Skip to Content
Apr 05, 2016 at 02:08 PM

SNC on a standalone server on DMZ


Dear All,

We are implementing SAP SLC 2.0. One of the requirements is to have the Sell Side system(SRM 7.0 EHP3, based on NW7.4) in the DMZ. We now want to secure SAP GUI connections from Client PCs in the domain to this server, which is standalone, in the DMZ and not joined to the domain. Initially, we tried to achieve this using Secure Login Library but that did not work. SAP recommended us to use SAP Cryptolib. We have therefore, now switched to SAP Cryptolib. We used the SNCWIZARD. We have created a technical user SAPServiceXXX.CORP.XXX.COM, a domain user. As of now, snc/identity/as is set to p:CN=SAPServiceXXX@CORP.XXX.COM. SPN for the Service user is set to SAP/SAPServiceSR1.

Now when we try to connect to the server from a client PC using the SNC Name p:CN=p:CN=SAPServiceXXX@CORP.XXX.COM, we see the message :

Any help, ideas will be highly appreciated.



pastedImage_1.png (42.2 kB)