Enable HTTP Communication With SAP Backbone For SAP_BASIS 700 to 731
Last year SAP advised its customers to enable the SNOTE in the ABAP systems for digitally signed notes and change the connectivity methods of SAP systems with SAP support backbone which included the below:
For systems with releases SAP_BASIS 740 and above, the HTTPs connections had to be created in the systems to replace the RFC connectivity.
For systems with releases SAP_BASIS 700 to 731, SAP advised to continue using the normal SAPOSS related RFCs by replacing the user with the technical SUSER in that RFC.
As many customers did not follow the deadline of 31st Dec 2019, SAP extended the deadline for few important functions (SAP Notes download and EWA reports) as an exception to continue using the RFC connectivity with SAP backbone.
The exceptions were as below:
SAP allowed the RFC channels to work for SAP_BASIS 740 and above until 31st July 2020 after which this communication has stopped already. So if your systems are on release SAP_BASIS 740 and above and you have not already switched to HTTPS channel for these systems, follow my other blog to enable the HTTPS connectivity with SAP Support Backbone.
If your systems fall in the category of release SAP_BASIS 700 to 731 and you were continuing to use the RFC channel according to the instructions by last year, you will now need to switch to the HTTPS connectivity for these releases as well now since SAP will cease all the RFC channel communication for SAP_BASIS 700 to 731 with Support backbone after 30th Nov 2020.
This blog is for the scenario 2. If your system fall under scenario 1, leave this page and follow my other post.
I hope you have already enabled the SAP systems for digitally signed notes as SAP now releases the digitally signed notes only for which SNOTE needs to be prepared in the systems. If you still have not enable SNOTE for digitally signed notes, check this step by step guide.
How to switch to HTTPS communication with SAP Support Backbone?
This blog is only valid for SAP_BASIS release 700 to 731
As it might confuse some on the sequence of the steps and their relevance, I have written this blog to assist you in simple steps.
1. First of all, your ABAP system should have the HTTPS port enabled in the system. You can check this in services section of SMICM t-code. If HTTPS port is not enabled, you can follow this SAP blog to activate it.
Please note that this step requires the downtime.
2. Check that CommonCryptoLib <SAPCRYPTOLIB> Version >= 8.4.48
Start transaction: SE37 - Function Builder
Enter function module: SSF_KRN_VERSION
3. Check TLS prot. version >= TLSv1.1 with BEST-OPTION
Change the value of SAP profile parameter ssl/client_ciphersuites to the recommended value 150:PFS:HIGH::EC_P256:EC:HIGH in the default profile of the system
Further instructions in the document attached to SAP Note 2827658.
4. Ensure that PSE of SSL Client SSL Client (Standard) is activated in STRUST of your system. If it is disabled, right click on it and you can create it with the default values.
5. Download and add the below 4 certificates in the SSL Client SSL Client (Standard) in STRUST.
· DigiCert Global Root CA
· DigiCert Global Root G2
· DigiCert High Assurance EV Root CA
· VeriSign Class 3 Public Primary Certification Authority - G5
Detailed instructions are provided in the manual config guide of SAP Note 2827658.
6. Go to t-code SNOTE and implement the SAP Note 2928592.
It might download and implement the pre-requisite SAP Notes 2608378,2721941, 2722027, 2857949, 2881936, 2895954, 2453960 and 2610222 , this list is based on your SAP_BASIS release and patch level of the system.
You need to ensure that you finish all the manual pre-implement and post-implement steps of these notes (if applicable).
Save all these SAP notes and manual steps in one transport request.
7. Create the below 2 destinations in SM59:
a) HTTP destination SAP-SUPPORT_PORTAL of type H.
b) HTTP destination SAP-SUPPORT_NOTE_DOWNLOAD of type G
Follow the section 188.8.131.52 of the pdf attached to SAP note 2928592 for the detailed instructions
8. Execute report RCWB_SNOTE_DWNLD_PROC_CONFIG and select the HTTP protocol to use the above defined RFC destinations.
All done, now you can test the SAP Notes download in SNOTE.
You can let me know in the comments section if you face any issues in configuring this.