Last active
March 28, 2024 22:55
-
-
Save sapddic/1057ff83d1f97e4eaff86fd809fa8644 to your computer and use it in GitHub Desktop.
SNC setup[object Object]
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cd $SECUDIR | |
sapgenpse get_my_name -p SAPSSLS.pse | |
sapgenpse get_pse -p $SECUDIR/cert.pse -r $SECUDIR/cert.req -a sha256WithRsaEncryption -s 2048 -k GN-dNSName:ns2hsgdb.domain.com "CN=ns2hsgdb.domain.com, O=LMC, OU=Hosting, L=AWS, C=US" | |
************************************ | |
CN=ACD_SNC.domain.com, OU=Hosting, O=LMC, L = AWS, C=US | |
p/sapsso:CN=ACD_SNC.domain.com, OU=Hosting, O=LMC, L=AWS, C=US | |
************************************ | |
# Set below SNC parameters in the Default Profile | |
snc/accept_insecure_cpic 1 | |
snc/accept_insecure_gui 1 | |
snc/accept_insecure_rfc 1 | |
snc/accept_insecure_rfc 1 | |
snc/identity/as p/sapsso:CN=<SID>_SNC.domain.com, OU=Hosting, O=LMC, L=AWS, C=US | |
snc/gssapi_lib $(DIR_LIBRARY)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL) | |
snc/permit_insecure_start 1 | |
snc/enable = 0 | |
# Restart | |
Update SNC0 entries in each system | |
Activate SNC in the RFCs with QOP set to 9 | |
Update below two parameters | |
snc/accept_insecure_rfc=U | |
snc/only_encrypted_rfc=1 | |
# Activate SNC in the JAVA if it is connected to the backend ABAP using UMEBackendConnection | |
p/sapsso:CN=PAD_SNC.domain.com, OU=Hosting, O=LMC, L=AWS, C=US | |
p/sapsso:CN=PAQ_SNC.domain.com, OU=Hosting, O=LMC, L=AWS, C=US | |
p/sapsso:CN=PAP_SNC.domain.com, OU=Hosting, O=LMC, L=AWS, C=US |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment