(DTERP-2208) Secure connection using SSL

Owned by SNP
Aug 10, 2022
3 min read

Content server is used to provide storage where data could be stored and retrieved. Implementation of content server could use HTTP or HTTPS protocol for the communication between server and client. It is recommended to use a secure protocol (HTTPS) for communication even for decentralized architecture. This page contains the step list to establish secure connections between SNP OutBoard™ ERP Archiving and SAP Netweaver.

Step list

This example is assuming a single SAP instance. The setup for multiple application servers has additional requirements and is not covered here.

Import of certificate

 

The following will assume existing and valid self-signed certificates for this SAP System. Align with the managing SAP Basis Team for any special requirements before making any changes.

Go to transaction STRUST and export a Self-signed certificate from SSL server Standard

 

Import downloaded certificate to SSL client Standard and add it to a certificate list.

Restart ICM

After the changes are done in STRUST the ICM must be restarted.

Go to transaction SMICM

  1. Note down the port number for HTTPS of this system.

    1. menu More → Goto → Services: e.g. HTTPS Port 44324

  2. Restart the ICM Service for this Instance:

    1. menu More → Administration → ICM → Exit Hard → Global

Setup of content repository

  1. Go to OAC0 and add HTTPS port to configuration. Please note that the backend system must be HTTPS enabled.

  2. The field HTTP server must contain the full info about the application server of the central system, e.g. vsks035.snp.com

  3. Select HTTPS required for HTTPS on the frontend and backend (if the option doesn’t appear then use %https in tcode area)

Setup of service

Setup SSL Security requirement in dvd_crp_http service.

  1. Open the transaction SICF, display all services and search for dvd_crp_http service within defualt_host.

  2. Open dvd_crp_http service and in the „Logon Data“ tab set „SSL“ in the „Security Requirement“ section and save the change.

Note: After this change, a standard, non-secure HTTP communication between archiving clients represented by non-secure HTTP content repositories and OutBoard service will be disabled. Following warning message will be displayed during an attempt to use a non-secure HTTP content repository connected to SNP OutBoard™ ERP Archiving.

For the quick test try to check the connection.

Successful connection test confirms that secure HTTPS communication between archiving client and the service is set up correctly.

Extended checks

Test report RSCMST

To check whether everything was configured properly execute the test program RSCMST in SE38.

All of the tests should finish successfully.

Additional checks

Pick and try to open any attachment from the content repository in the web browser and check whether the attachment is requested using the HTTPS protocol.

Try to upload a new attachment to a new content repository.

Centralized architecture

Follow the same steps as for decentralized architecture. A server certificate must be imported into the client system into the SSL Client Standard STRUST branch.

At the same time server certificate must be presented in the central system in transaction STRUST branches System PSE & SSL Server Standard.