Thursday, 9 August 2012

NWBC security setting on server

Downloading the SAP Cryptographic Library

Procedure

...
1. Start your Web browser and navigate to the page http://service.sap.com/swcenter.
2. Log on with your SAP s-user ID and navigate to Download ® SAP Cryptographic Software.
Install SAP Cryptographic Library
...
1. Check the server’s profile parameter DIR_EXECUTABLE ,
DIR_INSTANCE. (if not exist create the parameter)
a. Call the transaction, RZ11
b. Enter DIR_EXECUTABLE and DIR_INSTANCE in Pram. Name and press Display
Operating system
Library file name
Configuration tool
UNIX
libsapcrypto.<ext>
sapgenpse
As user <sid>adm:
...
1. Extract the file using …
SAPCAR –xvf <downloaded file name>.CAR
2. Copy the library file and the configuration tool sapgenpse.exe to the directory specified by the application server's profile parameter DIR_EXECUTABLE. In the following, we represent this directory with the notation$(DIR_EXECUTABLE).
3. Copy the ticket file to the sub-directory sec in the instance directory $(DIR_INSTANCE)
Example
Examples
UNIX:
· DIR_EXECUTABLE: /usr/sap/<SID>/SYS/exe/run/
· Location of SAP Cryptographic Library: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so
Location of Ticet
Examples
UNIX:
· DIR_INSTANCE: /usr/sap/<SID>/<instance>
· Location of the ticket: /usr/sap/<SID>/<instance>/sec/ticket
Set the environment variable SECUDIR to the sec subdirectory. The application server uses this variable to locate the ticket and its credentials at runtime
SECUDIR=\usr\sap\<SID>\<instance>\sec
· Update “.sapenv_<hostname>.csh with following entries :
o setenv SECUDIR /usr/sap/<SID>/DV*/sec
o setenv USER <sid>adm
· Update “.sapenv_<hostname>.sh” with following entries :
o SECUDIR=/usr/sap/<SID>/DV*/sec; export SECUDIR
o USER=<sid>adm; export USER
HTTP/HTTPS Settings in the ICM
Create parameter for HTTPS
icm/server_port_2 = PROT=HTTPS, PORT=84<instance No>, TIMEOUT=900 PROCTIMEOUT=900
Check parameter icm/host_name_full in RZ11 if not exist create it.
Setting the Profile Parameters for Using SSL
Set the profile parameters in AS ABAP's instance profile
Profile Parameter
Value
Examples
ssl/ssl_lib
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
sec/libsapsecu
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
ssf/ssfapi_lib
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
ssf/name
SAPSECULIB
SAPSECULIB
Enable SSO2 cookie acceptance and creation, Please check if the below parameters exist, if not create them
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
The following four certificates must be created:
System PSE
SNC SAPCryptolib
SSL server Standard
SSL client SSL Client (Standard)
Once parameters are effective, blank entries will be there under Trust Manager (T-Code STRUST). Create PSE files for all nodes (click node, right mouse-button, create)
· Highlight “System PSE” and right click – select “Create”
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSL Server” and right click – select “Create”
Provide required inputs..
Name : *.<Web AS Domain>
Org(Opt) : SAP
Comp/Org : <company name>
Country : <country name>
Click “Enter” icon
In Distinguished Name – make following entries (if not available)
CN-<hostname>.<Web AS Domain<, OU=SAP, O=<company name>, C=<country)
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSLClient (Anonymous)” and right click – select “Create”
Provide similar info (as mentioned above), given “CN=anonymous”
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSL Client (Standard)” and right click – select “Create”
Provide similar info (provide Name : <hostname>.<Web AS Domain>
Double click on node and verify own certificate is set to “Self sighed”
Downloading the SAP Cryptographic Library

Procedure

...
1. Start your Web browser and navigate to the page http://service.sap.com/swcenter.
2. Log on with your SAP s-user ID and navigate to Download ® SAP Cryptographic Software.
Install SAP Cryptographic Library
...
1. Check the server’s profile parameter DIR_EXECUTABLE ,
DIR_INSTANCE. (if not exist create the parameter)
a. Call the transaction, RZ11
b. Enter DIR_EXECUTABLE and DIR_INSTANCE in Pram. Name and press Display
Operating system
Library file name
Configuration tool
UNIX
libsapcrypto.<ext>
sapgenpse
As user <sid>adm:
...
1. Extract the file using …
SAPCAR –xvf <downloaded file name>.CAR
2. Copy the library file and the configuration tool sapgenpse.exe to the directory specified by the application server's profile parameter DIR_EXECUTABLE. In the following, we represent this directory with the notation$(DIR_EXECUTABLE).
3. Copy the ticket file to the sub-directory sec in the instance directory $(DIR_INSTANCE)
Example
Examples
UNIX:
· DIR_EXECUTABLE: /usr/sap/<SID>/SYS/exe/run/
· Location of SAP Cryptographic Library: /usr/sap/<SID>/SYS/exe/run/libsapcrypto.so
Location of Ticet
Examples
UNIX:
· DIR_INSTANCE: /usr/sap/<SID>/<instance>
· Location of the ticket: /usr/sap/<SID>/<instance>/sec/ticket
Set the environment variable SECUDIR to the sec subdirectory. The application server uses this variable to locate the ticket and its credentials at runtime
SECUDIR=\usr\sap\<SID>\<instance>\sec
· Update “.sapenv_<hostname>.csh with following entries :
o setenv SECUDIR /usr/sap/<SID>/DV*/sec
o setenv USER <sid>adm
· Update “.sapenv_<hostname>.sh” with following entries :
o SECUDIR=/usr/sap/<SID>/DV*/sec; export SECUDIR
o USER=<sid>adm; export USER
HTTP/HTTPS Settings in the ICM
Create parameter for HTTPS
icm/server_port_2 = PROT=HTTPS, PORT=84<instance No>, TIMEOUT=900 PROCTIMEOUT=900
Check parameter icm/host_name_full in RZ11 if not exist create it.
Setting the Profile Parameters for Using SSL
Set the profile parameters in AS ABAP's instance profile
Profile Parameter
Value
Examples
ssl/ssl_lib
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
sec/libsapsecu
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
ssf/ssfapi_lib
Path and file name of the SAP Cryptographic Library
$(DIR_EXECUTABLE)/libsapcrypto.so
ssf/name
SAPSECULIB
SAPSECULIB
Enable SSO2 cookie acceptance and creation, Please check if the below parameters exist, if not create them
login/accept_sso2_ticket = 1
login/create_sso2_ticket = 2
The following four certificates must be created:
System PSE
SNC SAPCryptolib
SSL server Standard
SSL client SSL Client (Standard)
Once parameters are effective, blank entries will be there under Trust Manager (T-Code STRUST). Create PSE files for all nodes (click node, right mouse-button, create)
· Highlight “System PSE” and right click – select “Create”
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSL Server” and right click – select “Create”
Provide required inputs..
Name : *.<Web AS Domain>
Org(Opt) : SAP
Comp/Org : <company name>
Country : <country name>
Click “Enter” icon
In Distinguished Name – make following entries (if not available)
CN-<hostname>.<Web AS Domain<, OU=SAP, O=<company name>, C=<country)
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSLClient (Anonymous)” and right click – select “Create”
Provide similar info (as mentioned above), given “CN=anonymous”
Double click on node and verify own certificate is set to “Self sighed”
· Highlight “SSL Client (Standard)” and right click – select “Create”
Provide similar info (provide Name : <hostname>.<Web AS Domain>
Double click on node and verify own certificate is set to “Self sighed”
Now you observe all 4 certificates are active in strust
And HTTPS is active in SMICM

9 comments:

  1. Trade FX At Home On Your PC: exness login Is A Forex Trading Company. The Company States That You Can Make On Average 80 – 300 Pips Per Trade.exness login States That It Is Simple And Easy To Get Started.

    ReplyDelete