Академический Документы
Профессиональный Документы
Культура Документы
The Secure Socket Layer [SSL] needs to be implemented on the J2ee engine for
enabling transport layer security when using HTTP.
Objective
By enabling SSL you can provide authentication of users, data integrity that
provides protection from tampering during data transfer and data privacy that
prevents eavesdropping [hacking].
How to Configure SSL in SAP Java stack
Configuring the SSL on the J2EE engine consists of two main steps:
A. Generating the key pair on each server of the J2EE engine
B. Assigning the keys to a specific SSL port.
Following are the detailed steps involved in enabling the SSL on the J2EE engine.
1. Change the startup mode of the SSL provider and the key provider service.
2. Create the public and the private keys.
3. Create a certificate signing request.
4. Submit the certificate to the Certification Authority (CA).
5. Import the certificate request response into the KeyStore.
6. Assign the key pair to the SSL port.
7. Maintain the list of trusted certificates.
8. Test the SSL connection.
Procedure
1. Change the startup mode of the SSL provider and the key provider service.
SSL provider
Navigate to
\usr\sap\<SID>\<Instance>\J2EE\configtool\configtool.sh [UNIX]
<Drive>:usr\sap\<SID>\<Instance>\J2EE\configtool\configtool.bat [Windows]
And double click
Make sure in Configtool for both Cluster data Global Dispatcher and Global
Server, in it SSL and KEYSTORE startup mode should be set to “always”
Note: If startup mode is set to “always” request to restart J2EE Engine to get effect.
The Next step is to create key pair for the J2ee engine. The key pair consists of a
public and private key.
Note: The private and public keys are provided during the default
installation
Public Key
The public key is distributed using an X.509 public key certificate and to view
Private Key
Below shows private key has been generated which need to be bind with Trusted
Root Certification Authorities Store in order to get valid certificate for accessing
portal through https port, else if not Portal will be prompting warning while
accessing https url.
In order to generate Certificate Signing Request [CSR] to submit Trusted Root
Certification Authorities Store [CA], need to click on Generate CSR Request
SAVE Certificate Signing Request [CSR] file into file system with extension named
.csr
Ex: PORTAL<SID>.csr
4. Submit the certificate to the Certification Authority (CA)
Open PORTAL<SID>.csr file, copy the content as shows below screen
Note: Make sure that there is no extra spaces added or removed while copying
Paste content of request generated Certificate Signing Request [CSR] file and
select “certify the cert req” from drop down of “Select cmd” click on Submit
button to get the response certificate
Copy response to file and save it as Portal<SID>-SSL.cert file under the location
\\hostname\<SID>\JC<nr>\j2ee\admin OR
<Drive>\usr\sap\<SID>\JC<nr>\j2ee\admin