Preparing Customer Networks for Certificate-Based Authentication
Since SAP Focused Run 3.0 FP 02, you can set up certificate-based communication for your customer networks.
Please note: If you operate an older SAP Focused Run system (Release 3.0 FP 02 and lower), follow the instructions in SAP Note 3138250 and cross-check that all Simple Diagnostics Agents have at least SP 58.
- Navigate to the network you want to change
- Navigate to 'Agent Settings'
- Select 'Override Global TLS/SSL Settings'
- Select 'SAP Host Agent Communication via TLS/SSL'
Preliminary Information
The prerequisite for this is a successful preparation of the infrastructure, to achieve secure communication. This is a customer responsibility. The product SAP Focused Run does not offer mechanisms to manage or distribute certificates.
Fundamentally, this setup requires a sound knowledge of certificate handling and SSL encryption at customer side.
This documentation introduces the topic based on SAP products e.g., SAP Web Dispatcher. It is possible to use other tools, the parameterization will be slightly different. The overall concept stays valid.
Fundamentals
To realize a certificate-based communication, the SAP NetWeaver ABAP functionality certrule is used. Links to the documentation can be found in the last section “Links and Help”.
There are three areas, that can be considered for certificate-based communication. It is possible to use certificate-based communication only partly.
- Simple Diagnostics Agent as central data provider for all SAP Focused Fun applications.
- Landscape discovery for modelling technical systems in LMDB of SAP Focused Run.
- EarlyWatchAlert data transfer from connected ABAP systems to SAP Focused Run.