Skip to Content

Webinar: SSL configuration on Application Server ABAP

Hello, Community Experts


For those who don’t know me I’m Filipe Santos, and I’m a Product Support engineer in the ABAP Security Core and SAP Single Sign-On areas.

Last year I’ve delivered a webinar about single sign-on for Fiori Launchpad, and I would like to start this year with another webinar regarding a security aspect of NetWeaver AS ABAP.


The topic that I have in mind this time is SSL.


One of the most complex security related configurations in NetWeaver AS ABAP systems, is the SSL configuration. Sometimes is difficult to understand the system requirements, how to correctly configure CommonCryptoLib, which is the correct value for the chipersuite parameters and so on.

The goal of this webinar session is to breakdown every section of SAP Note #510007, that is the official SSL configuration document for Netweaver AS ABAP.

We will go section by section, diving into the details, tips and tricks and best practices of the configuration.


However prior to delivering the webinar I would like to hear from you, Community Experts:

  • What do you think about this initiative?
  • What are you most interested in regarding SSL on AS ABAP systems?
  • Which is the most complex step of the configuration?
  • Are you interested in attending the session?


I am here to help you become an SSL expert when it comes to AS ABAP.


UPDATE: The Expert Webinar is schedule! More information can be found in the following link:



Filipe Santos

You must be Logged on to comment or reply to a post.
  • Hi Filipe

    Thank you very much for the idea of sharing your knowledge. I just came to provide webinars about this topic for customers and internal experts.

    Unencrypted communication is not a good idea thinking about providing your business data over internet, for example through Fiori. Even lots of SAP PO/PI systems still use unencrypted communications.

    This topic will be one of the most important points for the upcoming future in Digitalization and „mobilization“ of business processes.

    To me, I’m already aware of how TLS/SSL works and how ABAP, Java and web dispatcher act as server. But there are two topics, I need additional knowledge:

    - Why and what for is the anonymous configuration? Does it make sense at all?

    - How to force the client (ABAP, web dispatcher and Java) to use certain security level

    - Is there a simple way to import the most important CA certificates (as for example done by Microsoft and Apple in their browsers/operation systems)?

    Looking forward to hear from you.

    Regards, Michael

  • Hi Filipe, I think this is a great initiative.  Even when we can perform a configuration, there is always a subject to explore deeper.

    Expecting you to share dates and details.