Scribd
Upload
110 views5 pages

NG Strust Setup: Default - PFL

This document provides instructions for setting up HTTPS in an ECC instance. It includes: 1. Configuring the DEFAULT.PFL and instance PFL files to use HTTPS. 2. Ensuring the required files are present at the OS level. 3. Verifying HTTPS is listed in SMICM services. 4. Generating and importing certificates into the System and other PSE entries to enable secure communication.

Uploaded by

Dinesh Verma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
110 views5 pages

NG Strust Setup: Default - PFL

This document provides instructions for setting up HTTPS in an ECC instance. It includes: 1. Configuring the DEFAULT.PFL and instance PFL files to use HTTPS. 2. Ensuring the required files are present at the OS level. 3. Verifying HTTPS is listed in SMICM services. 4. Generating and importing certificates into the System and other PSE entries to enable secure communication.

Uploaded by

Dinesh Verma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

NG STRUST Setup

HTTPS Setup in ECC

DEFAULT.PFL:

ssf/name = SAPSECULIB

login/accept_sso2_ticket = 1

login/create_sso2_ticket = 2

Instance PFL:

ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)

sec/libsapsecu = $(ssl/ssl_lib)

ssf/ssfapi_lib = $(ssl/ssl_lib)

icm/server_port_2 = PROT=HTTPS, PORT=443$$, TIMEOUT=3600,


PROCTIMEOUT=10800

Files at OS level:

Cdexe libsapcrypto.so, sapgenpse

INSTANCE/sec ticket

Restart SAP.

SMICM: Goto Services: HTTPS listed or not.

STRUSTSSO2
Select PSE entry and right click and Replace.

System PSE

CN=R3Q, OU=Norgesgruppen Data AS, O=Norgesgruppen Data AS, L=Oslo,


S=Oslo, C=NO

Export as Base 64:

SSL Server Standard

CN=ngsapr3q3t.joh.no, OU=Norgesgruppen Data AS, O=Norgesgruppen Data AS,


L=Oslo, S=Oslo, C=NO
SSL system client SSL Client (Standard)--

CN=R3Q SSL system client SSL Client (Standard), OU=Norgesgruppen Data AS,
O=Norgesgruppen Data AS, L=Oslo, S=Oslo, C=NO

Generate CSR Request:

DoubleClick PSE entry then click on the first button Create Certificate request.

Save the CSR file:


Similarly, save CSR request for each entry in each active PSE.

Send this file to [email protected] and ask for certificate signed


by CA in p7b format but sent as txt file.

SystemPSE will be signed internally.

Others will be signed by Verisign.

HTTPS for EP3 and


R31 connections.msg

Import Portal Certificate into ECC:

NWA Configuration Certificates and Keys

Export the certificate.

Import this certificate into SystemPSE in STRUSTSSO2 of target system/client.


Add to Certificate List. Add to ACL.

Restart ICM.

You might also like