Setting Up the SNC
- Yeok Hong Ng
The SNC (Secure Network Communcations) is available and enabled by default in the SAP RFC agent to provide additional security layer to the connection. This page contains the additional information and steps to setting up the SNC for SAP RFC Profile.
Environment Preparation
On all servers, update the .bashrc with the following env variables. The SNC directory is assumed to be /sapmntmz/snc.
sudo sed -i -e '$a export SECUDIR=/sapmntmz/snc/sec' /home/mzadmin/.bashrc sudo sed -i -e '$a export SNC_LIB=/sapmntmz/snc/libsapcrypto.so' /home/mzadmin/.bashrc
Configuration
Follow the steps below to set up the required SNC.
Note!
You are required to replace the <values> in the following commands with your local values.
- Prior to setting up the SNC, ensure that the SAP tooling is installed in the /sapmntmz/snc directory.
On the CM server, generate a client PSE with the following:
./sapgenpse get_pse -p cmr.pse -x cmr@e1r8 "CN=<cn_name_value>,OU=<ou_value),O=<o_value>,C=<c_value>"
Create the credentials and attach them to the OS users.
./sapgenpse seclogin -p cmr.pse -x cmr@e1r8 -O mzadmin
Export the certificate.
./sapgenpse export_own_cert -o cmr.crt -p cmr.pse -x cmr@e1r8
- Import the certificate to the SAP RFC server. This certificate does not require a signature.
The SAP RFC Server provides a signed certificate to be placed in local PSE on the CM server.
./sapgenpse maintain_pk -a E1R_SNC_Certificate.crt -p cmr.pse -x cmr@e1r8
Next, restart the platform.
mzsh system stop && mzsh restart platform && mzsh system start
SNC Validation
Once you have completed the configuration, you can now validate the SNC by creating an RFC Profile with the SNC option selected. For more information, refer to SAP RFC Profile.