Skip to Content
avatar image
Former Member

Maintaining User SSF Information in SU01 for SAPSECULIB


I was supposed to implement Digital Signatures in a standard transaction for a Pharma client of mine. The system being used is ECC 6.0 with Basis 7.0.

To achieve this, I used the Digital Signature Tool released with Basis 6.2 and called it in an enhancement. The tool is now running fine and the User who runs the transaction gets a pop up prompting for User ID and password. And he is able to sign it. I managed to get a signature strategy set up and all things related to the tool is running fine. However, I was facing a problem with restricting the signing process to particular users. After going through tons of documentation, I finally realized that this had to be done with SU01.

I added an entry in SSFA (Digital Signatures for Pharma Industries to adhere to FDA regulations) and linked it to the system PSE (SAPSYS.pse) and gave the SSF Profile id (it said optional but I gave it anyway) as digsig_test. Now my tool was restricting all users on the system saying invalid SSF Signer.

I do know that for the user that must sign this, the setting must be maintained SU01 (Address tab -> Other Communication -> SSF). Now when I do this, a pop comes up.

If what I have done so far is correct, if I fill the SSF ID and the SSF Profile here, I should be done. Trouble is I dont know what to put in as the SSF ID. All documentation I had found so far simply states that the SSF ID depends on the SSF Security product being used. Here it is obviously SAPSECULIB. So what on earth do I put in here when my product is SAPSECULIB? The SSF Profile should be digsig_test right?

I tried the thing that was in the System PSE certificate. That did not work. Do I have to create my own certificate or something and add it to the PSE? If so please let me know how that must be done.

Thanks and Regards,

Ramkumar V.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Sep 11, 2007 at 07:52 AM

    Hi Ramkumar V,

    in transaction SSFA, pass the subject name of the own certificate of the PSE to the field SSF Profile Id. You might get the subject name from transaction STRUST.

    If you create signatures with user ID and password, you don't need to maintain the SSF settings in transaction SU01. As far as I know you can restrict the signing process to particular users with an authorization object, but I don't know the details.

    Best regards,


    Add comment
    10|10000 characters needed characters exceeded

  • Oct 09, 2009 at 01:33 AM

    Hello Ram

    It seems that you and I are trying to do the same thing. I am also experiencing the same problems you are experiencing by your post. I would very must appreciate it if you explain to me exactly what you did to resolve the problem.

    If you could tell me the SSF ID and SSF profile that you entered for digital signatures that would be a great help.

    Also I heard that transaction SSFA is needed to establish this connection. If you have information on this I would grately appreciate it.

    Step by step instructions would be greatly appreciated.

    Thanks again


    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Thank you for using the search - however bumping an thread older than 3 months or so very seldom attracts the attention of the original posters again, unless they read each thread in the forum still since 2 years...

      When searching you might also have found this thread: Use of 3rd party Digital Signatures in SAP enviornments

      It contains more information for you about the requirements and the special object mentioned by Klaus. You can also use more than one product, such as the default SAPSECULIB for digi-sigs signed by the system, and an external product for digi-sigs signed by the user. They can also sign with their user ID and password, but only an ABAP system password is currently an option here.