Digital SNOTE configuration process for managed system for Notes download for NW 7.5 — Simplified Steps
This document is step-wise for Digital Snote implementation process for managed system with NW 7.5 keeping in mind that many customers have already upgraded their system to NW 7.5 or higher as there is a End-Of-Maintenance for SAP_BASIS 740.
Add the below 4 certificates in SSLC.pse, this can be done via STRUST, as this would be used in the RFCs later onwards,
Note: If you are adding in SSLC.pse list, then you need use SSLC in your RFC. If you are adding them in SSLA.pse list, then you will need to use SSLA in your RFCs which will be shown below in later steps,
- VeriSign Class 3 Public Primary Certification Authority – G5
- DigiCert Global Root CA
- DigiCert Global Root G2
- Baltimore CyberTrust Root
Note:⇒ In case, any certificate is already existing for example, Digicert certificate because of Cloud Connector, in that case please do not again import the certificate
Upload the below files via T-code SPAM,
Check your SAPOSS rfc is working or not as starting phase, if not active, you can download the below Notes from ServiceMarketplace & Upload until this year end
Apply the Notes, Capture in TR, can be in the same TR.
In case the proper SAR files are not added, then while applying the Notes, it would also pop-up a dialogue to provide the required SAR files(TCI packages).
Take backup of OSS1 & cross-verify the details after the configuration completion (Optional Step),
T-code : → STC01 → SAP_BASIS_CONFIG_OSS_COMM → Execute Button
Now wherever we have Change parameters, I mean, pencil icon, we have to open select proper options & Save
Used Router String:⇒
/H/<Organisation Router IP>/S/sapdp99/H/188.8.131.52/S/sapdp99/H/
Please Note Router Strings can be different on how your organization Router access is configured & how you want access.
This value in above creates the exact required router string for those other RFCs
& Press Save Button on above.
Note:⇒ If the RFCs are not available in SM59 or you have already set them manually before correctly, then you can skip the “Overwrite existing destination” options
Last, ICM Restart options, also if you want you can uncheck this step also, no issue there:
For the 1st 2 steps I have already cross verified that the ssl/client_ciphersuites value that we have the minimum required value. Hence obviously the SAPCRYPTOLIB version is already higher than the minimum requirement as in below,
Minimum value(SAP Note 510007):-
For Non-Solman systems minimum required,
ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH
For Solman systems minimum required,
ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGH
Execute those steps by pressing the Execute button on top.
In SPRO → SAP Reference IMG → SAP Netweaver → Application Server → Basis Services → SNOTE. Here we need to update some details to download only digitally signed Notes
Save the settings, go back & open option “Define File Type for Downloading SAP Note” & finally set the below option to download Digitally Signed Notes only.
Note:⇒ In case we want revert back to older process for downloading unsigned SAP Notes, then we need change here also along with the above option to “Remote Function Call(RFC)”
Note:⇒ The above screens can also be called via program RCWB_SNOTE_DWNLD_PROC_CONFIG & RCWB_UNSIGNED_NOTE_CONFIG
Step 9:⇒ How to Verify the Digital SNOTE process completion
To confirm the SNOTE Digital process, I have downloaded the below Note 2 times, 1 is before I set the digital process & another is after set the digital SNOTE process, which is why we see 2 logs timestamp(11:35:28 & 12:15:49).
Also the similar scenario can be verified via SLG1. Details are also prescribed in below,
New optional simplified step & another optional Step :⇒
You can apply SAP Note 2836302, after which you can go SE38 → RCWB_TCI_DIGITSIGN_AUTOMATION, reference SAP Note 2860540 . In that case, You need not go for STC01, as this is bit more detailed guided procedure
Also, after completing this process, you can delete the Unsigned SAP Notes also which were not implemented, for that you can run the Program → SCWN_DS_CLEAR_NOTE_FILE. Execute the report.This removes all the SAR, ZIP, and SMF files related to the SAP Note from the application server.
Note:⇒ Please be careful as If you execute the report without entering any SAP Note number as an input, the report will clear all the SAR, ZIP, and SMF files related to all SAP Notes from the App. server directory ($(DIR_TRANS)/tmp). Hence this sort of deletion authorisation can be allocated to the Admin Users only who will in that case has to have authorisation in ($(DIR_TRANS)/tmp)
Reference Doc & Some Related Information:⇒
SAP Note 2836996: For Digital SNOTE Download confirmation testing process
SAP Note 2793641: For STC01 process execution details
SAP Note 2631190, 2554853: For Certificates download
TCI Apply or Roll-back:
SAP Note 2187425 – Information about SAP Note Transport based Correction Instructions (TCI)
SAP Note 2576306 – Transport-Based Correction Instruction (TCI) for Download of Digitally Signed SAP Notes
SAP Note 2174416 – Creation and activation of users in the Technical Communication User application
SAP Note 2408073: If you have older versions, then Manual activity may require
SAP Note 2716729: For SAP Parcelbox configuration
SAP Note 2827658: Full process basic overview
SAP Note 2537133: FAQ on Digital SNOTE
If facing any Issue, you can raise a SAP OSS Ticket under category: XX-SER-NET
OR you can also search through Guided Answers via : https://ga.support.sap.com/
Thanks for the read. Hope you like it. Your feedback & gesture is most welcome