Configuring SAP Cryptographic Library for SNC

To set up a server to use the SAP Cryptographic Library for SNC, you can use the below configurations and tools depending of your server type.

Main steps of the configurations are ;

1- Installing the SAP Cryptographic Library on your server.

2- Creating a PSE and self-signed public-key certificate ( If you have several hosts, then you can create a single PSE and copy it to other hosts).

3- Creating credentials for the server.

4- Providing the server’s security informations to its communication  partners.

Following graphic shows a clear picture for us ;

Configuring SAP Cryptographic Library for SNC

We can install SAP Cryptographic Library package seperately, for detail informations you can check the following central note for SAP Cryptographic library.

1848999 – Central Note for CommonCryptoLib 8 (SAPCRYPTOLIB)

SAPCRYPTO.SAR package contains the following files ;

  • sapcrypto.dll for Windows
  • libsapcrypto.so for UNIX
  • sapcrypto.mf contains information about which platforms and kernels are supported.
  • The configuration tool sapgenpse.exe.

For kernels 7.41, 7.42 or later, CommonCryptoLib fixes can be patched independently from SAP Kernel Packages. The updating process using dw_utils.sar

Detail informations can be found in following ossnote ;

2125088 – CommonCryptoLib in dw_utils.sar

Recommended locations of files are ;

- SAP Cryptographic Library and SAPGENPSE files are (profile parameter DIR_EXECUTABLE).

  • Windows:<DRIVE>:\usr\sap\<SID>\SYS\exe\run
  • UNIX:/usr/sap/<SID>/SYS/exe/run

- License ticket, server’s SNC PSE and credentials are (DIR_INSTANCE directory).

  • Windows:<DRIVE>:\usr\sap\<SID>\<instance>\sec
  • UNIX:/usr/sap/<SID>/<instance>/sec

- Parameter to set the location of the SAP Cryptographic Library (Profile parameter snc/gssapi_lib).

  • Windows:<DRIVE>:\usr\sap\<SID>\SYS\exe\ run\sapcrypto.dll
  • UNIX:/usr/sap/<SID>/SYS/exe/run/ libsapcrypto.<ext>

- Parameter to set the location of the license ticket and credentials.

       for Windows NT

  • Registry key: KEY_LOCAL_MACHINE\Software\ SAP\<SID>\environment\ SECUDIR
  • Value : <DRIVE>:\usr\sap\<SID>\ <instance>\sec

       for Unix

  • Login file for<sid>adm
  • Value : /usr/sap/<SID>/<instance>/sec

 

 

Leave a Reply


nine − 5 =

Blogroll