Skip to Content
Technical Articles

Digital SNOTE configuration process for managed system for Notes download for NW 7.5 — Simplified Steps

Hi Friends,

This document is step-wise for Digital Snote implementation process for managed system with NW 7.5 keeping in mind that many customers have already upgraded their system to NW 7.5 or higher as there is a End-Of-Maintenance for SAP_BASIS 740.

 

Step 1:⇒

Add the below 4 certificates in SSLC.pse, this can be done via STRUST, as this would be used in the RFCs later onwards,

Note: If you are adding in SSLC.pse list, then you need use SSLC in your RFC. If you are adding them in SSLA.pse list, then you will need to use SSLA in your RFCs which will be shown below in later steps,

Note:⇒ In case, any certificate is already existing for example, Digicert certificate because of Cloud Connector, in that case please do not again import the certificate

Step 2:⇒

Upload the below files via T-code SPAM,

SAPK750009CPSAPBASIS= I710020751258_0117491.PAT;

SAPK75000FCPSAPBASIS= I710020751258_0125751.PAT

Step 3:⇒

Check your SAPOSS rfc is working or not as starting phase, if not active, you can download the below Notes from ServiceMarketplace & Upload until this year end

  1. SAP Note: 2576306
  2. SAP Note: 2738426

Step 4:⇒

Apply the Notes, Capture in TR, can be in the same TR.

In case the proper SAR files are not added, then while applying the Notes, it would also pop-up a dialogue to provide the required SAR files(TCI packages).

Step 5:⇒

Take backup of OSS1 & cross-verify the details after the configuration completion (Optional Step),

Step 6:⇒

T-code : → STC01 → SAP_BASIS_CONFIG_OSS_COMM → Execute Button

Now wherever we have Change parameters, I mean, pencil icon, we have to open select proper options & Save

Used Router String:⇒

/H/<Organisation Router IP>/S/sapdp99/H/194.39.131.34/S/sapdp99/H/

Please Note Router Strings can be different on how your organization Router access is configured & how you want access.

This value in above creates the exact required router string for those other RFCs

& Press Save Button on above.

Note:⇒ If the RFCs are not available in SM59 or you have already set them manually before correctly, then you can skip the “Overwrite existing destination” options

Last, ICM Restart options, also if you want you can uncheck this step also, no issue there:

Step 7:⇒

For the 1st 2 steps I have already cross verified that the ssl/client_ciphersuites value that we have the minimum required value. Hence obviously the SAPCRYPTOLIB version is already higher than the minimum requirement as in below,

Minimum value(SAP Note 510007):-

For Non-Solman systems minimum required,

ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

For Solman systems minimum required,

ssl/client_ciphersuites = 918:PFS:HIGH::EC_P256:EC_HIGH

Execute those steps by pressing the Execute button on top.

Step 8:⇒

In SPRO → SAP Reference IMG → SAP Netweaver → Application Server → Basis Services → SNOTE. Here we need to update some details to download only digitally signed Notes

Save the settings, go back & open option “Define File Type for Downloading SAP Note” & finally set the below option to download Digitally Signed Notes only.

Note:⇒ In case we want revert back to older process for downloading unsigned SAP Notes, then we need change here also along with the above option to “Remote Function Call(RFC)”

Note:⇒ The above screens can also be called via program RCWB_SNOTE_DWNLD_PROC_CONFIG & RCWB_UNSIGNED_NOTE_CONFIG

Step 9:⇒ How to Verify the Digital SNOTE process completion

To confirm the SNOTE Digital process, I have downloaded the below Note 2 times, 1 is before I set the digital process & another is after set the digital SNOTE process, which is why we see 2 logs timestamp(11:35:28 & 12:15:49).

Also the similar scenario can be verified via SLG1. Details are also prescribed in below,

https://help.sap.com/viewer/9d6aa238582042678952ab3b4aa5cc71/201809.002/en-US/d37dc3341e20429183615a7639277b44.html

 

New optional simplified step & another optional Step :⇒

You can apply SAP Note 2836302, after which you can go SE38 → RCWB_TCI_DIGITSIGN_AUTOMATION, reference SAP Note 2860540 . In that case, You need not go for STC01, as this is bit more detailed guided procedure

Also, after completing this process, you can delete the Unsigned SAP Notes also which were not implemented, for that you can run the Program → SCWN_DS_CLEAR_NOTE_FILE. Execute the report.This removes all the SAR, ZIP, and SMF files related to the SAP Note from the application server.

Note:⇒ Please be careful as If you execute the report without entering any SAP Note number as an input, the report will clear all the SAR, ZIP, and SMF files related to all SAP Notes from the App. server directory ($(DIR_TRANS)/tmp). Hence this sort of deletion authorisation can be allocated to the Admin Users only who will in that case has to have authorisation in ($(DIR_TRANS)/tmp)

 

Reference Doc & Some Related Information:⇒

SAP Note 2836996: For Digital SNOTE Download confirmation testing process

SAP Note 2793641: For STC01 process execution details

SAP Note 2631190, 2554853: For Certificates download

https://support.sap.com/en/my-support/knowledge-base/note-assistant.html

https://sap.apj.pgiconnect.com/p4oqreiljvv/?launcher=false&fcsContent=true&pbMode=normal

OR

https://www.youtube.com/watch?v=knLY11f1WGY&

Cheat Sheet:

https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/knowledge-base/note-assistant/cheatsheet-for-digsignnotes_snote_tci.pdf

TCI Apply or Roll-back:

SAP Note 2187425 – Information about SAP Note Transport based Correction Instructions (TCI)

SAP Note 2576306 – Transport-Based Correction Instruction (TCI) for Download of Digitally Signed SAP Notes

SAP Note 2174416 – Creation and activation of users in the Technical Communication User application

SAP Note 2408073: If you have older versions, then Manual activity may require

SAP Note 2716729: For SAP Parcelbox configuration

SAP Note 2827658: Full process basic overview

SAP Note 2537133: FAQ on Digital SNOTE

 

If facing any Issue, you can raise a SAP OSS Ticket under category: XX-SER-NET

OR you can also search through Guided Answers via : https://ga.support.sap.com/

like,

https://ga.support.sap.com/dtp/viewer/index.html?source=social-global-sapsupporthelp-twitter-trainingenablement-dbs-unspecified-ga-upg-spr-2371315085#/tree/2472/actions/33067

 

Thanks for the read. Hope you like it. Your feedback & gesture is most welcome

 

Thanks,

Kaushik

Be the first to leave a comment
You must be Logged on to comment or reply to a post.