Skip to Content

HTTPS activated with warning

Hi Gurus,

In our landscape we have activated https by following the below procedure ,

1.icm/server_port_2 PROT=HTTPS, PORT=8143, TIMEOUT=15

2. icm/HTTPS/verify_client 0

3. ssf paramters:-

a. sec/libsapsecu /usr/sap/SID/SYS/exe/run/libsapcrypto.o
b. ssf/name SAPSECULIB
c. ssf/ssfapi_lib /usr/sap/SID/SYS/exe/run/libsapcrypto.o

4. created entries in strust tcode for the below and all are in green.

5. In smicm entries are also in green tick.

but while opening link with https it is showing as

Could you please guide me the solution for this. It seems no certificate is send from the server.

Do i need to set icm/HTTPS/verify_client to 1.

Really appreciate your inputs.

Thanks

Pradeep.

a1l94.png (1.6 kB)
srpzz.png (1.6 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Jan 24 at 10:48 AM

    For me the configuration is correct. The problem you encounter is caused most probably by a self-signed certificate that is imported as SSL Server Standard.

    To solve the issue you need to either sign the certificate in trusted CA or add the certificate as trusted to your browser. Please check the chapter Proper System Certificate Signing in the following blog:

    https://blogs.sap.com/2015/07/04/enabling-ssl-on-sap-gateway/

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 24 at 12:06 PM

    Hi Bartosz,

    Here we didn't set icm/HTTPS/verify_client to 1 , so do we need to make it to 1.

    Kindly let me know on it.

    Thanks

    Pradeep.

    Add comment
    10|10000 characters needed characters exceeded

    • It is not required to modify this parameter to enable HTTS.

      If you want to reply, please use the option Comment on this answer - otherwise I'm not getting any notifications.

  • Jan 24 at 12:40 PM

    Hi Bartosz,

    So with self-sign it won't work for https , please let me know.

    Normally we can work with 3 types of signing ,

    1. Self sign

    2. SAP signing

    3. Third party signing.

    So even self sign should work right?

    Thanks

    Pradeep.

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Bartosz,

      Could you please tell me the process to do SAP signing for strust certificate.

      In our case customer is saying they are accessing from customer network , so no need to open the https port from firewall port.

      Really thanks for your inputs.

      Thanks

      Pradeep.