51007 Link secure
How to Set Up SSL on Application Server ABAP with 51007 Link Secure
SSL (Secure Sockets Layer) is a protocol that provides secure communication between a client and a server over the internet. SSL encrypts the data that is transmitted and verifies the identity of the parties involved. SSL is widely used for web applications, such as online banking, e-commerce, and email.
In this article, we will show you how to set up SSL on Application Server ABAP (AS ABAP) with 51007 Link Secure, a product that offers high-performance encryption and decryption for SAP systems. 51007 Link Secure is based on the SAP Cryptographic Library (SAPCRYPTOLIB), which is a FIPS 140-2 certified crypto kernel that supports various cipher suites and protocols, such as TLS 1.2, AES, and SHA-256.
Prerequisites
Before you start, you need to have the following:
- An AS ABAP system with kernel version 7.21 or higher
- A valid SSL certificate and private key for your AS ABAP system
- A 51007 Link Secure license and installation package
- Access to the SAP Service Marketplace to download the latest SAPCRYPTOLIB patch level
- Administrator privileges on your AS ABAP system
Steps
Here are the steps to set up SSL on AS ABAP with 51007 Link Secure:
- Install 51007 Link Secure on your AS ABAP system according to the installation guide provided by the vendor.
- Download the latest SAPCRYPTOLIB patch level from the SAP Service Marketplace and extract it to a temporary folder.
- Copy the SAPCRYPTOLIB files (sapcrypto.dll, sapgenpse.exe, sapssls.pse, etc.) to the
\usr\sap\
directory of your AS ABAP system, where\SYS\exe\uc\NTAMD64
is your system ID. - Copy your SSL certificate and private key files to the same directory.
- Rename your SSL certificate file to
sapssls.crt
and your private key file tosapssls.key
. - Open a command prompt as administrator and navigate to the
\usr\sap\
directory.\SYS\exe\uc\NTAMD64 - Run the following command to import your SSL certificate and private key into the SAP Personal Security Environment (PSE) file
sapssls.pse
:sapgenpse import_p12 -p sapssls.pse sapssls.key -x
where
is the password for your private key file. - Run the following command to verify that your SSL certificate and private key are imported correctly:
sapgenpse get_my_name -n Issuer -p sapssls.pse -x
You should see the issuer name of your SSL certificate displayed. - Edit the profile parameters of your AS ABAP system using transaction RZ10 or by editing the profile files directly. You need to set the following parameters in the DEFAULT.PFL profile:
ssl/ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
ssl/client_sni_enabled = TRUE
- You also need to set the following parameters in the instance profile of your AS ABAP system:
icm/server_port_0 = PROT=HTTPS,PORT=443$$,TIMEOUT=600,CERTKEY=
icm/HTTPS/verify_client = 0
icm/HTTPS/client_sni_enabled = TRUE
where
is the certificate key name that you can find by running this command:sapgenpse get_my_name -n Subject -p sapssls.pse