Skip to Content

The ABAP part has not changed since 7.0x release. So I did not created separate instructions for that.

I Include these steps from my previous blog and adjusted where it was necessary.

1. First we ensure we have a certificate in the ABAP, what can be used for the communication.

 

a. Go to Tr. STRUST:

b. I created “SOAP” Client certificate /* self-signed */ with help of menu option:

c. Environment >> SSL Client Identities.

SSL-Soap

2. We have to assign this certificate to the ADS HTTP destination in Tr. SM59

 

a. Go to Tr. SM59

b. Choose your ADS destination, than choose tab: ‘Logon & Security’ activate SSL

c. and choose your freshly created certificate:

SM59 logon

3. Change the target System settings to the SSL Server proxy.

 

a. Go to Tr. SM59

b. Choose tab: Technical Settings

c. Change the Service No. to the SSL port of the system used. In case of double stack this is the same as the ABAP SSL Port. As from rel 710 the ICM is handling all HTTP requests.

d. Change the path prefix to:

/AdobeDocumentServicesSec/Config?style=rpc

 

SM59 Technical settings

4. Copy the certificate to file.

 

We can download the certificate from Tr. STRUST.

Open the certificate and press the export certificate button. Save the certificate in base64 format. I choosed the name: ERP_SOAP.cert

5. Assign the SSL server standard certficate to the client certficicate created

 

 

a., Double stack configuration

 

 

Go to. Tr. STRUST and open the folder SSL Server Standard. Here you will find an entry double click on that. Now the PSE is opened. Now double click on the “CN” in the owner field.  The cetificate will be displayed.

Now open the folder containing your client certficiate ( in our case SSL Client SOAP ) and double click on the PSE entry. / Notice that the SSL Server Standard certificate is still displayed on the right-bottom of the dynpro /.

Click Button ‘Add to certificate list’. Press Save!

Now restart the ICM. / Go to Tr. SMICM >> Administration >> Global ICM >> Exit hard. /

 

b., Remote ADS configuration.

 

In case the ADS is located on a remote server you need to download the SSL server standard certificate form the remote server and upload it to the ABAP you try to call the remote ADS from.

  • On the server where the ADS is running:
    Go to. Tr. STRUST and open the folder SSL Server Standard. Here you will find an entry double click on that. Now the PSE is opened. Now double click on the “CN” in the owner field. The cetificate will be displayed.Now click on: Export certificate and export this certificate in Base64 format.
  • On the currently configured ABAP Server:
    open the folder containing your client certficiate ( in our case SSL Client SOAP ) and double click on the PSE entry.
    Click Import certificate and import the file you exported in the previous step.
    Click Button ‘Add to certificate list’. Press Save!

 

Now restart the ICM. / Go to Tr. SMICM >> Administration >> Global ICM >> Exit hard.

 

6. Check the SM59 destination

 

At this stage of the configuration the SM59 destination should be able to connect to the JAVA server.

Go To Tr. SM59 and open the the HTTP destination you are currently configuring. Click ‘Connection Test’. The result should be some HTTP code, the value does not matter. If you still see SSL error on the bottom of the page check the previous steps again, as someting is wrong with your configuration.

 

7. Assign the SSL Client certificate to the ADSUser

 

Open the useradmin application.”http://<host:port>/useradmin”

Search for the user: ADSUser. Select it and click Modify.

Go To the tab: Certificates. Browse and select the certificate you exported in Step 4. and click: Upload Certificate

 

 

8. Assign the SOAP client certficiate to the SSL server Stadnard certificate.

 

This step is necessary as our certificate is self-signed. If the certificate would be a signed certficiate than the signers root and intermediate certificates should be assigned to the SSL Server Standard PSE

Go To Tr. STRUST

Open the folder containing your client certificate. ( SSL client SOAP in our case ) and double click the PSE. Now double click on the “CN” in the Owner field. The certificate will be displayed on the bottom of the Dynpro.

Open the folder SSL server Standard  and double click the PSE. Now click on the “Add to certficiate List” Button. Finaly press Save.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply