SAP NetWeaver Application Server for Java

Inspired by the blogpost Chronicles of a PI TLS 1.2 upgrade by Eng Swee Yeoh I like to share some other pitfall you may want to avoid with the IAIK Library of your PI and other AS Java systems as well as the CCL. Updates:   Extended Master... Read More »

The following enhancements are planned to be released for SAP NW 7.5 SPS 25. Please review the procedure to check if it complies with your expectations. Procedure Open the Key Storage Content tab. Select the view for which you want to create a... Read More »

last Changed: 3rd of August 2022 demystifying TLS/SSL Settings for NetWeaver the correct TLS/SSL Setting in SAP NetWeaver based Systems (ABAP, BI-JAVA, SolMan 7.2) are the most mandantory pre requisites to enable the SAP Secure Notes Download,... Read More »

The CommonCryptoLib (CCL) performs the validation of X.509 certificates. Certificate validation consists of three basic steps: verify the certificates’ integrity (Construct the Chain and Validate Signatures) verify the validity, (Check... Read More »

The CommonCryptoLib (CCL) is used when managing the Personal Security Environment (PSE) files and the SSO credential (cred_v2) file. PSE files are storing for example, a public and private key pair and trusted public key certificates. The cred_v2... Read More »

From my experience the RFC Gateway security is for many SAP Administrators still a not well understood topic. As a result many SAP systems lack for example of proper defined ACLs to prevent malicious use. After an attack vector was published in the... Read More »

Many years ago SAP deprecated the SAPCRYPTOLIB and introduced the CommonCryptoLib (CCL) as its successor. The CCL is not only a replacement for its predecessor but also for gsskrb5.dll, gI64krb5.dll, and gx64krb5.dll, which may still be used as... Read More »

Profile parameters accompany the SAP Basis administrators their entire lives. Still, in many SAP systems one can find sub-optimal handling of those and when it comes to monitoring or compliance checking one may be curious how to determine the... Read More »

The SAP Web Dispatcher is a reverse proxy designed to work best with other SAP software solutions. While there exist many reverse proxy solutions from various software vendors out there, the SAP Web Dispatcher is maintained and supported by SAP, is... Read More »

Many years ago SAP deprecated the SAPCRYPTOLIB and introduced the CommonCryptoLib (CCL) as its successor. The CCL is not only a replacement for its predecessor but also for OpenSSL, which was used for example by SAP HANA in its early days (and up to... Read More »