SAP Host Agent x509 authentication

753 views 11 slides Sep 05, 2016

Slide 1 of 11

About This Presentation

See how to setup SSL authentication from SAP Landscape Virtualisation Management to SAP Host Agent.

Size: 4.56 MB

Language: en

Added: Sep 05, 2016

Slides: 11 pages

Slide Content

SAP$Host$Agent$x509$Authentication

•This%document%provides%a%quick%overview%of%how%to%setup%SSL%
connectivity%from%SAP%LVM%to%the%SAP%Host%Agent
•The%SAP%Host%Agent%is%installed%on%every%system%hosting%an%SAP%
instance%and%must%be%connected%to%LVM%to%make%use%of%its%
functionality
•This%document%describes%how%the%SSL%setup%can%be%achieved%in%
a%UNIX%environment%but%it%can%be%easily%adapted%for%the%
Windows%platform
•The%document%is%aimed%at%system%administrators%familiar%with%
the%SAP%Host%Agent%who%wish%to%connect%SAP%LVM%to%the%Host%
Agent%without%the%need%for%user/password%authentication
Introduction

Diagrammatic$Overview
Certificate$Chain
Server$ALVM$Server
(lvm01.com
)
Hostagent
PSE /usr/sap/hostctrl/exe/sec/SAPSSLS.pse
Port$1128$(HTTP)
Port$1129$(HTTPS)
ICA$certificate
CA$certificate
CN=lvm01.com))(signed$by$
CA)
host_profile/usr/sap/hostctrl/exe/host_proflie
LVMView
Keystore
service/sso_admin_user_0$=$CN=lvm01.com,$OU=*,$C=GB
HTTP$with$BASIC$(username/password)
HTTPS$with$X.509$(client$certificate)
Validate$against$CA$&$ICA$in$PSE
Added$ to$PSE
Added$ to$keystoreview
CSR
3
rd
Party$
Certificate$
Authority
#1
#2
#3
#4
#5
HTTP$Client HTTP$Server
$$$

•Generate$a$Certificate$Signing$Request$(CSR)$from$
“LVMView”$key$store$view$in$NetWeaver$Administrator
•The$CN$should$be$the$server$name$(in$lowercase)
(same$as$an$SSL$certificate$at$this$point)
•Upload$to$your$favourite$3rd$Party$Certificate$Signing$
Authority
12345

•You$mustget$a$signed$certificate$from$a$3
rd
Party$CA
•You$can$notuse$a$selfdsignedcertificate
(Since$LVM$2.0$sp3$dSAP$Note:$1878159)
•The$certificate$musthave
“Enhanced(Key(Usage”
with$“Client(Authentication”:
12345

•Download$your$signed$certificate
•Also$download$the$Certificate$Authority$(CA)$and$
Intermediate$Certificate$Authority$(ICA)$certificates
•Upload$the$certificates$into$the$“LVMView”$key$store$view
•You$should$have$1$x$private$key$+$n$x$certificates$in$
“LVMView”
12345

•Create$a$PSE$for$the$SAP$host$agent$(if$not$existing)
•The$PSE$can$be$selfdsigned,$you$don’tneed$a$signed$certificate$
here
•Add$*only*$the$CA$and$ICA$certificates$to$the$PSE
12345

•Add$the$parameter$“service/sso_admin_user_0”$to$the$
host_profileof$the$host$agent
•Restart$the$host$agent
•Check$sapstartsrv.log$(in$the$host$agent$work$directory)$for$
confirmation$that$it’s$listening$on$port$1129
12345

•You$can$now$edit$the$hosts$in$LVM$and$choose$X.509$as$the$host$
agent$authentication$mechanism
•In$the$dropddown$you$should$see$the$private$key$you$uploaded$
into$the$“LVMView”$key$store
•Make$sure$you$*test*$the$connection
Round$Up

•SAP$Note:$1907566$d“Obtaining$the$Latest$SAP$Host$Agent$Documentation”$
(see$PDF$attached$to$note)
•SAP$Note:$1439348$d“Extended$security$settings$for$sapstartsrv”
•help.sap.com:$Configuring$SSL$for$SAP$Host$Agent$on$UNIX
•SCN:$http://scn.sap.com/message/16839422
Resources

SAP Host Agent x509 authentication

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

SAP Host Agent x509 authentication

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......