cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTPS activated with warning

Go to solution
Former Member

on ‎01-24-2018 10:07 AM

0 Kudos

Hi Gurus,

In our landscape we have activated https by following the below procedure ,

1.icm/server_port_2 PROT=HTTPS, PORT=8143, TIMEOUT=15

2. icm/HTTPS/verify_client 0

3. ssf paramters:-

a. sec/libsapsecu /usr/sap/SID/SYS/exe/run/libsapcrypto.o
b. ssf/name SAPSECULIB
c. ssf/ssfapi_lib /usr/sap/SID/SYS/exe/run/libsapcrypto.o

4. created entries in strust tcode for the below and all are in green.

5. In smicm entries are also in green tick.

but while opening link with https it is showing as

Could you please guide me the solution for this. It seems no certificate is send from the server.

Do i need to set icm/HTTPS/verify_client to 1.

Really appreciate your inputs.

Thanks

Pradeep.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

BJarkowski
Active Contributor
‎01-24-2018 10:48 AM

For me the configuration is correct. The problem you encounter is caused most probably by a self-signed certificate that is imported as SSL Server Standard.

To solve the issue you need to either sign the certificate in trusted CA or add the certificate as trusted to your browser. Please check the chapter Proper System Certificate Signing in the following blog:

https://blogs.sap.com/2015/07/04/enabling-ssl-on-sap-gateway/

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎01-24-2018 12:40 PM
0 Kudos

Hi Bartosz,

So with self-sign it won't work for https , please let me know.

Normally we can work with 3 types of signing ,

1. Self sign

2. SAP signing

3. Third party signing.

So even self sign should work right?

Thanks

Pradeep.

Show replies
Show replies
BJarkowski
Active Contributor
‎01-24-2018 1:07 PM
0 Kudos

Even if you have a self-signed certificate the https is working. Your connection is encrypted.

But if you don't want to see the warning in the browser, you need to either sign the certificate (option 2 and 3) or trust the self signed certificate (option 1).

Former Member
‎01-24-2018 3:55 PM
0 Kudos

Hi Bartosz,

Please let me know how to trust self signed certifcate.

Thanks

Pradeep.

BJarkowski
Active Contributor
‎01-24-2018 4:22 PM
0 Kudos

You can quite easily find this information in the internet:

https://conetrix.com/blog/how-to-trust-a-self-signed-certificate-in-ie-9

Former Member
‎01-31-2018 6:56 PM
0 Kudos

Hi Bartoz,

In IE 11 , this page cannot be displayed error is comming while trying to open.

Could you please suggest some solution here.

Thanks

Pradeep.

Former Member
‎02-12-2018 3:18 PM
0 Kudos

Hi Bartoz,

One small query do we need to open http and https port for this activity.

Thanks

Pradeep.

BJarkowski
Active Contributor
‎02-12-2018 4:05 PM
0 Kudos

Yes, if ports are closed on firewall you won't be able to access it.

Former Member
‎02-13-2018 5:40 AM
0 Kudos

Hi Bartosz,

Could you please tell me the process to do SAP signing for strust certificate.

In our case customer is saying they are accessing from customer network , so no need to open the https port from firewall port.

Really thanks for your inputs.

Thanks

Pradeep.

Former Member
‎01-24-2018 12:06 PM
0 Kudos

Hi Bartosz,

Here we didn't set icm/HTTPS/verify_client to 1 , so do we need to make it to 1.

Kindly let me know on it.

Thanks

Pradeep.

Show replies
Show replies
BJarkowski
Active Contributor
‎01-24-2018 2:16 PM
0 Kudos

It is not required to modify this parameter to enable HTTS.

If you want to reply, please use the option Comment on this answer - otherwise I'm not getting any notifications.

Ask a Question