Enable HTTPS Connection Between SAP and the Fabasoft iArchiveLink Service
Optionally, the connection between SAP and the Fabasoft iArchiveLink Service can be configured as HTTPS connection.
- Fabasoft iArchiveLink is fully configured and working with a HTTP connection.
- A SSL client PSE (Standard) is available in SAP.
For more information about how to create or maintain PSEs, please consult the SAP documentation. Especially the SAP Cryptographic Library is needed for SSL PSEs.
For example, see: https://help.sap.com/doc/erp2005_ehp_08/6.0.8/en-US/d4/085e3a1d589804e10000000a114084/frameset.htm
- A certificate and the issuing certificate authority for the Fabasoft iArchiveLink Service.
- Enable HTTPS for the Fabasoft iArchiveLink Service.
- Add the certificate authority to the certificate list of the SSL client PSE.
- Configure the content repository to require HTTPS.
Enable HTTPS for the Fabasoft iArchiveLink Service
If the HTTPS protocol should be used for communication with the Fabasoft iArchiveLink Service, it has to be enabled explicitly.
In a Microsoft Windows environment, HTTPS for the Fabasoft iArchiveLink Service has to be enabled in the Microsoft Internet Information Services. Please consult the third-party documentation for detailed information.
For example, see: https://docs.microsoft.com/en-us/iis/manage/configuring-security/configuring-ssl-in-iis-manager
To enable HTTPS in a Microsoft Windows environment, proceed as follows:
- Open the Internet Information Services Manager.
- Navigate to the default web site and define a HTTPS binding. Select the prepared certificate that should be used for authenticating the web server.
- Navigate to the FSCArSap application. Open the SSL settings feature and select Require SSL.
To enable HTTPS in a Linux environment, proceed as follows:
- Edit the file /etc/fabasoft/web/ssl.conf. Uncomment and configure the following lines:
SSLCertificateFile <path to server certificate>
SSLCertificateKeyFile <path to keyfile>
SSLCACertificateFile <path to ca certificate>
- Edit the file /etc/fabasoft/web/WebService_<number>.conf. Replace <number> with the number of the Fabasoft Folio Web Service, where the HTTPS protocol should be used for communication.
Add the following line to the include paragraph:
- Comment or remove other login directives like:
# AuthName "Fabasoft Folio"
# AuthType Basic
# AuthUserFile /etc/fabasoft/web/htpasswd
# AuthGroupFile /etc/fabasoft/web/htgroups
# Require valid-user
- Restart the Fabasoft Folio Web Service.
Add the Certificate Authority in SAP
In order that SAP accepts the certificate used for the Fabasoft iArchiveLink Service, the issuing certificate authority has to be added to SAP.
To add the prepared certificate authority in SAP, proceed as follows:
- Start the “Trust Manager” (transaction “STRUST”).
- Navigate to the “SSL Client (Standard)”.
- In the “Certificate” area, click “Import certificate“. Specify the path to the CA certificate and choose the right encoding (e.g. Base64). Click “Continue” to save the changes.
- Click “Add to Certificate List” to add the certificate to the “Certificate List”.
- Save the configuration settings.
- Restart all ICM processes.
To do so, start the transaction “SMICM”.
Click “Administration” > “ICM” > “Exit Hard” > “Global”:
Configure the Content Repository to Require HTTPS
To configure the content repository, proceed as follows:
- Start the transaction “OAC0”.
- Open the previously defined content repository (see chapter 4.2 “Content Repository”).
- Type “%HTTPS” in the transaction field:
- Define the SSL port of the Fabasoft iArchiveLink Service and set HTTPS as required for the frontend and backend.
- Use “Test Connection” to test the connection between SAP and the Fabasoft iArchiveLink Service.
- Save the settings.