1770585 - How to configure SSL on the AS Java

You can use this procedure to configure the necessary ICM parameters to enable the use of SSL for accessing SAP NetWeaver AS for Java.

Prerequisites
You have OS level access permission for the file system of the SAP NetWeaver AS for Java host.
The SAP Cryptographic Library is installed and you know where it is located.
You know which sequential number to use for the icm/server_port_ parameter.
You can use either the ICM Monitor or the Web Administration Interface to check the parameter settings.

Context
SSL is supported for the protocols:

Protocol Secured Protocol
HTTP HTTPS
IIOP IIOPSEC
P4 P4SEC

Note
The server uses the same key pair and SSL certificates for all of the protocols.

The protocol and port information are specified in the ICM parameter icm/server_port_, where is a sequential number. When setting the port for HTTPS, make sure that you select a number that is not already being used.

Configuration from instance profile filename

Procedure
Using a text editor, open the instance profile of the ICM for SAP NetWeaver AS for Java.
You can find the instance profile at the following location in the SAP NetWeaver AS for Java host file system: /usr/sap//SYS/profile. The profile has the name .

Set the HTTPS port to use in the ICM parameter icm/server_port_. Also, to explicitly specify the location of the SAP Cryptographic Library (for example, if it is not in the default location, which is the directory specified by the $(DIR_LIBRARY) parameter), set the parameter ssl/ssl_lib.
See the example below.

Tip

SSL Configuration: Location of the SAP Cryptographic Library

ssl/ssl_lib =

port configuration

icm/server_port_ = PROT=, PORT=5$(SAPSYSTEM)01[, VCLIENT=<0,1,2>]
Note
To configure a different port for HTTPS communication, specify the desired port in the PORT parameter.

In addition, to specify the server's behavior regarding the use of certificates for client authentication, set the corresponding value in the VCLIENT parameter:

0: No certification is required and the server does not ask for one.
1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is performed using another method, for example, basic authentication (default setting).
2: The client must transfer a valid certificate to the server, otherwise access is denied.
There are also additional optional parameters. For example, to specify port-specific SSL configurations, use the parameter icm/ssl_config_.

For more information, see icm/server_port_.

Restart the ICM so that the parameter settings take effect.
Results
After restarting the ICM instance, the HTTPS port configuration appears in Active Services for the ICM.

Example
The example below shows an extract from an ICM instance profile with SSL and HTTPS port configuration.

...

SSL Configuration: Location of the SAP Cryptographic Library

ssl/ssl_lib = $(DIR_EXECUTABLE)/libsapcrypto.so

https port configuration

icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1
...

Maintaining ICM Parameters for Using SSL for As JAVA的更多相关文章

  1. SSL双向认证Java实现 Tomcat篇

    双向验证,在客户机连接服务器时,客户机验证服务器的证书,服务器验证客户机的证书,链接双方都要对彼此的数字证书进行验证,保证这是经过授权的才能够连接. 1. 生成服务器端的keystore和trusts ...

  2. Connection parameters are correct , SSL not enabled

    这个仅仅是个消息提示,告诉你SSL not enabled.无须理会,直接点击ok

  3. SSL 通信及 java keystore 工具介绍

    http://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html Table Of Contents 1. Introduction 2 ...

  4. SSL介绍与Java实例

    有关SSL的原理和介绍在网上已经有不少,对于Java下使用keytool生成证书,配置SSL通信的教程也非常多.但如果我们不能够亲自动手做一个SSL Sever和SSL Client,可能就永远也不能 ...

  5. SSL双向认证java实现(转)

    本文通过模拟场景,介绍SSL双向认证的java实现 默认的情况下,我认为读者已经对SSL原理有一定的了解,所以文章中对SSL的原理,不做详细的介绍. 如果有这个需要,那么通过GOOGLE,可以搜索到很 ...

  6. ssl证书与java keytool工具

    ssl协议 SSL(Secure Sockets Layer 安全套接字协议),及其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安 ...

  7. iOS https(SSL/TLS)数据捕获

    要捕获iPhone上的appstore的数据还真的没那么容易,以前介绍的那些使用代理手工导入证书的方法已经完全失效了,结果就是安装证书之后再打开appstore也无法正常的建立连接.按照我的分析其实是 ...

  8. netty集成ssl完整参考指南(含完整源码)

    虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑.中午特地测了下netty下集成ss ...

  9. Java java httpclient4.5 进行http,https通过SSL安全验证跳过,封装接口请求 get,post(formdata,json)封装,文件上传下载

    package api; import java.util.*; import java.net.URI; import org.apache.http.Consts; import org.apac ...

随机推荐

  1. PTA——出现次数最多的数

    PTA 7-58 求整数序列中出现次数最多的数 #include<stdio.h> #define N 1000 int main() { ,flag; ]; scanf("%d ...

  2. 2018.8.8 SpringMVC分层

    分层: 表示层:请求分发,调用处理器,页面展示. 业务层:业务处理接口和实现. 持久层:数据访问和持久化. 各层之间解耦,下层对上层透明. 具体代码分析如下图,图转自https://blog.csdn ...

  3. 关于笔记本安装parrot和kali的一些问题(花屏,息屏,屏幕不能休眠)

    新入手了个笔记本,还是想跟原来一样装回熟悉的kali环境中,结果我的天啊,这一路坑,简直了. 写下我遇到的问题吧,算是给大家提供一些解决方法. 1.安装kali和parrot出现无法引导的grub的情 ...

  4. 自己用的Xshell配色方案

    [comfort]text=dce2e2cyan(bold)=2ad1b8text(bold)=dce2e2magenta=dd3682green=55bb55green(bold)=55bb55ba ...

  5. 3.GUI Skin和自定义风格的组件 --《UNITY 3D 游戏开发》笔记

    自定义皮肤还是很受女孩子欢迎的吧,这样操作一下界面是不是就可以变得美美哒了~ 先pick一下测试代码: public class GUISkinScript : MonoBehaviour { //自 ...

  6. Python爬取今日头条段子

    刚入门Python爬虫,试了下爬取今日头条官网中的段子,网址为https://www.toutiao.com/ch/essay_joke/源码比较简陋,如下: import requests impo ...

  7. SQL Server 快速大数据排序方法

    SQL Server 中虽然有 ORDER BY NewID() 方法,但对于数据量比较大的结果集来说,排序那慢的可不是一星半点. 微软官方给了一种方案,https://msdn.microsoft. ...

  8. 虚拟机安装精简版centos7过程

    虚拟机配置工作如下所示 1.创建虚拟机  使用键盘组合键CTRL+N2.选择自定义(高级) 如图所示: 3.默认如何所示: 4.选择 稍后安装操作系统 如图所示: 5.选择对应的操作系统 如何所示 6 ...

  9. Windbg 内核态调试用户态程序然后下断点正确触发方法(亲自实现发现有效)

    先开启真机内核态kernel调试 !process 0 0 svchost.exe 找到进程cid的地址 然后进入 .process /p  fffffa8032be2870 然后 .process ...

  10. Linux简易APR内存池学习笔记(带源码和实例)

    先给个内存池的实现代码,里面带有个应用小例子和画的流程图,方便了解运行原理,代码 GCC 编译可用.可以自己上网下APR源码,参考代码下载链接: http://pan.baidu.com/s/1hq6 ...