Hello SAP,

We have only one Productive Solman system for all the Gerdau systems, so we don't have a test environment to perform these PERSON_NAME recommendations, so we have to be really careful, could you help me address the requirements bellow please ?

As part of SAP Health Checking/PERSON_NAME recommendations, we received a recommendation to enable SSL communication in our Solman system. 

First doubt: the recommendation refers to the Java SID of our Solman system (SJ0). However, we also have the ABAP SID (SM0)..
I am unsure if we should set up HTTPS only in Java or also in ABAP layer..

Also.. which caution do we have to take to implement this ? do we have to modify any RFCs on ABAP side ? do we have to modify any connections on Java
side ? which/where ? do we also have to create certificates signed by certification authority in other systems to accomplish this ?
Would we also require to implement SNC certificate on ABAP side or just TLS ?
Should we use the same certificates signed by certificate authority in JAVA and ABAP layer ?

The recommendation (JE143) says:
"SSL is not set up or the default(self-signed) certificate is used. Ensure secure communication by using SSL certificates only. 
A default certificate should be replaced by a "real" certificate, signed by a proper certification authority. After applying the recommendation for SSL configuration, several parameters should be adjusted accordingly".

It doesn't say which parameters have to be modified and it does not point to any KB..

“Please refer to the following two sections” => Then it points to other two recommendations(JE167 and JE166) that seems to the same (same description),
which require SSL to be implemented in advance from my understanding.

I can't tell the difference between these:
-Secure Attribute for Security Session ID Cookie (JE167)
-Secure Attribute for System Cookie (JE166). 

Description: "If the property is set to true, then the secure attribute is set to the system cookies and the cookies marked as secure will only be transmitted if the communications channel is a secure one (https)"

And we also have this one to implement:
-Enforce SSL encryption for Transfer of SAP Logon Tickets (JE139). 

Then it points to a KB that does not exist (DIGITS) - where do I find the corresponding steps ? Is it something to be prepared after implementing SSL or something to be done in parallel ? :

"Use SSL at least between the client and the first load balancer or reverse proxy.
See SAP Note DIGITS (Switching to HTTPS Transport Layer Security) and SAP Note DIGITS (SSL tips for preventing 
hijacking).
Use DNS aliases in a separate subdomain for accessing the portal and the integrated systems (See other issue for details).

After you have implemented SSL (at least between the browsers and the load balancers of the portal and all directly accessible integrated systems), set "ume.logon.security.enforce_secure_cookie" to "True", so that the SAP Logon Ticket can only be sent via HTTPS connections".

Please let me know,

Thanks,