(DTERP-2202) Secure connection using SSL
Content server is used to provide storage where data could be stored and retrieved. Implementation of content server could use HTTP or HTTPS protocol for the communication between server and client. It is recommended to use a secure protocol (HTTPS) for communication even for decentralized architecture. This page contains the step list to establish secure connections between SNP OutBoard™ ERP Archiving and SAP Netweaver.
Step list
This example is assuming a single SAP instance. The setup for multiple application servers has additional requirements and is not covered here.
Import of certificate
The following will assume existing and valid self-signed certificates for this SAP System. Align with the managing SAP Basis Team for any special requirements before making any changes.
Go to transaction STRUST and export Self-signed certificate from SSL server Standard
Import downloaded certificate to SSL client Standard and add it to a certificate list.
Restart ICM
After the changes are done in STRUST the ICM must be restarted.
Go to transaction SMICM
Note down the port number for HTTPS of this system.
menu More → Goto → Services: e.g. HTTPS Port 44324
Restart the ICM Service for this Instance:
menu More → Administration → ICM → Exit Hard → Global
Setup of content repository
Go to OAC0 and add HTTPS port to configuration. Please note that the backend system must be HTTPS enabled.
The field HTTP server must contain the full info about the application server of the central system, e.g. vsks035.snp.com
Select HTTPS required for HTTPS on frontend and backend (if the option doesn’t appear then use %https in tcode area)
Setup of service
Setup SSL Security requirement in dvd_crp_http service.
Open the transaction SICF, display all services and search for dvd_crp_http service within defualt_host.
Open dvd_crp_http service and in the „Logon Data“ tab set „SSL“ in the „Security Requirement“ section and save the change.
Note: After this change, a standard, non-secure HTTP communication between archiving clients represented by non-secure HTTP content repositories and OutBoard service will be disabled. Following warning message will be displayed during an attempt to use a non-secure HTTP content repository connected to SNP OutBoard™ ERP Archiving.
For the quick test try to check the connection.
Successful connection test confirms that secure HTTPS communication between archiving client and the service is set up correctly.
Extended checks
Test report RSCMST
To check whether everything was configured properly execute the test program RSCMST in SE38.
All of the tests should finish successfully.
Additional checks
Pick and try to open any attachment from the content repository in the web browser and check whether the attachment is requested using the HTTPS protocol.
Try to upload a new attachment to a new content repository.
Centralized architecture
Follow the same steps as for decentralized architecture. A server certificate must be imported into the client system into the SSL Client Standard STRUST branch.
At the same time server certificate must be presented in the central system in transaction STRUST branches System PSE & SSL Server Standard.