Skip to Content
avatar image
Former Member

principal propagation configuration in ABAP system

Dear Experts,

Recently we are doing a project on HCP which need to configure principal propagation from cloud system to on-premise system.

According to the help document of HCP, the following steps need to be done in the on-premise system to trust cloud connector's system certificate:

The ABAP system trusts the cloud connector's system certificate:

  1. Open the Trust Manager (transaction code: STRUST).
  2. Double-click on the SSL-Server Standard folder in the menu tree on the left.
  3. In the displayed screen, click on the Import certificate button.
  4. In the dialog window, choose the certificate file representing the public key of the issuer of the system certificate, for example, in DER format. Typically, this is a CA certificate. In case you decide to use a self-signed system certificate, it is the system certificate itself.
  5. Afterwards, the details of this certificate are shown in the section above. Mapped to the exemplary certificate, you would see CN=MyCompany CA, O=Trust Community, C=DE as subject.
  6. If you are sure you are importing the correct certificate, you can integrate the certificate into the certificate list by choosing the Add to Certificate List button.
  7. In the end, the CA certificate (CN=MyCompany CA, O=Trust Community, C=DE) is part of the certificate list.

The ICM trusts the system certificate for principal propagation:

  1. Open the Profile Editor (transaction code: RZ10).
  2. Select the profile you like to edit, for example, the DEFAULT profile.
  3. Select the radio button for Extended maintenance and choose the Change button.
  4. Create the following two parameters:
    • icm/HTTPS/trust_client_with_issuer: this is the issuer of the system certificate (exemplary data: CN=MyCompany CA, O=Trust Community, C=DE)
    • icm/HTTPS/trust_client_with_subject: this is the subject of the system certificate (exemplary data: CN=SCC, OU=HCP Scenarios, O=Trust Community, C=DE)

But I found we don't have the edit authorization for T-code STRUST and ICM in all of our development systems. Does anyone know which system can have the authorization to import certificate in STRUST and change parameter in ICM? Thanks a lot.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

0 Answers