Adding Website Public Certificates to ABAP Stack
This is going to be a pretty short tutorial / walkthrough on how to add website certificates to your SAP ABAP stack specifically.
I like to categorize my blog post based on the Five Ws and one H, What, Why, Who, When, Where and How methodology.
Securely communicate with internet websites to get info.
Eg: You want to get exchange rate for the day that is provided by ECB and probably update your material prices or exchange rates if your organization does business in different countries and there are Sales Orders raised everyday.
Some websites don’t accept http urls to be called from, obviously for security reasons, they are automatically converted to https protocol.
When making webcalls for example either thru ABAP code or iDOC etc.
This blog mostly is targeted at SAP technical guys (ABAP-ers, BASIS, etc.)
In SAP ABAP code for instance you have a Z/Y program and are calling a http call method
Now we are at the good part.
So, in my case we are trying to get the fx rates on daily basis for the sales order that are generated that day to reflect the right amount of the purchasers country to show the exact local currency. This is done thru exchange rate for the day which is provided by ECB (European Commission Board) in a XML format updated on daily basis.
Now, if we execute this is what we are getting the below error, this is because I put in an exception at the program on our S/4 system where the http call fails.
Earlier, before I put in the exception we got this. Just zero’s.
Hmm, what seems to be the error here? What logs need to be seen?ST22?system logs?
To think this in a logical way, you have to understand that since this program calling an internet URL. So, which means ICM is being used. So, I go to tx SMICM and see the traces.
Note: You don’t need to increase trace level from default, 1.
Here, I see this
To summarize the above error, basically the http call we made from the SAP ABAP instance to the website is not having the public cert that the website is expecting. Which makes sense, because the website we are calling is only https urls
Web browsers (Edge, IE, Chrome etc.) has inbuilt mechanism to get the public cert of the website when they are called. Where are SAP Server doesn’t have this feature in built.
Right about now for those experienced , the picture would be clear on the solution required to make this work. We have to basically import the public cert of the website in to our SAP Server. This is required so that the next time we call the website it will try with the available certificates.
But, the dilemma is how to obtain that public cert which the web browser so easily got. It’s fairly simple, let the screenshots do the talking:
Click “Copy to File”
It’s that simple.
Now, another dilemma. When you go to tx Strust
Where does this certificate belong to?
Yes, you can try each folder, but, that is not a really good learning thing to do is it?
It’s good to have some background on the different types of SSL certificates and their purposes. This note will be really helpful
So, in our case we have to add it SSL Client (Standard)
Click on “Import Certificate”
Then you see this
Note: Make sure you are on edit and not display mode
Click on “Add to Certificate List”
And click Save
Re-running the program works fine now
So, from this blog post we can see how we can securely connect to external website or in general interfaces from SAP ABAP stack to establish secured connection and digest the data.
Hope this helps some one, if it does leave a “thanks”!