SAP Host Agent x509 authentication

•

2 j'aime•758 vues

This document provides instructions for setting up SSL connectivity between SAP LVM and the SAP Host Agent using x509 certificate authentication. It involves generating a certificate signing request for the LVM server, having it signed by a certificate authority, importing the signed certificate and CA/intermediate certificates into the LVM keystore. It also describes adding the CA/intermediate certificates to the Host Agent's PSE, configuring the host profile, and testing the SSL connection. The aim is to connect LVM and the Host Agent without username/password authentication.

Logiciels

• This
document
provides
a
quick
overview
of
how
to
setup
SSL

connectivity
from
SAP
LVM
to
the
SAP
Host
Agent
• The
SAP
Host
Agent
is
installed
on
every
system
hosting
an
SAP

instance
and
must
be
connected
to
LVM
to
make
use
of
its

functionality
• This
document
describes
how
the
SSL
setup
can
be
achieved
in

a
UNIX
environment
but
it
can
be
easily
adapted
for
the

Windows
platform
• The
document
is
aimed
at
system
administrators
familiar
with

the
SAP
Host
Agent
who
wish
to
connect
SAP
LVM
to
the
Host

Agent
without
the
need
for
user/password
authentication
Introduction

Diagrammatic
Overview
Certificate
Chain
Server
ALVM
Server
(lvm01.com
)
Hostagent
PSE /usr/sap/hostctrl/exe/sec/SAPSSLS.pse
Port
1128
(HTTP)
Port
1129
(HTTPS)
ICA
certificate
CA
certificate
CN=lvm01.com

(signed
by

CA)
host_profile /usr/sap/hostctrl/exe/host_proflie
LVMView
Keystore
service/sso_admin_user_0
=
CN=lvm01.com,
OU=*,
C=GB
HTTP
with
BASIC
(username/password)
HTTPS
with
X.509
(client
certificate)
Validate
against
CA
&
ICA
in
PSE
Added
to
PSE
Added
to
keystore view
CSR
3rd Party

Certificate

Authority
#1
#2
#3
#4
#5
HTTP
Client HTTP
Server
$$$

• Generate
a
Certificate
Signing
Request
(CSR)
from

“LVMView”
key
store
view
in
NetWeaver
Administrator
• The
CN
should
be
the
server
name
(in
lowercase)
(same
as
an
SSL
certificate
at
this
point)
• Upload
to
your
favourite
3rd
Party
Certificate
Signing

Authority
1 2 3 4 5

• You
must get
a
signed
certificate
from
a
3rd Party
CA
• You
can
not use
a
self-‐signed certificate
(Since
LVM
2.0
sp3
-‐ SAP
Note:
1878159)
• The
certificate
must have
“Enhanced
Key
Usage”
with
“Client
Authentication”:
1 2 3 4 5

• Download
your
signed
certificate
• Also
download
the
Certificate
Authority
(CA)
and

Intermediate
Certificate
Authority
(ICA)
certificates
• Upload
the
certificates
into
the
“LVMView”
key
store
view
• You
should
have
1
x
private
key
+
n
x
certificates
in

“LVMView”
1 2 3 4 5

• Create
a
PSE
for
the
SAP
host
agent
(if
not
existing)
• The
PSE
can
be
self-‐signed,
you
don’t need
a
signed
certificate

here
• Add
*only*
the
CA
and
ICA
certificates
to
the
PSE
1 2 3 4 5

• Add
the
parameter
“service/sso_admin_user_0”
to
the

host_profileof
the
host
agent
• Restart
the
host
agent
• Check
sapstartsrv.log
(in
the
host
agent
work
directory)
for

confirmation
that
it’s
listening
on
port
1129
1 2 3 4 5

• You
can
now
edit
the
hosts
in
LVM
and
choose
X.509
as
the
host

agent
authentication
mechanism
• In
the
drop-‐down
you
should
see
the
private
key
you
uploaded

into
the
“LVMView”
key
store
• Make
sure
you
*test*
the
connection
Round
Up

• SAP
Note:
1907566
-‐ “Obtaining
the
Latest
SAP
Host
Agent
Documentation”

(see
PDF
attached
to
note)
• SAP
Note:
1439348
-‐ “Extended
security
settings
for
sapstartsrv”
• help.sap.com:
Configuring
SSL
for
SAP
Host
Agent
on
UNIX
• SCN:
http://scn.sap.com/message/16839422
Resources

Contenu connexe

Tendances

SAP ASE Migration Lessons Learned

Aliter Consulting

Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet

CFEngine

Cfg Mgmtcamp 2015 - Releases

CFEngine

Caching strategies with lucee

Gert Franz

Lucee writing your own debugging template

Gert Franz

Lucee writing your own debugging template

Gert Franz

Catena

Samar Sharma

Database and Public Endpoints redundancy on Azure

Radu Vunvulea

If you're a web developer or a site owner and you've been thinking of breaking out of shared hosting, maybe you've been looking at cloud hosting. This presentation outlines the pros and cons of shared hosting vs cloud hosting, and how to build a roll-your-own cloud host, complete with a clean, fast, free open source control panel. The talk was delivered to the Melbourne Joomla! User Group on 25 March 2015.

Roll your own FOSS cloud hosting

Russell Searle

Nagios Conference 2011 - Mike Weber - Training: Reducing Nagios Server Load ...

Nagios

Como atualizar meu ambiente para o tfs 2013

Leandro Prado

Akamai, with a network of well over 100,000 globally distributed servers running custom software for optimizing Internet traffic, tackles many problems relating to scale, management, and software quality. Many different groups within the corporate ecosystem maintain largely disparate stacks of software deployed to overlapping subsets of these servers, with complex and loosely-defined interdependencies between many of these software systems. Describing the complete state of a given system, much less a group of these systems, is often difficult or impossible. This makes it difficult for a given team to “stub out” such systems for outside teams to use in their development and testing efforts. Because we’ve found that the use of well-managed, realistic environments is integral to the eventual success of our software deployments, we’ve maintained multiple test networks that are complete copies of the deployed Akamai network for general use internally. However, as the company grows in size and scope, maintaining these has become an increasingly difficult burden. As a possible solution, we’ve begun to leverage OpenNebula to build multiple well-maintained instances of the groupings of servers that comprise our network. We’ve created the ability to manage and maintain each of these instances as a single independent unit, and to quickly and easily create perfect clones of these instances in our private OpenNebula cloud. Use of these well-maintained cloned instances can then be distributed to various groups, and even individuals, that require them. Groups can integrate their own machines into these cloned instance units to realize the benefits of virtualization as well as the ability to provide their software as infrastructure for other internal development groups. The talk will discuss some of the technical details of our solution, how it or similar approaches might fit the needs of other companies like Akamai, and how OpenNebula has been instrumental in its development.

Clone your Network with OpenNebula

NETWAYS

Run tests at scale with on-demand Selenium Grid using AWS Fargate

Megha Mehta

Tendances (13)

SAP ASE Migration Lessons Learned

Config Management Camp 2015 - How to Deploy CFEngine in the Open Internet

Cfg Mgmtcamp 2015 - Releases

Caching strategies with lucee

Lucee writing your own debugging template

Catena

Database and Public Endpoints redundancy on Azure

Roll your own FOSS cloud hosting

Nagios Conference 2011 - Mike Weber - Training: Reducing Nagios Server Load ...

Como atualizar meu ambiente para o tfs 2013

Clone your Network with OpenNebula

Run tests at scale with on-demand Selenium Grid using AWS Fargate

Similaire à SAP Host Agent x509 authentication

June OpenNTF Webinar - Domino V12 Certification Manager Managing SSL certificates in Domino was always a challenge. The certificates had to be created using OpenSSL and then imported into a key ring file using the kyrtool. Both tools were command line based. Now in V12, HCL has introduced the Certificate Manager. This will greatly simplify the the process of using certificates in Domino. And there are other security enhancements that will be covered in the webinar. Daniel Nashed, an HCL Lifetime Ambassador, will walk us through the setup and use of the new Domino V12 Certificate Manager. This webinar is a must for any Domino admins (and developers too!)

June OpenNTF Webinar - Domino V12 Certification Manager

Howard Greenberg

SSL deep dive vCenter Server 5.5

fbuechsel

Securing Kafka

confluent

Kafka 2018 - Securing Kafka the Right Way

Saylor Twift

Using MCollective with Chef - cfgmgmtcamp.eu 2014

Zachary Stevens

VMworld 2015: VMware vSphere Certificate Management for Mere Mortals

VMworld

IBM MQ V8 introduced a number of new security features. This session will take you through the two major features, Multiple Certificates and Connection Authentication. In IBM MQ V8 you are no longer restricted to only using one certificate for you queue manager with an IBM enforced label. Now you can have your own certificate labels and can allocated a different certificate for any specific channel. How about authentication? Finding that digital certificates are more security than your need? Want some authentication without having to write a security exit. IBM MQ V8 gives you built-in user ID and password validation. Other security features related to the MQ CHLAUTH rules are covered in a separate session

IBM MQ V8 Security

Morag Hughson

Adobe Connect on-premise SSL Guide

RapidSSLOnline.com

Enhance your website's security with Reliqus Consulting's simple guide on how to install an SSL certificate. Our step-by-step instructions make it easy for anyone to boost their site's protection. Learn the importance of SSL certificates and follow our user-friendly process to ensure a secure connection for your visitors. Safeguard sensitive data and build trust with your audience by implementing this crucial security measure.

Learn to Add an SSL Certificate Boost Your Site's Security.pdf

ReliqusConsulting

vmware_ports.pdf

ssuser9ca440

Service management Dec 11

Richard Conway

Service Management Dec 11

clarendonint

IBM MQ Security Deep Dive

IBM Systems UKI

Learn how to load balance your applications following best practices with NGINX and NGINX Plus. On-Demand Recording: https://www.nginx.com/resources/webinars/high-performance-load-balancing/ Join this webinar to learn: * How to configure basic HTTP load balancing features * The essential elements of load balancing: session persistence, health checks, and SSL termination * How to load balance MySQL, DNS, and other common TCP/UDP applications * How to have NGINX Plus automatically discover new service instances in an auto-scaling or microservices environment About the webinar You’ve built a great application and it’s gaining in popularity. Or maybe you already have a hardware load balancer and you’re looking to replace it with a software solution. In this webinar we’ll share the latest information on how to scale-out and load balance your applications with NGINX and NGINX Plus.

NGINX: High Performance Load Balancing

NGINX, Inc.

Automating Compliance with InSpec - AWS North Sydney

Matt Ray

Active Directory Single Sign-On with IBM

Van Staub, MBA

Configuration of Self Signed SSL Certificate For CentOS 8

Kaan Aslandağ

ACME is a protocol for automating certificate lifecycle management communications between Certificate Authorities (CAs) and a company’s web servers. The most known implementation is the one made by Let’s Encrypt non-profit CA. There are many other implementation and one of the most attractive and easy to use is Apache httpd mod_md. During the talk I will explain why ACME protocol is important to secure web sites and how mod_md could ease the transition to a more secure www.

ACME and mod_md: tls certificates made easy

Giovanni Bechis

LASCON 2013 - AWS CLoud HSM

Oleg Gryb

Radical changes in security have dramatic impact on load balancing. SSL/TLS is changing so rapidly that enterprises are forced to do a forklift upgrade of their hardware load balancers. However, with Avi's software load balancer, it’s as simple as a version update. In this webinar, we will catch you up the latest SSL facts. - SSL termination can be done with only software. And it has better security, scalability, and lower cost. That’s how Facebook and Google do it. Let’s see how. - RSA and Elliptic-curve cryptography (ECC) have different implications for perfect forward secrecy (PFS), HTTP/2 and TLS 1.3 support. Let’s compare. - SSL health score allows you to manage expiring certificates, automated certificate renewals, and notification alerts from a centralized control plane. Full webinar: https://info.avinetworks.com/webinars-avi-tech-corner-episode-4

Adopting Modern SSL / TLS

Avi Networks

Similaire à SAP Host Agent x509 authentication (20)

June OpenNTF Webinar - Domino V12 Certification Manager

SSL deep dive vCenter Server 5.5

Securing Kafka

Kafka 2018 - Securing Kafka the Right Way

Using MCollective with Chef - cfgmgmtcamp.eu 2014

VMworld 2015: VMware vSphere Certificate Management for Mere Mortals

IBM MQ V8 Security

Adobe Connect on-premise SSL Guide

Learn to Add an SSL Certificate Boost Your Site's Security.pdf

vmware_ports.pdf

Service management Dec 11

Service Management Dec 11

IBM MQ Security Deep Dive

NGINX: High Performance Load Balancing

Automating Compliance with InSpec - AWS North Sydney

Active Directory Single Sign-On with IBM

Configuration of Self Signed SSL Certificate For CentOS 8

ACME and mod_md: tls certificates made easy

LASCON 2013 - AWS CLoud HSM

Adopting Modern SSL / TLS

Dernier

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

WSO2

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

masabamasaba

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic near me by a powerful astrologer and spell caster in Atlanta. Bring back your lover with Asaf's voodoo-love witchcraft. Psychic Reading | Astrologer | Spell Caster | Obsession Spells | Black Magic | Witchcraft | Protection spell | wiccan spells. Black magic expert and voodoo love spells that work overnight to retrieve that love | lost love spell caster with powerful love psychic reading. Best astrologer & psychic in Sandy Springs, GA to renew your relationship & make your relationship stronger. love spells to bring back the feelings of love for ex-lovers. Increase the intimacy, affection & love between you and your lover using voodoo relationship obsession spells in USA. Money spells, easy love spells with just words, think of me spell, powerful love spell, spells of love, spells that work, love potion to attract a man, easy love spells with just words, pink candle prayer, white magic spells, call me spell, manifestation spell, gay love spells, Commitment spells, business spells and, how to bring back lost love in a relationship, Witchcraft love spells that work immediately to increase love & intimacy in your relationship. Attraction love spells to attract someone, stop a divorce, prevent a breakup & get your ex back. When using love binding spells, there are several things you should know, particularly how to protect yourself from negative energies and how to use the powers of incantations for the good of all people involved. When the focus is love, the results are truly magical. It’s important to remember love is not manipulative, it is not forceful, and it does not bend another to its will. Love is free-flowing, accepting, kind, and generous. For your love spell to work as intended, you must have good intentions in your heart. Below, we share the top five love spells you can use today to shift the energies in your life and create a future filled with love and fulfilment. Obsession spells to Get Your Ex-Lover Back. All women want one thing the most in life to be love and love in return – not much to ask. A lady wants a good man who loves you unconditionally and loyally. You want a man who is honest, hardworking, and loyal – not a complainer or a weakling or a self-centred man. You are a strong, independent, sensual, caring, loving woman. And you don’t think it’s asking too much to want to be with a loving, intelligent man with a good sense of humour and daring, an upright and confident man – who knows who he is. No one wants a chauvinistic and macho man, but you do want someone who will be willing to protect and care for you. Who loves you for you and not some kind of imaginary. You have no doubt that when the right guy appears on your doorstep, you’ll never let him go. But sometimes a man doesn’t realize he has that good woman.

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

chiefasafspells

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

masabamasaba

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

Presentation.STUDIO

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

Jittipong Loespradit

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

masabamasaba

WSO2CON 2024 - Does Open Source Still Matter?

WSO2

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

masabamasaba

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

masabamasaba

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Bert Jan Schrijver

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg

masabamasaba

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

Philip Schwarz

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

masabamasaba

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

tonesoftg

lanshi9

Dernier (20)

WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

AI & Machine Learning Presentation Template

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

WSO2CON 2024 - Does Open Source Still Matter?

%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...

Architecture decision records - How not to get lost in the past

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg

Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

tonesoftg

SAP Host Agent x509 authentication

1. SAP Host Agent x509 Authentication

2. • This document provides a quick overview of how to setup SSL connectivity from SAP LVM to the SAP Host Agent • The SAP Host Agent is installed on every system hosting an SAP instance and must be connected to LVM to make use of its functionality • This document describes how the SSL setup can be achieved in a UNIX environment but it can be easily adapted for the Windows platform • The document is aimed at system administrators familiar with the SAP Host Agent who wish to connect SAP LVM to the Host Agent without the need for user/password authentication Introduction

3. Diagrammatic Overview Certificate Chain Server ALVM Server (lvm01.com ) Hostagent PSE /usr/sap/hostctrl/exe/sec/SAPSSLS.pse Port 1128 (HTTP) Port 1129 (HTTPS) ICA certificate CA certificate CN=lvm01.com (signed by CA) host_profile /usr/sap/hostctrl/exe/host_proflie LVMView Keystore service/sso_admin_user_0 = CN=lvm01.com, OU=*, C=GB HTTP with BASIC (username/password) HTTPS with X.509 (client certificate) Validate against CA & ICA in PSE Added to PSE Added to keystore view CSR 3rd Party Certificate Authority #1 #2 #3 #4 #5 HTTP Client HTTP Server $$$

4. • Generate a Certificate Signing Request (CSR) from “LVMView” key store view in NetWeaver Administrator • The CN should be the server name (in lowercase) (same as an SSL certificate at this point) • Upload to your favourite 3rd Party Certificate Signing Authority 1 2 3 4 5

5. • You must get a signed certificate from a 3rd Party CA • You can not use a self-‐signed certificate (Since LVM 2.0 sp3 -‐ SAP Note: 1878159) • The certificate must have “Enhanced Key Usage” with “Client Authentication”: 1 2 3 4 5

6. • Download your signed certificate • Also download the Certificate Authority (CA) and Intermediate Certificate Authority (ICA) certificates • Upload the certificates into the “LVMView” key store view • You should have 1 x private key + n x certificates in “LVMView” 1 2 3 4 5

7. • Create a PSE for the SAP host agent (if not existing) • The PSE can be self-‐signed, you don’t need a signed certificate here • Add *only* the CA and ICA certificates to the PSE 1 2 3 4 5

8. • Add the parameter “service/sso_admin_user_0” to the host_profileof the host agent • Restart the host agent • Check sapstartsrv.log (in the host agent work directory) for confirmation that it’s listening on port 1129 1 2 3 4 5

9. • You can now edit the hosts in LVM and choose X.509 as the host agent authentication mechanism • In the drop-‐down you should see the private key you uploaded into the “LVMView” key store • Make sure you *test* the connection Round Up

10. • SAP Note: 1907566 -‐ “Obtaining the Latest SAP Host Agent Documentation” (see PDF attached to note) • SAP Note: 1439348 -‐ “Extended security settings for sapstartsrv” • help.sap.com: Configuring SSL for SAP Host Agent on UNIX • SCN: http://scn.sap.com/message/16839422 Resources

11. Thank-‐you

SAP Host Agent x509 authentication

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (13)

Similaire à SAP Host Agent x509 authentication

Similaire à SAP Host Agent x509 authentication (20)

Dernier

Dernier (20)

SAP Host Agent x509 authentication