on 04-11-2018 6:58 PM
Hello,
I'm working on encryption between SAP-GUI and Application-Server, uses Keberos.
I don't want to use sso.
Here a list what I have done so far.
Could you read this an advise what's wrong in Setup or what is missing.
Thanks in advance
Reinhard
0) Create SNC-User SAP/snc-ce-user ( checked with: setspn - Q )
1) Create Kerberos PSE
sapgenpse keytab -p $SECUDIR/SAPSNCSKERB.pse -a SNC-CE-USER@xxxx.yyyy
-y Password
2) Create SNC SAPCRYPTOLIB
4) After step 1) and 2) there are two files in /usr/sap/$sid/DEVBMGSxx/sec
5) sapgenpse seclogin -p $SECUDIR/SAPSNCSKERB.pse -x PW -O SAPServiceSRD
6) Installation of SNC Client Encryption 2.0
7) Settings in GUI
😎 System Parameter
snc/r3int_rfc_secure 0
snc/r3int_rfc_qop 8
snc/data_protection/min 1
snc/data_protection/use 1
snc/accept_insecure_cpic 1
snc/accept_insecure_gui 1
snc/accept_insecure_rfc 1
snc/enable 1
snc/identity/as p:CN=SAP/SNC-CE-USER@xxxxxxxxx.LOCAL
snc/permit_insecure_start 1
snc/data_protection/max 3
snc/gssapi_lib $(SAPCRYPTOLIB)
RE-START SAP OK
BUT GOT an GUI ERROR
Activated Securtiy Trace. Seems to be ok.
d
Hello Reinhard,
Based on the "picture 7", the SAP SNC server certificate is a "self-signed certificate".
Have you imported the certificate from the SAP server ("CN=SAP/SNC-CE-USER@xxxxxxxxx.LOCAL") to your local workstation?
Regards,
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Reinhard,
Can you check your config with below blog configurations?
Is your SAP GUI Connection encrypted? Can someone eavesdrop your passwords?
Regards,
Yuksel AKCINAR
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
76 | |
9 | |
8 | |
7 | |
6 | |
5 | |
5 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.