How to Set Up SSL on Application Server ABAP with 51007 Link Secure
SSL (Secure Sockets Layer) is a protocol that provides secure communication between a client and a server over the internet. SSL encrypts the data that is transmitted and verifies the identity of the parties involved. SSL is widely used for web applications, such as online banking, e-commerce, and email.
In this article, we will show you how to set up SSL on Application Server ABAP (AS ABAP) with 51007 Link Secure, a product that offers high-performance encryption and decryption for SAP systems. 51007 Link Secure is based on the SAP Cryptographic Library (SAPCRYPTOLIB), which is a FIPS 140-2 certified crypto kernel that supports various cipher suites and protocols, such as TLS 1.2, AES, and SHA-256.
Before you start, you need to have the following:
An AS ABAP system with kernel version 7.21 or higher
A valid SSL certificate and private key for your AS ABAP system
A 51007 Link Secure license and installation package
Access to the SAP Service Marketplace to download the latest SAPCRYPTOLIB patch level
Administrator privileges on your AS ABAP system
Here are the steps to set up SSL on AS ABAP with 51007 Link Secure:
Install 51007 Link Secure on your AS ABAP system according to the installation guide provided by the vendor.
Download the latest SAPCRYPTOLIB patch level from the SAP Service Marketplace and extract it to a temporary folder.
Copy the SAPCRYPTOLIB files (sapcrypto.dll, sapgenpse.exe, sapssls.pse, etc.) to the \usr\sap\\SYS\exe\uc\NTAMD64 directory of your AS ABAP system, where is your system ID.
Copy your SSL certificate and private key files to the same directory.
Rename your SSL certificate file to sapssls.crt and your private key file to sapssls.key.
Open a command prompt as administrator and navigate to the \usr\sap\\SYS\exe\uc\NTAMD64 directory.
Run the following command to import your SSL certificate and private key into the SAP Personal Security Environment (PSE) file sapssls.pse: sapgenpse import_p12 -p sapssls.pse sapssls.key -x where is the password for your private key file.
Run the following command to verify that your SSL certificate and private key are imported correctly: sapgenpse get_my_name -n Issuer -p sapssls.pse -x You should see the issuer name of your SSL certificate displayed.
Edit the profile parameters of your AS ABAP system using transaction RZ10 or by editing the profile files directly. You need to set the following parameters in the DEFAULT.PFL profile: ssl/ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH ssl/client_sni_enabled = TRUE
You also need to set the following parameters in the instance profile of your AS ABAP system: icm/server_port_0 = PROT=HTTPS,PORT=443$$,TIMEOUT=600,CERTKEY= icm/HTTPS/verify_client = 0 icm/HTTPS/client_sni_enabled = TRUE where is the certificate key name that you can find by running this command: sapgenpse get_my_name -n Subject -p sapssls.pse