6/04/2020

Connect SAP Diagnostics Agent to Solution Manager using SSL

Skip to end of metadata
The aim of this wiki is to help in enabling the configuration to connect the Diagnostics Agents to the Solution Manager 7.10 using SSL, as described in note 1898685. Actually, the focus is narrowed down to prerequisite #2 of step #2, described in the same note.
This configuration is not valid for Solution Manager 7.20.

Prerequisites

The prerequisites are the deployment of the IAIK libraries in the Diagnostics Agent, as described in note 1898685  and the SSL configuration for the Solution Manager Message Server and P4 ports.

Solution 

Configure transport layer security on Solution Manager JAVA Stack

The configuration of the Solution Manager Java Stack to enable secure communication is described in detail in the following guide: 
The following setup step needs to be performed to enable secure communication on the Solution Manager Java stack:
Configure SSL on AS Java:
  1. Create SSL Credentials: in the Visual Admin(/usr/sap//DVEBMGS/j2ee/admin) of the Solution Manager, select the Key Storage, under Server > Services. Create new credentials or check the validity f the already available credentials for service_ssl:

    Detailed information and the how to guide is available under: http://help.sap.com/saphelp_nw70ehp2/helpdata/en/a6/98f73dbc570302e10000000a114084/content.htm.
  2. Assign SSL Credentials to HTTPS communication port: Access the SSL provider with the following path: Server > Services > SSL Provider. Select the configured HTTPS port (default is 5xx01) and assign the SSL certificate created in the previous step as "Server Identity".
     
  3. Assign SSL Credentials to the P4S communication port: Access P4 provider with the following path: Server > Services > SSL Provider. Select the configured P4S port (default is 5xx06) and assign the SSL certificate created in the frist sttep of this section as "Server Identity".

    Further documentation about SSL configuration for Solution Manager Java Stack is available in the following documentation:  http://help.sap.com/saphelp_nw70ehp2/helpdata/en/f1/2de3be0382df45a398d3f9fb86a36a/frameset.htm.

Configure SSL on Message Server for Solution Manager ABAP and JAVA Stack

This section is relevant if you want to use MS HTTPS and P4S connection.
The executable directory of the message server needs the SAPCRYPTO libraries installed. For a message server running as part of Central Instance of ABAP stack this is already performed in step ”Install SAP Cryptographic Library and set Profile Parameters”. For Message Server on Java Central Service Instance (SCS) and ABAP Central Service Instance (ASCS) execute the same procedure. Also make sure a valid server identity is available in $DIR_INSTANCE$/sec that a valid SAPSSLS.pse. For simplification it is possible to reuse the server identity as created for the Solution Manager ABAP Stack.
Add the following parameters to the Central Services Instance Profile to enable Message Server HTTPS port:
ms/server_port_1 = PROT=HTTPS,PORT=444$$

No comments:

Post a Comment

Popular Posts