Jan8

HTTPS WITH PI

1. Download SAP Cryptographic Software from http://service.sap.com/swdc 

   Browser our Download Catalog -> SAP Cryptographic Software -> CAR for windows 2003 x86-64

2. Unpackage the CAR archive file

   sapcar.exe -xvf 90000114.CAR

3. Copy the files in folder nt-x86_64 to folder /usr/sap/HXI/SYS/exe

   sapcrypto.dll and sapgenpse.exe

4. Modify system instance profile in /usr/sap/HXI/SYS/profile/_DVEBMGS00_

SAPLOCALHOSTFULL = CDCXI.SAPNEW.COM
ssf/name = SAPSECULIB
ssl/pse_provider = ABAP
ssf/ssl_lib = D:\usr\sap\HXI\SYS\exe\sapcryto.dll
ssf/ssfapi_lib = D:\usr\sap\HXI\SYS\exe\sapcryto.dll
sec/libsapsecu = D:\usr\sap\HXI\SYS\exe\sapcryto.dll
sec/dsakeylenghtdefault = 1024
sec/rsakeylenghtdefault = 1024
icm/server_port_2 = PROT=HTTPS, PORT=50058, TIMEOUT=90, VCLIENT=1

5. Restart PI server, and run TCODE: STRUST, create SSL server PSE and client PSE

6. Alternate solution is using sapgenpse.exe

sapgenpse.exe gen_pse -p SAPSSLS.pse -r "CN=, O=TSG, OU=SAPNEW, S=Server, C=CN"
copy SAPSSLS.pse to folder /usr/sap///sec

7. Optional, if using ssl/pse_provider = Java, manage the key store in NWA

generate CA request and to https://websmp104.sap-ag.de/SSLTest get a temp crt file, then import into NWA.


--EOF--

本篇文章已有0条评论