Simple Diagnostics Agent TLS Configuration
In the following it is described, how you can setup SDA using its own keystore:
The SDA can act as client and as server. Mostly, the SDA operates as a client. In the setup of system landscape data router (SLDR) the SDA operates as a server. The documentation below describes the steps to set up TLS and SSO in the SDA keystore.
Expert tasks for the maintenance of the SDA keystore are described in the following notes. Whether these tasks need to be executed depends on your security policy.
Notes for optional operations:
- To reuse certificates from PCKS#12 keystore, follow the SAP Note 2633417
- To enable server certificate verification at TLS handshake, apply SAP Note 2632984
- Starting with SAP Focused Run 4.0 FP03, is it possible to enable the verification of server certificates on SDA level during the network administration
- To allow usage of keystores and certificates protected by custom passwords, follow SAP Note 2651765
- To enable SNC on SDA for secure communication from SDA to ABAP, follow SAP Note 2607542