SAP NetWeaver SNI configuration

Published by Tobias Hofmann on

3 min read

To show a correct configuration and to be able to connect to a HTTP service that needs SNI support enabled, I’ll connect my NetWeaver ABAP system to a public OData service. You can read my blogs for more information on SNI in general and SNI with NetWeaver ABAP.

Scenario and pre-requisites

I´ll use the SAP NetWeaver ABAP Developer Edition to show how to enable SNI support. It´s an SAP system with kernel release 753 PL 400 and the default value is false. Goal of the scenario is to connect to https://services.odata.org via SM59. For this to work, NW ABAP must connect to the web server and use SNI. Without SNI, the target server cannot be resolved and a wrong TLS certificate will be returned.

Enable SNI support

Tx: RZ10
Parameter: icm/HTTPS/client_sni_enabled 
Value: true
Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

Connect to HTTPS service

To be able to connect from NetWeaver ABAP to the external OData service via HTTPS, a connection must be created. This is done in transaction SM59.

Tx: SM59
Connection type: G
URL: services.odata.org
Port: 443
Description: Northwind OData service

Go to tab security options. Here the PSE used to connect to the service is provided. The certificate chain of the service must be imported into the selected PSE. NetWeaver will act as a normal browser client and not try to authenticate the user. The PSEA for anonymous connections is used.

Configure PSE for SSL Client Anonymous

The certificates needed to be able to connect to the service https://service.odata.org are not available in PSEA. These must first be obtained from the service and imported into the PSEA. Download the correct certificates from the service.odata.org and save them in Base64 CER format.

Tx: STRUST
Ein Bild, das Text enthält.

Automatisch generierte Beschreibung

Connection test

If all parameters are configured, SM59 can connect to a cloud service and send the correct server name in the SNI field.

Let the world know
Categories: BasisSAP

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.