• Maintaining ICM Parameters for Using SSL for As JAVA


    1770585 - How to configure SSL on the AS Java

    You can use this procedure to configure the necessary ICM parameters to enable the use of SSL for accessing SAP NetWeaver AS for Java.

    Prerequisites
    You have OS level access permission for the file system of the SAP NetWeaver AS for Java host.
    The SAP Cryptographic Library is installed and you know where it is located.
    You know which sequential number to use for the icm/server_port_ parameter.
    You can use either the ICM Monitor or the Web Administration Interface to check the parameter settings.

    Context
    SSL is supported for the protocols:

    Protocol Secured Protocol
    HTTP HTTPS
    IIOP IIOPSEC
    P4 P4SEC

    Note
    The server uses the same key pair and SSL certificates for all of the protocols.

    The protocol and port information are specified in the ICM parameter icm/server_port_, where is a sequential number. When setting the port for HTTPS, make sure that you select a number that is not already being used.

    Configuration from instance profile filename

    Procedure
    Using a text editor, open the instance profile of the ICM for SAP NetWeaver AS for Java.
    You can find the instance profile at the following location in the SAP NetWeaver AS for Java host file system: /usr/sap//SYS/profile. The profile has the name .

    Set the HTTPS port to use in the ICM parameter icm/server_port_. Also, to explicitly specify the location of the SAP Cryptographic Library (for example, if it is not in the default location, which is the directory specified by the $(DIR_LIBRARY) parameter), set the parameter ssl/ssl_lib.
    See the example below.

    Tip

    SSL Configuration: Location of the SAP Cryptographic Library

    ssl/ssl_lib =

    port configuration

    icm/server_port_ = PROT=, PORT=5$(SAPSYSTEM)01[, VCLIENT=<0,1,2>]
    Note
    To configure a different port for HTTPS communication, specify the desired port in the PORT parameter.

    In addition, to specify the server's behavior regarding the use of certificates for client authentication, set the corresponding value in the VCLIENT parameter:

    0: No certification is required and the server does not ask for one.
    1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is performed using another method, for example, basic authentication (default setting).
    2: The client must transfer a valid certificate to the server, otherwise access is denied.
    There are also additional optional parameters. For example, to specify port-specific SSL configurations, use the parameter icm/ssl_config_.

    For more information, see icm/server_port_.

    Restart the ICM so that the parameter settings take effect.
    Results
    After restarting the ICM instance, the HTTPS port configuration appears in Active Services for the ICM.

    Example
    The example below shows an extract from an ICM instance profile with SSL and HTTPS port configuration.

    ...

    SSL Configuration: Location of the SAP Cryptographic Library

    ssl/ssl_lib = $(DIR_EXECUTABLE)/libsapcrypto.so

    https port configuration

    icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1
    ...

  • 相关阅读:
    【万丈高楼平地起 第一季 链表是怎样链成的】
    【笔记——ASP.NET基础知识(一)】
    【万丈高楼平地起 第二季 队列和栈】
    【没有银弹No Silver Bullet】
    【简单示例:数据库表转XML】
    【软件工程小知识】
    【总结——SQL Server中的数据类型】
    【总结—.Net Framework集合类】
    【笔记——ASP.NET基础知识(二)】
    【总结——ASP.NET对象】
  • 原文地址:https://www.cnblogs.com/weikui/p/10333483.html
Copyright © 2020-2023  润新知