ABAPGit Installation on SAP NetWeaver developer edition 7.52
In this blog post, we will learn to activate AbapGit on SAP NetWeaver Developer Edition 7.52 with an alternate way of installing server certificates and ensuring AbapGit is working as it should be.
Recently, i had the pleasure of installing the SAP NetWeaver Developer Edition 7.52 on my PC. The first thing i wanted was to have backup of my code available to me.
Luckily, we have a wonderful tool AbapGit at our disposal. Installation was a breeze, as it was very well documented, however, SSL Setup was a bit of a problem, as some of the directions are bit vague , and provided steps were not fruitful at least at my end. However, with little bit of work, i was able to have it work on my SAP installation. Here i am putting up the steps, so that those who are facing the issues, will be able to solve them at their ends.
Little bit of BASIS work is also required.
I am not going to reproduce the steps of installation here, however, i suggest that one should download ,
zabapgit_standalone source code and save it as text file. Create a Program of this code and assign a transaction code to it ( zabapgit is for me). if you run this program, you will see this screen.
Upon executing this program, you will receive some errors like below or some others , now we need to find a way to solve these errors.
Let’s Solve The Problem
AbapGit SSL Setup mentions adding some parameters to SAP Default Profile. First of all, add those parameters if not already added.
Mentioned Parameters are;
ssl/ciphersuites = 135:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH ssl/client_ciphersuites = 150:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH icm/HTTPS/client_sni_enabled = TRUE ssl/client_sni_enabled = TRUE SETENV_26 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec SETENV_27 = SAPSSL_CLIENT_CIPHERSUITES=150:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH SETENV_28 = SAPSSL_CLIENT_SNI_ENABLED=TRUE
There parameters can be added through Transaction Code : RZ10. Here is a picture
And here is RZ10 after adding the parameters.
When you save the profile, SAP will prompt you to activate it and then mentions in popup that you must restart the SAP to have this changes be effective.
Logout and restart your SAP Application.
It is worth noting that, before making any changes to your SAP System profile, one should make a backup copy, so that in case of problems, you can revert back to old settings.
On Terminal: cp DEFAULT.PFL DEFAULT.PFL.BKP
Once, SAP is back online, we need to add Server Certificates to Transaction Code Strust. On multiple available videos on youtube & AbapGit SSL Setup , solution is to add extract certificate from your browser and upload it to Strust, however , in my testing , it was not working, so i applied another way of extracting the Certificate for Strust by using Transaction Code : SMICM and extracting the Certificate from Trace Files.
- Run Transaction : SMICM
- On Menu : Goto -> Trace File -> Reset (This will clear the Trace file)
- Then On Menu : Goto -> Trace Level -> Set (Select level 3 and press Pen icon)
- Go To Transaction : SE38
- Run zabap_test_ssl program (This will again result in error, but this time SMICM will show us the full error log with server certificate information.
- Exit SE38
- Run Transaction : SMICM
- Then On Menu : Goto -> Trace Level -> Set (select level 1 and press Pen icon)
- Then on Menu : Goto -> Trace File -> Display All
- Search for Value “Trace Level” and select “changing Trace Level to 3“
Now, we need to look at the Trace File and find the following line
Subject: CN=github.com, O="GitHub, Inc.", L=San Francisco, SP=California, C=US Issuer: CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1, O=DigiCert Inc, C=US Serial Number: 0C:D0:A8:BE:C6:32:CF:E6:45:EC:A0:A9:B0:84:FB:1C
Just below this, there is a section with —BEGIN CERTIFICATE— as heading, Copy all of it and save it with the name of github.cer file. Make sure, the text starts with
and ends with
Notice 5 “-“ in lead & end.
If you go down on the trace, you will find another certificate just below this mentioning CN=digicert , just skip it and go further down, until you came across the following lines;
Subject: CN=*.github.com, O="GitHub, Inc.", L=San Francisco, SP=California, C=US Issuer: CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1, O=DigiCert Inc, C=US Serial Number: 02:74:87:F4:82:D0:7C:B0:E8:41:CF:0A:29:35:7E:9B
Again, copy the Certificate just below these lines, and save it as apigithub.cer file.
All Steps with SMICM are done.
Proceed with STRUST Steps
Make sure to select
SSL client SSL CLIENT (Anonyomus)
After uploading both certificates, SAVE and exit STRUST.
Now , Go BACK TO SE38 and run zabap_test_ssl . This Time, you will receive the OK report.
Now, You can run your AbapGit and create online repositories.
Just make sure, you create a token , before proceeding, as it seems that current version of AbapGit is not taking passwords into consideration , and only working with personal tokens.
we have a proper working AbapGit and a little bit better understanding of updating and using certificates in Strust.
if this blog post is helpful in please do provide feedback.
I wonder why you had an issue with: "extract certificate from your browser and upload it to STRUST, however, in my testing, it was not working"
Just a mistake when you are new to this?
The public keys of the certificates shown in the ICM trace and the ones that you get via your Web browser are the same.
I never had any issue with installing the certificates from the Web browser in STRUST.
What i wanted to say, is that extracted certificates did not work after uploading to strust. I tried it on 2 different virtual dev servers.
Also, same happened on a landscape sandbox server as well. hence i took the other route.
Thanks. You don't mention in which PSE of STRUST you load the certificate(s). Although it's said in the abapGit documentation to upload in the PSE "SSL Client Anonymous", maybe you uploaded them into the wrong PSE?
Yes, as document mentioned, SSL Client Anonymous.
And thanks , i forgot to mention it in blog. so added it as well.
It should probably be noted that ABAP developer edition was discontinued by SAP last year.
The title read mentions SAP NetWeaver developer edition 7.52. While ABAP Platform 1909 was discontinued, NW 7.52 is still alive and kicking. I just extended my license for another 3 months.
My bad, looks like 7.52 still out there. Thanks!
Thanks for this nice blog.
I have an issue with after adding new parameters into default profile -rz10-.
Issue is " connection reset by peer ".
To solve this, re-installing sap but this time creating a DDIC object requires developer access key.
When I go to t code -slicense-, I see two certificates, I supposed to that a new one is generated by my local sys because of re-installing.
What should I do? Thanks in advance. =)
I am sorry for the late reply.
You don't need to reinstall SAP, just copy and restore the DEFAULT.PFL.BKP , if you have created it before changing RZ10 parameters.
You can also, manually remove the added parameters from your DEFAULT.PFL to ensure SAP application is able to boot. (I am sure, one of the parameter is already active in your system, so do check your profile thoroughly )
I am not sure about the DDIC object,but it is possible, that your dev server requires a license key.
You can download the license from https://go.support.sap.com/minisap/#/minisap Select "NPL - SAP NetWeaver 7.x (Sybase ASE)" , provide your info and hardware key (available in SLICENSE) and generate new license.
Thanks for replying me, I opened an issue about this in abapGit repo and got some help from @mbtools Marc Bernard. I added parameters by OPENSUSE terminal as npladm super user. Then run the server and all is working. I'm grateful for this useful blog and your support too.