Adobe Document Services SSL connection
As part of some business requirements like Form 16 generation, sometimes you need to setup ADS to connect through SSL to ABAP stack.
That setup is described on SAP Help guides, but I’ll give a short description about what should be done.
Official SAP guides/notes:
My brief description for adapting your existing working ADS configuration to run also using SSL:
1. Configure SSL port at Java ADS server;
1.2. Test it using a browser, when calling https://<JAVA_host>:<HTTPS_port>/ it should work;
1.3. Export Java SSL port certificate as ‘base64’, save it locally on your machine.
2. Create ADS_HTTPS rfc on ABAP server (check above guides for configuration details);
Path Prefix: /AdobeDocumentServicesSec/Config?style=rpc
Logon Procedure: No Logon
SSL Client Certificate: <choose a SSL client identity from strust transaction>
2.1. Import Java certificate from 1.3 section in the same SSL client identity you are using on ADS_HTTPS rfc;
2.2. Export Owner certificate of that SSL client identity as ‘base64’ and save locally;
2.3. Restart ICM : SMICM -> Administration -> ICM -> Exit Soft -> Global
3. Import Owner certificate from 2.2 section into Java ADS and assign it to ADSUSER.
** For Java 73X versions, “SecureConfigPort_Document” entry should be added on “Destination Template Management“
1. Missing HTTPS port on ICM at ABAP side, so connection will not initiate;
2. Missing configuration on Java SSL port, “Request client certificate” should be checked;
3. Not matching certificates, so SSL error is raised when testing ADS_HTTPS rfc.
** You should set ICM level 3 trace, reproduce the issue and check on trace why certificates are not matching.
This is related to section 2.1.
4. Using self-signed certificates, it should be also added on Trusted CAs at Java side.
5. UME parameter should be set to TRUE on Java side: ume.logon.allow_cert
6. ClientCertLoginModule authentication module isnt set to AdobeDocumentServicesSec
For further investigation, if after all configurations were done but ADSUSER authentication using certificates are still not working:
– SAP note 846610 – How to activate ADS trace
– SAP note 1045019 – Web diagtool for collecting traces
– SAP note 1128476 – How to activate ADS trace in NW7.10 and higher
– SAP note 1332726 – Troubleshooting Wizard