cancel
Showing results for 
Search instead for 
Did you mean: 

enable SNOTE for digital signature

former_member189780
Participant
0 Kudos

Hi,

we followed documents to configure digital Signed. Now when we are trying to download oss notes (SNOTE -> Goto --> Download SAP Notes), logs are still showing that OSS note is being using RFC. We have configured HTTP to download the OSS notes.

"Note 0002632679 downloaded in version 0004 (RFC use SAPOSS):.

Following RFC's created by Digital Signed process are working fine (test is good):

SAP-SUPPORT_PORTAL (Status HTTP response is 200)

SAP-SUPPORT_PARCELBOX (Status HTTP response is 200)

SAP-SUPPORT_NOTE_DOWNLOAD (Status HTTP response is 404)

Pls suggest to fix this issue.

Thanks

Amar

pankaj_pabreja
Participant
0 Kudos

Hi Amar,

What is the SAP_BASIS release of your system?

Regards,

Pankaj

Accepted Solutions (0)

Answers (7)

Answers (7)

Former Member
0 Kudos

Hello Amarjit,

Run the report RCWB_UNSIGNED_NOTE_CONFIG and set the option to "Do not download unsigned SAP Note"

When HTTP or Download Service Application options are chosen to download digitally signed notes, if this mechanism fails, the SNOTE will default to RFC and download the unsigned note.

When setting this option you may get an error message why the HTTPS (or Download Service).

Check the Guided Answer Options for Downloading Digitally Signed SAP Notes you will find the links and information to configure the different options there, confirm all of the steps are done.

David

dennispadia
Active Contributor
0 Kudos

Hello Amarjit,

Recently in one of my system, I had exact same issue where all steps has been followed but still Notes were getting downloaded using SAPOSS.

So I have re-implemented below SAP Note which has resolved my issue. Kindly download below SAP Note again, upload relevant TCI and then after run the report to set SNOTE download to HTTPS

2576306 - Transport-Based Correction Instruction (TCI) for Download of Digitally Signed SAP Notes

Hopefully this can help you to resolve your issue.

Regards,

Dennis

0 Kudos

Hi Dennis,

Having the same issue.

How did you re-implement this note? I am getting the below error while de-implementing the note 2576306.

"There is no valid backup for the package SAPK74000SCPSAPBASIS.

Please help

Regards,

Vishwa

dennispadia
Active Contributor

Hello Vishwanath,

In my case, my SAP Note was not implemented properly due to which I was facing the issue and then I have re-implemented it again and it allowed me to implement this note as entire note was not implemented on my system.

But if your SAP Note 2576306 is applied properly, there is no need to re-implement this note. Plus it won't allow you to re-implement because while applying this note, it prompted a message with value TCI rollback set to "No" which means this note cannot be rolled back.

For more info check - https://help.sap.com/viewer/9d6aa238582042678952ab3b4aa5cc71/7.52.2/en-US/86ec9660bd25403fba0609c375...

If the attributes for TCI rollback are not set to "TRUE," you cannot roll back the TCIs. Then, to delete the TCI from the system, you must revert your system to the status it had before you implemented the TCI. This procedure necessarily requires a system backup.

I feel your SAP Note is applied properly and you need to focus on other aspect of troubleshooting

Regards,

Dennis Padia

0 Kudos

Hi,

Could you please let me know how to troubleshoot the issue with notes getting downloaded via SAPOSS RFC. I have tried to hash out SAPOSS, but it does not work. It still tries to use SAPOSS and throws error.

The same steps have been followed in other landscapes as well and it works without error. We are facing issue only in CRM systems. We are on Basis 7.40, SPS14.

Regards,

Vishwa

former_member189780
Participant
0 Kudos

Hi Dennis,

I put #. Now it is failing to download oss note with RFC OSS but still not able to download with https. Not sure why system is not accepting RFC "SAP-SUPPORT_PORTAL" to download oss note.

saposs-ossnote-download.jpg

I tried to upload oss note and it seems to be working but not showing in log if it is using HTTPS protocol to download.

upload-log.jpg

Hi Yogesh: Pls check the download log in jpg file "download-note-log". It is showing to download thru RFC oSS.

Thanks

Amar

patelyogesh
Active Contributor
0 Kudos

Hello Amarjit Nagi,

Is you SAP-SUPPORT_PORTAL RFC is able to select SSL Certificate?

Please also watch this replay video for more information. https://www.youtube.com/watch?v=knLY11f1WGY&;

Cheatsheet is available for more information.

https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/knowledge-base/note-assista...

Thank you

Yogesh

former_member189780
Participant
0 Kudos

Steps to follow for Digital Signature Configuration:

  • 1.Extract and upload the following in SPAM:
  • a.Following is the requirement for OSS note: 2576306 (The implementation queue contains at least one SAP Note with a transport-based correction instruction (TCI)). This is valid from (SAPKB74002 - SAPKB74019).

ersadm 12> SAPCAR -xvf K74000SCPSAPBASIS.SAR

SAPCAR: processing archive K74000SCPSAPBASIS.SAR (version 2.01)

x EPS/in/I710020751258_0117492.PAT

SAPCAR: 1 file(s) extracted

  • b. Following is the requirement for OSS note: 2738426 (The implementation queue contains at least one SAP Note with a transport-based correction instruction (TCI)). This is valid from (SAPKB74008 - SAPKB74021)

ersadm 9> SAPCAR -xvf K74000VCPSAPBASIS.SAR

SAPCAR: processing archive K74000VCPSAPBASIS.SAR (version 2.01)

x EPS/in/I710020751258_0125757.PAT

SAPCAR: 1 file(s) extracted

Only need to upload in ERD server. Implemented OSS notes 2576306/2738426 using following method:

snote.jpg

snote2.jpg

  • -Add the following value in Instance Profile:
  • #Following TLS parameter for Digitial Signature setting - oss note 510007#
  • ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

- with tcode STC01: executed SAP_BASIS_CONFIG_OSS_COMM. All conditions worked and RFC's are created in system.

- Used HTTP Protocol setting:

http-protocol.jpg

- Download OSS note:

download-sap-note.jpg

download-note-log.jpg

- Upload OSS note: Not sure, if upload is using RFC or HTTP protocol.Nothing is showing in log.

upload-oss-note.jpg

upload-note-location.jpg

upload-note-log.jpg

Any suggestion would be appreciated. So far no help from SAP OSS.

Thanks

Amar

former_member189780
Participant
0 Kudos

Thanks Dennis,

1. yes, i executed report RCWB_SNOTE_DWNLD_PROC_CONFIG and set the variant to HTTP protocol.

2. I'm following your suggestion mentioned in following link:

https://answers.sap.com/questions/12678099/backbone-readiness-report.html

How to do the "hash out SAP OSS RFC"? Do you mean to delete "SAPOSS" RFC in SM59? Pls confirm.

3. "ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH" has been already set and restarted the system after this change.

Thanks

Amar

patelyogesh
Active Contributor
0 Kudos
Hello Amarjit Nagi,

Can you please share a log or Error message you receiving to download SAP note?

-Yogesh

dennispadia
Active Contributor
0 Kudos

Hello Amarjit,

Hash out means, you can put "#" or some random character in target host or group in SAPOSS. So that it is not functional when you do authorization test.

Regards,

Dennis.

patelyogesh
Active Contributor
0 Kudos

Hello Amarjit Nagi,

Did you implemented SAP note below?

2508268 - Download of Digitally Signed SAP Notes in SNOTE

Thank you

Yogesh

former_member189780
Participant
0 Kudos

Hi Yogesh,

I implemented SAP Note 2576306 with TCI. This note bundle the 2408073/2546220 and 2508268.

Thanks

Amar

dennispadia
Active Contributor
0 Kudos

Hello Amar,

Can you confirm if you have followed below steps.

  1. Did you ran report RCWB_SNOTE_DWNLD_PROC_CONFIG and set the variant to HTTP protocol? Only after that it will download SAP Note using HTTP RFC.
  2. If you have performed above step, then can you please hash out SAPOSS RFC and try to download SAP Note. Let me know what’s the outcome but make sure you execute step 1 before hashing out SAPOSS RFC.
  3. Also did you set ssl/client_ciphersuites parameter and restarted the system. Because even if you have executed step 1 but forgot to set this parameter (restart required), it will still use SAPOSS RFC to download SAP Note.

Regards,

Dennis.