Additional Blogs by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ADS SSL configuration journal I. / ABAP -> JAVA / 640 - 70x

former_member191062
Active Contributor
‎01-25-2008 4:27 AM

I would like to show you, how I have set up SSL for the Adobe Document Services.

The configuration was done on a NW04s system.

Instead of words let's begin:

1. First we ensure we have a certificate in the ABAP, what can be used for the communication.

 a. Go to Tr. STRUST:

 b. I created "SOAP" Client certificate /* self-signed */ with help of menu option:

 c. Environment >> SSL Client Identities.

2. We have to assign this certificate to the ADS HTTP destination in Tr. SM59

a. Go to Tr. SM59

b. Choose you ADS destination, than choose tab: 'Logon & Security' activate SSL

c. and choose your freshly created certificate:

3. Change the target System settings to the SSL Server proxy.

a. Go to Tr. SM59

b. Choose tab: Technical Settings

c. Change the Service No. to the SSL port of the J2EE engine

d. Change the path prefix to:

/AdobeDocumentServicesSec/Config?style=rpc

4. Copy the certificate to the JAVA host at OS level.

We can download the certificate from Tr. STRUST.

a. Open the certificate and press the export certificate button. Save the certificate in base64 format. I choosed the name: ERP_SOAP.cert 

b. This certificate has to be copied at os level to the NW JAVA engine to a directory that is accessibble by the j2ee_admin user. We will need the certificate in the Visual administrator.

5. Load the certificate into the JAVA engine .

In the Visual Administrator navigate to the Key Storage Service.

a. Create a view with the Name: 'ADSCerts'.

b. Load the certificate with help of the 'Load' button.

After this step, you should have something similar to this: / you will have only 1 certificate /.

c. With the same mechanismus also load this certificate into the TrustedCAs view. / We do not have CA cetificate as we use self-signed certificate in this scenario so the CA cert is the same as the ADSUser's cert. /

6. Assign the certificate to the ADSUser.

a. Go to the security provider Service.

b. On the tab User management search for the ADSUser. Click change.

c. At Certificates choose Add, and assign the certificate you have just loaded to the ADSCerts view.

d. Click the change again.

7. Set up the SSL provider to request the ADSUsers's certificate

a. Go to the SSL provider Service.

b. Open the HTTPS port of the j2ee engine and go to the tab: Client authentication.

c. Add the certificate we loaded to the TrustedCAs to the list. / Ensure the request client certificate option is selected /. It should look similar to this:

8. Extract the J2EE servers server cetificate.

a. Go to the SSL provider Service.

b. Open the HTTPS port of the j2ee engine and go to the tab: Server Identity. Here you will find the name of the certificate the J2EE server is using as Indentification certificate.

c. Go to the Key Storage Service and choose the: service_ssl view.

d. Here choose the certificate you have found in point 8.b.

e. Download this file from the OS of the J2EE enginge to your Desktop.

9. Upload the J2EE server identity to STRUST

a. In the ABAP stack go to Tr. STRUST.

b. Choose the certificate you created for the communication.

c. Click on import Certificate >> A dialog opens. Choose the certificate you downloaded to your desktop. / J2EE Server Identity /

d. Click on Add to Certificate list.

e. Go To Tr. SMICM and restart the ICM.

 

 

With these steps the SSL communication from the ABAP to the JAVA side should work.

At least it did for me 😉

In the next part of the Jurnal we set up the SSL for the destination service. / JAVA -> ABAP / 

17 Comments
Popular Blog Posts