Skip to Content

SNC – Secure Network Communication   Configuration between Enterprise Portal to BW system


Parameters to be checked before the configuration

  • login/accept_sso2_ticket    = 1
  • login/create_sso2_ticket    = 2 (recommended) or 1
  • snc/enable  = 1
  • icm/host name full. (SMICM – to check fully qualified hostname )


check  for the parameter values

  • snc/force_login_screen
  • snc/identity/as
  • snc/gssapi_lib
  • snc/permit_insecure_start
  • snc/r3int_rfc_qop
  • snc/r3int_rfc_secure
  • snc/accept_insecure_r3int_r
  • snc/accept_insecure_rfc
  • snc/accept_insecure_cpic
  • snc/accept_insecure_gui


Login to portal as a “administrator “ user  goto  http://<hostname:port/nwa

->click “configuration “ tab ->click “certificate and keys”

Note : parameter snc/enable=1 (to activate the SNC)

Login to portal as administrator  ->click  configuration  tab ->click  certificate and keys


Click the Ticket Key store entry listed under tab Key storage then select “SAPLogonTicketKeypair-cert “


Then click Export Entry Select Binary .x.509 format and Save it locally


Login to ABAP system default client: XXX  Goto transaction STRUSTSSO2


Click  System PSE and then click   import certificate


Select the format Binary then click “Add to Certificate to List” then click “Add to ACL”

Fill portal SID and client 000 below



Goto STRUSTSSO2 click System PSE -> click <FQDN > right side check the portal certificate info.


Create SNC SAP Cryptolib PSE file  right click the SNC SAP Cryptolib


Remove the default values of Org(opt) & comp/org and maintain the below values and SAVE



Now select SNC SAP Crypto pse and Double click the CN=<SID>, O=GM, C=US 


Press Export button   and export to your machine. 

Use the name <SIDof BW system>.cert


Select “Base64” as <SID>.cert


Login to the Portal Server on the OS level (sidadm)

Goto file path:  /usr/sap/<SID>/JCXX/sec directory

Check the shared library and environmental variable are set 



Set the environment variable for the path usr/sap/<SID>/JC<nn>/sec

<SID>adm> export SECUDIR=/usr/sap/<SID>/J<nn>/sec


Create the SAP_<any name for example J2EE>.pse file using the command

sapgenpse get_pse -p SAP_J2EE.pse -x j2eepin “CN=<SID>, O=<organization 2 letters>, C=<country code 2 letters>”



Then execute,

Sapgenpse  seclogin –p <please give any pse file name>.pse –x j2eepin –O <SID>adm



Generate the Portal SNC certificate with the command:

Sapgenpse export_own_certificate –p <pse name> -o <portal certificate>

  1. Ex. Sapgenpse export_own_cert –p <pse name>  –o <portal certificate>



Then  upload the SAP ECC certificate into Portal PSE with the command

  1. Ex. sapgenpse maintain_pk –p < please give any pse file name>.pse -a <SID BW system name>.cert



Transfer (Ftp) the file <SID>.cert from Portal Server to your machine

Login to BW system -> goto STRUSTSSO2 -> click SNC SAPCrypto -> double click

Then click  to import the file 



Then click  and finally save it

Before starting the following profile parameters need to be set in respective ABAP systems :



then Goto ->  SM30 and type the VSNCSYSACL and press Display


Select “ E” for external system




Goto SM30 and Enter USRACLEXT in Table/View field and press Display


Press “New Entries” and Add the SNC Name for Portal and “save” it



Creation of system’s in Portal System Administration->System landscape ->


Portal content -> SystemLandscapeRight click->System Landscape->  New -> 


Select option  then click  Next


How to get system information for web application server as and ITS

Goto se37 then press f8

Then provide the info :



Clear the clear the I_message server entry -> execute (F8)

For getting the ICM info :

Goto se37



Then clear   I_message server   entry -> execute (F8)

save” the details and provide the system alias name 

Choose “next” and then “finish”

System is created now


System Landscape->click under this node you may find your newly created system ->right click the new system created ->click properties

Enter the SNC parameters in the system data container

Then conduct a system connection test , and this successfull test completes the SNC configuration between Enterprise Portal and BW system

Note : Login with the user same as in backend Don’t provide any user  and click the button “test”

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Andy Silvey

    Hi Rajeshkumar,

    this is an excellent blog showing all of the steps and will for sure be a lot  of help to people having to do this.

    If I can suggest, in the pre-requisites, includes the step of

         download SAPCryptoLib

         install SAPCryptoLib

         enable juristiction policy

    infact it would be nice if those steps were included with screenshots and then you would have the end to end implementation documented.

    Furthermore, it would be useful to point out that there is a sequence for setting the Profile paramters on the R/3 system, because if they are all set at once and the system restarted logon will not be possible,

    Another useful point is transaction SNC0 which shows the ACL tables and their contents, this is useful for trouble shooting.

    All the best,


  2. Shivam Mittal

    Good Work Rajesh, Nice documents and Detailed Step by Step information.

    As suggested by Andy, Can you add parameters sequence to set them in correct order.




Leave a Reply