cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Setting up SSL in IDM 8

Go to solution
former_member2987
Active Contributor

on ‎04-16-2015 10:02 PM

0 Kudos

Hi Folks,

I'm trying to follow the documentation for setting up V8, but I'm hitting a slight snag when dealing with the SSL configuration.

Looking at the documentation,SAP Identity Management Installation Guide - SAP Library and  Adding New SSL Access Points - Network and Transport Layer Security - SAP Library. I'm told to open a port, but I don't know which one to open.  Is this an arbitrary number or am I supposed to choose a specific value.

Thanks,

Matt

Show replies
Show replies
Answer
View Entire Topic
mohinder_singh2
Participant
‎04-17-2015 4:36 PM
0 Kudos

Hi Matt,

SSL configuration is very easy in IDM 8.

please follow these steps

1. enable ssl  and create self sign certificate on nwa > configuration >Security > ssl on port 50001 or any other port you wish to use

2. then click on export entry  your certificate and copy into c:\program files\java\java version\lib/security\ ( please check windows java environment for correct java path )


3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\

4. then use this command to add all certificate into java cacerts

keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts

then open Developer studio and configure port 50001

Regards,

Mohinder

Show replies
Show replies
former_member2987
Active Contributor
‎04-17-2015 6:14 PM
0 Kudos

Thanks Mohinder,

Do you have  instructions on handling point #1 in your message?

Thanks,

Matt

avatartest
Explorer
‎04-20-2015 7:57 AM
0 Kudos

Hi Matt,

You could try this for point#1:

Configuring the Use of SSL on the AS Java - Network and Transport Layer Security - SAP Library

Kind Regards,

Rali


SAP Identity Management Development

mohinder_singh2
Participant
‎04-20-2015 11:29 AM
0 Kudos
  1. 1. Assign administration rights for performing these steps in SAP NetWeaver Administration.

    2. Download SAP Cryptography Library from     http://service.sap.com/swdc-> Installations and Upgrades -> Browse our Download
    Catalog -> SAP Cryptography Software -> SAPCryptolib for Installation
    ->  SAPCRYPTOLIB X_X_X -> <OS> -> Latest SAPCRYPTOLIB_<XX>.SAR

    3. Extract the contents of SAPCRYPTOLIB_<XX>.SAR using SAPCAR tool. e.g.
    (cmd> SAPCAR –xvf SAPCRYPTOLIB_<XX>.SAR)

    4. Copy & Paste the library, the configuration tool, and the license ticket
    to the corresponding directories

    SAP Cryptographic Library & Configuration Tool:
    /usr/sap/<SID>/SYS/exe.

    Ticket: /usr/sap/<SID>/<instance>/sec.

    5. Now, log on to SA Net Weaver Administration i.e.     http://<j2ee_host_name>:50000/nwathen go to Configuration -> Security -> SSL and click to
    open the configuration tool.

        6. Select the instance and push the Edit button and then browse the SSL Library and Ticket file.

         7. In SSL Access Points section, choose the Add pushbutton.

          8. Enter the number of the port (e.g. 50001)


          9. Select the Protocol (e.g.HTTPS)

          10.Select the keystore view (e.g. Instance Default)

          11. Select the Client Authentication Mode (e.g. Request)

          12. Finally push SAVE button to save the all configuration objects and restart the ICM to take effect the changes.

          13. Open Web Browser and enter the below URL https://<j2ee_host_name>:<ICM_https_port>

former_member190695
Participant
‎04-21-2015 3:16 PM
0 Kudos

Hi Matt,

SAPCrypto library should be part of your default AS Java installation, so it's only necessary to download it If you have a very old version. Check your version using sapgenpse tool.

It should be Version 8.x.x.

Go to NWA --> Configuration --> SSL and choose a port that you want to use e.g. 443, 50001, etc,

choose the required Client Authentication Mode (e.g. Request) and enable SSL by browsing to the ticket file.

If you have a Certificate Authority use this to issue the certificate instead of a self-signed certificate.

The private key of the server certificate should be imported in the Server Identity section and the issuer certificate should then be imported in the Trusted CAs section.

Restart the AS Java Instance (ICM) and test the SSL connection.

Regards,

Ridouan

former_member2987
Active Contributor
‎04-21-2015 9:37 PM
0 Kudos

Hi Mohinder,

So your instructions make sense, thank you! However now my SAP Java Instance SSL Status is Red.  How do I troubleshoot this?

Thanks,

Matt

Former Member
‎04-22-2015 2:37 AM
0 Kudos

Hi Ridouan & Matt, do you need SSL for eclipse to access identity center ? Per documentation, we should be allowed to access the same over 50000 as well right ?

  did you make any progress with your SSL and are you able to get to the IC ? FYI, my SSL is green however when I authenticate over 50001 I get the message: "Login failed: Unrecognized SS message" and below is the log:

Any help appreciated ! Thanks

Prashanth

5155081696

mohinder_singh2
Participant
‎04-22-2015 8:51 AM
0 Kudos

Hi Matt,

Please use FDQN in Canonical Host Name. eg. servername.domain.com

Regards,

Mohinder Singh

mohinder_singh2
Participant
‎04-22-2015 8:51 AM
0 Kudos

Please follow these steps now

3. export SAPLogonKeypair.cert from TicketKeystore (/nwa) and copy into c:\program files\java\java version\lib\security\

4. then use this command to add all certificate into java cacerts

keytool -import -alias my_ssl_cert -file certificate_name .crt -keystore cacerts

After that error will gone

Former Member
‎07-16-2015 7:13 AM
0 Kudos

This message was moderated.

Ask a Question