Maintaining ICM Parameters for Using SSL for As JAVA
1770585 - How to configure SSL on the AS Java
You can use this procedure to configure the necessary ICM parameters to enable the use of SSL for accessing SAP NetWeaver AS for Java.
Prerequisites
You have OS level access permission for the file system of the SAP NetWeaver AS for Java host.
The SAP Cryptographic Library is installed and you know where it is located.
You know which sequential number to use for the icm/server_port_ parameter.
You can use either the ICM Monitor or the Web Administration Interface to check the parameter settings.
Context
SSL is supported for the protocols:
Protocol Secured Protocol
HTTP HTTPS
IIOP IIOPSEC
P4 P4SEC
Note
The server uses the same key pair and SSL certificates for all of the protocols.
The protocol and port information are specified in the ICM parameter icm/server_port_, where is a sequential number. When setting the port for HTTPS, make sure that you select a number that is not already being used.
Configuration from instance profile filename
Procedure
Using a text editor, open the instance profile of the ICM for SAP NetWeaver AS for Java.
You can find the instance profile at the following location in the SAP NetWeaver AS for Java host file system: /usr/sap//SYS/profile. The profile has the name .
Set the HTTPS port to use in the ICM parameter icm/server_port_. Also, to explicitly specify the location of the SAP Cryptographic Library (for example, if it is not in the default location, which is the directory specified by the $(DIR_LIBRARY) parameter), set the parameter ssl/ssl_lib.
See the example below.
Tip
SSL Configuration: Location of the SAP Cryptographic Library
ssl/ssl_lib =
port configuration
icm/server_port_ = PROT=, PORT=5$(SAPSYSTEM)01[, VCLIENT=<0,1,2>]
Note
To configure a different port for HTTPS communication, specify the desired port in the PORT parameter.
In addition, to specify the server's behavior regarding the use of certificates for client authentication, set the corresponding value in the VCLIENT parameter:
0: No certification is required and the server does not ask for one.
1: The server asks the client to transfer a certificate. If the client does not send a certificate, authentication is performed using another method, for example, basic authentication (default setting).
2: The client must transfer a valid certificate to the server, otherwise access is denied.
There are also additional optional parameters. For example, to specify port-specific SSL configurations, use the parameter icm/ssl_config_.
For more information, see icm/server_port_.
Restart the ICM so that the parameter settings take effect.
Results
After restarting the ICM instance, the HTTPS port configuration appears in Active Services for the ICM.
Example
The example below shows an extract from an ICM instance profile with SSL and HTTPS port configuration.
...
SSL Configuration: Location of the SAP Cryptographic Library
ssl/ssl_lib = $(DIR_EXECUTABLE)/libsapcrypto.so
https port configuration
icm/server_port_4 = PROT=HTTPS, PORT=5$(SAPSYSTEM)01, VCLIENT=1
...
最新文章
- exportfs 入门/ 错误
- 如何设置WebViewer的参数栏显示状态
- 第2章 面向对象的设计原则(SOLID):3_依赖倒置原则(DIP)
- PostgreSQL Replication之第十一章 使用Skytools(1)
- Microsoft Office Visio Professional 2007密钥
- Twisted 阐述
- 关于MyEclipse6.5 总是弹出 Update Progress(xx-xx-xx时间)的问题
- JS判断当前使用设备是pc端还是web端(转MirageFireFox)
- 201521123001《Java程序设计》第4周学习总结
- Jmeter_接口自动化基础流程概述
- ODAC(V9.5.15) 学习笔记(四)TOraDataSet
- 20165326 java实验一
- 如何在eclipse 里面调试java.lang包的代码
- Reordering the columns in a data frame
- Nanami's Digital Board CodeForces - 434B (棋盘dp)
- 12个有趣的 XSS Vector
- 改革春风吹满地,安卓新系统Q上线腾讯WeTest
- redis几种加锁的实现
- 代码规范审查 -Sonar环境搭建
- 解决Windows下,运行python工程下的模块找不的到问题