Skip to Content
0

HTTPS activated with warning

Jan 24 at 10:07 AM

83

avatar image

Hi Gurus,

In our landscape we have activated https by following the below procedure ,

1.icm/server_port_2 PROT=HTTPS, PORT=8143, TIMEOUT=15

2. icm/HTTPS/verify_client 0

3. ssf paramters:-

a. sec/libsapsecu /usr/sap/SID/SYS/exe/run/libsapcrypto.o
b. ssf/name SAPSECULIB
c. ssf/ssfapi_lib /usr/sap/SID/SYS/exe/run/libsapcrypto.o

4. created entries in strust tcode for the below and all are in green.

5. In smicm entries are also in green tick.

but while opening link with https it is showing as

Could you please guide me the solution for this. It seems no certificate is send from the server.

Do i need to set icm/HTTPS/verify_client to 1.

Really appreciate your inputs.

Thanks

Pradeep.

a1l94.png (1.6 kB)
srpzz.png (1.6 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Bartosz Jarkowski Jan 24 at 10:48 AM
1

For me the configuration is correct. The problem you encounter is caused most probably by a self-signed certificate that is imported as SSL Server Standard.

To solve the issue you need to either sign the certificate in trusted CA or add the certificate as trusted to your browser. Please check the chapter Proper System Certificate Signing in the following blog:

https://blogs.sap.com/2015/07/04/enabling-ssl-on-sap-gateway/

Share
10 |10000 characters needed characters left characters exceeded
Pradeep Gopinathan Jan 24 at 12:06 PM
0

Hi Bartosz,

Here we didn't set icm/HTTPS/verify_client to 1 , so do we need to make it to 1.

Kindly let me know on it.

Thanks

Pradeep.

Show 1 Share
10 |10000 characters needed characters left characters exceeded

It is not required to modify this parameter to enable HTTS.

If you want to reply, please use the option Comment on this answer - otherwise I'm not getting any notifications.

0
Pradeep Gopinathan Jan 24 at 12:40 PM
0

Hi Bartosz,

So with self-sign it won't work for https , please let me know.

Normally we can work with 3 types of signing ,

1. Self sign

2. SAP signing

3. Third party signing.

So even self sign should work right?

Thanks

Pradeep.

Show 7 Share
10 |10000 characters needed characters left characters exceeded

Even if you have a self-signed certificate the https is working. Your connection is encrypted.

But if you don't want to see the warning in the browser, you need to either sign the certificate (option 2 and 3) or trust the self signed certificate (option 1).

0

Hi Bartosz,

Please let me know how to trust self signed certifcate.

Thanks

Pradeep.

0

You can quite easily find this information in the internet:

https://conetrix.com/blog/how-to-trust-a-self-signed-certificate-in-ie-9

0

Hi Bartoz,

In IE 11 , this page cannot be displayed error is comming while trying to open.

Could you please suggest some solution here.

Thanks

Pradeep.

0

Hi Bartoz,

One small query do we need to open http and https port for this activity.

Thanks

Pradeep.

0

Yes, if ports are closed on firewall you won't be able to access it.

0

Hi Bartosz,

Could you please tell me the process to do SAP signing for strust certificate.

In our case customer is saying they are accessing from customer network , so no need to open the https port from firewall port.

Really thanks for your inputs.

Thanks

Pradeep.

0