Skip to Content

GUI encryption without sso

Hello,

I'm working on encryption between SAP-GUI and Application-Server, uses Keberos.

I don't want to use sso.

Here a list what I have done so far.

Could you read this an advise what's wrong in Setup or what is missing.

Thanks in advance

Reinhard

0) Create SNC-User SAP/snc-ce-user ( checked with: setspn - Q )

1) Create Kerberos PSE

sapgenpse keytab -p $SECUDIR/SAPSNCSKERB.pse -a SNC-CE-USER@xxxx.yyyy

-y Password

2) Create SNC SAPCRYPTOLIB

4) After step 1) and 2) there are two files in /usr/sap/$sid/DEVBMGSxx/sec

5) sapgenpse seclogin -p $SECUDIR/SAPSNCSKERB.pse -x PW -O SAPServiceSRD

6) Installation of SNC Client Encryption 2.0

7) Settings in GUI

8) System Parameter

snc/r3int_rfc_secure 0

snc/r3int_rfc_qop 8

snc/data_protection/min 1

snc/data_protection/use 1

snc/accept_insecure_cpic 1

snc/accept_insecure_gui 1

snc/accept_insecure_rfc 1

snc/enable 1

snc/identity/as p:CN=SAP/SNC-CE-USER@xxxxxxxxx.LOCAL

snc/permit_insecure_start 1

snc/data_protection/max 3

snc/gssapi_lib $(SAPCRYPTOLIB)

RE-START SAP OK

BUT GOT an GUI ERROR

Activated Securtiy Trace. Seems to be ok.

d

picture-0.jpg (54.7 kB)
picture-2.jpg (12.2 kB)
picture-4.jpg (49.6 kB)
picture.jpg (12.9 kB)
picture-5.jpg (39.6 kB)
picture-6.jpg (24.5 kB)
picture-7.jpg (49.1 kB)
picture-1.jpg (39.0 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Apr 11 at 09:05 PM

    Hello Reinhard,

    Can you check your config with below blog configurations?

    Is your SAP GUI Connection encrypted? Can someone eavesdrop your passwords?

    Regards,

    Yuksel AKCINAR

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 12 at 01:23 PM

    Hello Reinhard,

    Based on the "picture 7", the SAP SNC server certificate is a "self-signed certificate".

    Have you imported the certificate from the SAP server ("CN=SAP/SNC-CE-USER@xxxxxxxxx.LOCAL") to your local workstation?

    Regards,

    Isaías

    Add comment
    10|10000 characters needed characters exceeded