysofthetrustedcertificates.Trusted
    certificatescanbeeithercertificatesissuedbyaCertificationAuthority(CA)orindividuallytrusted
    certificates.
    1. CreatetheserverPSE,theservercertificatetherein,andtheCertificateSigningRequest
    (CSR).

    Example
    %PROGRAMFILES%\SAP\hostctrl\exe>sapgenpsegen_psep
    SAPSSLS.psexpasswd1rmyhostcsr.p10
    "CN=myhost.wdf.sap.corp,O=SAPAG,C=DE"
    ThiscommandcreatesaPSEfilenamedSAPSSLS.pse(nameisfixed),whichcanbe
    usedtoauthenticatemyhost.wdf.sap.corpforincomingSSLconnections.The
    accesstothePSEfileisprotectedwithpasswd1.Usetheroptiontodirectthe
    certificatesigningrequesttoafile,oromititifyouintendtocopyandpastetheCSR
    intoaWebform.
    2. GranttheSAPHostAgentaccesstotheserverPSE.

    Example
    %PROGRAMFILES%\SAP\hostctrl\exe>sapgenpsesecloginp
    SAPSSLS.psexpasswd1Osapadm
    3. Getthecertificateasfollows:
    1. Ifyoudonotuseindividuallytrustedcertificates,sendthecertificatesigningrequest
    toanappropriateCA.
    2. Copythesignedcertificatefromtheoutputareaincludingthe"BEGIN
    CERTIFICATE"and"ENDCERTIFICATE"linesandpaste
    itintoatextfile,forexamplemyhost.p7b.
    4. ImportthesignedcertificateintotheserverPSE.

    Example
    %PROGRAMFILES%\SAP\hostctrl\exe>sapgenpseimport_own_certp
    SAPSSLS.psexpasswd1cmyhost.p7b(iftheusedformatisPKCS#7).
    5. Verifytheservercertificatechain.

    http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm

    2/3

    1/19/2015

    ConfiguringSSLforSAPHostAgentonWindowsSAPHostAgentSAPLibrary

    Example
    %PROGRAMFILES%\SAP\hostctrl\exe>sapgenpseget_my_namep
    SAPSSLS.psexpasswd1v
    3. RestartSAPHostAgent.
    4. PreparethePersonalSecurityEnvironment(PSE)fortheclient:
    TheclientPSEcontainstheclientcertificatethatissenttoSAPHostAgentwhenestablishing
    theSSLconnection,andthenamesandpublickeysofthetrustedcertificates.Fortheclient,
    trustedcertificatescanonlybecertificatesthatareissuedbyaCertificationAuthority(CA).
    Theconfigurationstepsareclientspecific,thatiswhyweonlydescribetheminagenericway.
    Followtheinstructionsinthespecificclientdocumentation.
    ExamplesforpossibleclientsaretheSAPManagementConsole(SAPMC),theDiagnostics
    AgentinSAPSolutionManager,ortheSAPLandscapeVirtualizationManagement(LVM)
    software(formerlyknownasAdaptiveComputingController(ACC)).

    Results
    Recommendation
    Ifyousuccessfullyappliedtheproceduredescribedabove,SAPHostAgentalsoservesport1129
    forSSLcommunication.

    RelatedInformation
    SSLConfigurationfortheSAPHostAgent
    C OPYR I GH T BY SAP SE OR AN SAP AF F I LI AT E C OM PAN Y. ALL R I GH T S R ESER VED .
    PR I N T ED F R OM SAP H ELP POR T AL. (ht t p: / / help. s ap. c om )

    http://help.sap.com/saphelp_nw74/helpdata/en/f9/50aeeb64604e818b24626d287b63b0/content.htm

    3/3

    Você também pode gostar