What are the guidelines for setting up HTTPS in your SAP server?

Setting up HTTPS for you SAP server is relevant if you wish to enable automatic custom code extraction and upload to Panaya.

Important!

  • This article provides guidelines for setting up HTTPS. Please consult with your Basis Consultant before you proceed.  

Step 1 - Verify that SAPCRYPTOLIB is installed
The guidelines provided here are applicable for systems where SAPCRYPTOLIB is installed.
To verify SAPCRYPTOLIB installation - 

  1. Enter TCODE STRUST
  2. Select the environment and then SSL Client Identities
    If SAPCRYPTOLIB  is not installed, you will be able to see the message at the bottom of the screen


    SAPCRYPTOLIB is not installed?
    If SAPCRYPTOLIV is not installed, you can download and install 7.22 Kernel for SAP up to Netweaver 7.31 (ERP 6 EhP 6, CRM 7 EhP 2, SRM 7 EhP 2, SCM 7 EhP 2, and others). Then restart your system.
  3. For systems where SAPCRYPTOLIB is installed, select the Environment and then Display SSF Version to view the version details.

 

Step 2 - Create Anonymous SSL Client PSE

  1. Create an Anonymous SSL Client
  2. If the system appears in Green (as in the image below),
  3. If the system appears with a red X, right click on it and select Create

 

Step 3 - Import CA (Certificate Authority)

  1. Download the Panaya Certificate
  2. Extract the file and import both certificates as described in the next steps
    Note! Both certificates are required
  3. Double-click the name of the instance that shows under the SSL client identity (anonymous) folder, to display the contents of this PSE. Select the left button.
  4. Use the File Path field to select the certificate file to import, then select Base64 as the file format
  5. Click the V icon to submit.
    The details of the certificate will be displayed
  6. Click on the Add to Certificate List button
    You should be able to view the name of the certificate added to the list
  7. Click the Save button at the top of the screen

 

Older SAP version?

Older versions of SAP may prompt a notification that the ICM needs to be restarted in order for changes to take effect. In such cases, use TCOE SMICM as described below. 

Important!
This activity stops the web server as well as the web client of the SAP system

  1. Execute transaction SMICM
  2. Select Administration > ICM > Exit Soft > Global from the menu options
  3. After a few moments, click the Refresh button until you see the threads
    Threads should appear as Available with Thread No. lower than 10

 

Step 4 - Change HTTP destination

Change the settings for the HTTP destination, as created in SM59
Set SSL status to Active
For SSL Client Certificate, use ANONYM SSL Client (Anonymous)

Note
This step applies to defining HTTPS destination only and is not affecting any RFC setting previously defined for your custom code extraction