Solved: SSL on PI 7.1 EHP 1 , where to activate ?

Former Member · ‎03-03-2010

Hi.. im currently confuse on the new PI SSL concept.. here is my understandig, hope someone can enlight and coreect me if i have miss conception

My understanding.. for this version the SSL port is defined in the ICM parameter on ABAP stack.. and activation os SSL server is done thru STRUST, by creating server PSE.

Once SSL pse is created, the HTTPS service can be started from SMICM tx.

on JAVA .. i have found the standard SSL service , ssl_service view .. and there is documentation mention about ICM_SSL_InstanceID

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/60ff2883-70c5-2c10-f090-a744def2b...

for my question.. if we want to get the SSL signed by CA, i should generate the CSR from STRUST or from service_ssl / ICM_SSL_instanceID.

After trying to generate CSR from ABAP, getting it signed and import it back, my services in JAVA could not read the signed identity..

When i create the CSR from service_ssl , and delete the SSL server standard from STRUST, the HTTPS on SMICM coul dbe started ?

anybody could help ?

iprieto · ‎03-03-2010

Hi Muda,

The SSL service is always active by default. For management the SSL options you can use SMICM transaction. From this transaction you can activate/desactivate SSL service or change the port. For do it, go to "Goto->Services".

The ICM component has always exists in SAP but in newer versions has a more relevant role. The activation of SSL is made in keystore view.

The CSR should be generated in keystore view on Java stack. The STRUST is not used.

Best regards

Ivá