Hi All,

Its mandatory to have SSFS (secure store file system) if we are going to upgrade/installation of Netweaver 7.4.

I am providing you the steps to do in Linux os and database oracle 11g.

1.  create following directories

mkdir /sapmnt/SID/global/security

mkdir /sapmnt/SID/global/security/rsecssfs

mkdir /sapmnt/SID/global/security/rsecssfs/data

mkdir /sapmnt/SID/global/security/rsecssfs/key


2.  Securing the directories created. Change the permissions as mentioned below

   

      chmod 700 /sapmnt/SID/global/security

chmod 700 /sapmnt/SID/global/security/rsecssfs

chmod 700 /sapmnt/SID/global/security/rsecssfs/data

chmod 700 /sapmnt/SID/global/security/rsecssfs/key

3. Maintaining the SSFS profile parameters


Set the following profile parameter in DEFAULT.PFL

      rsec/ssfs_datapath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)data
      rsec/ssfs_keypath  = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)key


4. Add following lines in environment variable .dbenv_server.csh & .dbenv.csh as SIDADM and after setting logout and login again.

    

     

       setenv RSEC_SSFS_DATAPATH /usr/sap/SID/SYS/global/security/rsecssfs/data

       setenv RSEC_SSFS_KEYPATH /usr/sap/SID/SYS/global/security/rsecssfs/key


5.Creating entries in SSFS storage


       rsecssfx put DB_CONNECT/DEFAULT_DB_USER <schema> -plain
       rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD *******

       Please ignore ‘!’ as character, it doesnot accept it.


6.rsecssfx list


        Will list the key and data in below path respectively

       

       /usr/sap/SID/SYS/global/security/rsecssfs/data/SSFS_SID.DAT

       /usr/sap/SID/SYS/global/security/rsecssfs/key/SSFS_SID.KEY


7. Goto /sapmnt/SID/global/security/rsecssfs/data and check for the SSF_SID.DAT file. It should have permission 600


8. Changing to the new connection method

set the below profile parameter in DEFAULT.PFL

rsdb/ssfs_connect = 1

set the environment variable also in .dbenv_server.csh & .dbenv.csh for sidadm,

setenv rsdb_ssfs_connect 1


9. Restart the SAP system with database

   goto work directory

   view dev_w0 trace and look out for ssfs entries




Regards,

Karthik.R







To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply