Configuring Secure Network Communications for SAP

ProcedureTo Create the PSE for Server

  1. Start transaction RZ10 and select the instance profile used by the server start-up.

  2. Add the instance parameter "snc/identity/as".

  3. Set the instance parameter "snc/identity/as" to the specific name of the server.

    For example: "snc/identity/as p:CN=IDS, OU=IT, O=CSW, C=DE" (Do not forget to add "p:" in front of the name, as shown below).

    Note –

    While specifying the distinguished name for your Client/Server PSE "CN=xx, OU=xx, O=xx, C=xx", the cryptographic tool validates the country code for the "C=xx" attribute.

    Active Parameter Name and Value

    This example shows an X.500 Name. It is formed from different elements that represent a hierarchical name space. Where CN = Common Name, OU = Organizational Unit, O = Organization and C = Country.

  4. Restart your server.

    After restarting your server you can now create the SNC PSE.

  5. Start the STRUST transaction, right click on "SNC (SAPCryptolib)," and choose Create.

  6. Accept the SNC ID which is taken from the instance parameter "snc/identity/as."

  7. Double click "SNC (SAPCryptolib)" and choose "Assign Password" to add a password for the "SNC (SAPCryptolib)" PSE.

  8. Type in a password.

    The Password can contain both letters and numbers. Without the password the server would not start when you set the instance parameter "snc/enable" to 1.

  9. Save the settings.