Use

The ELENA procedure was discontinued. Therefore, the Customizing activities for ELENA are obsolete (SAP Note 1611591).

Note:

Take special note of the latest changes to the setup of the communication server for ZSS/ELENA in the SAP Note 1408879 ELENA: Set Up HTTP(S) Connection for Communication.

Setup of the HTTP Connection

General Information for HTTPS

For general information about setting up the HTTPS connection from the SAP system, see the documentation on SAP Help Portal by choosing the following links:

• Basis 6.40
  http://help.sap.com/saphelp_nw04/helpdata/EN/65/6a563cef658a06e10000000a11405a/content.htm
• Basis 7.00
  http://help.sap.com/saphelp_nw70ehp1/helpdata/de/65/6a563cef658a06e10000000a11405a/content.htm
  (Steps 1, 2, and 3a are mandatory. They are relevant for all releases. An SSL server PSE is also a strict requirement if the system is going to be used only as an SSL client later on.
  Note on 3a: If you do not use the system as an SSL server, use the default values to create the PSE. This PSE has no relation to the PSE of the ITSG (BNxxxxxxxx.pse), which is used later.)

If problems or error messages occur during the setup of the HTTPS connection, you can also refer to SAP Note 634006 Note on the preclarification of ICM messages.

The SSL setup on the Web application server is described in detail in SAP Note 510007 Setting up SSL on Web Application Server ABAP. If the message "HTTPIO_PLG_CANCELED" appears during the connection test (at the end of step 4 or 5), this most likely means that the SSL settings are incorrect and must be corrected.

If problems occur during the SSL setup, you can report them under the component BC-SEC-SSL.

Activities

HR-Specific Setup Steps:

1. Procurement of public HTTPS certificates for ELENA

   You can find the 2 required certificates (test notifications and live notifications) on SAP Service Marketplace by choosing the following path: https://service.sap.com/hrde -> Media Center -> ELENA-Zertifikate (#ELENA Certificates#, file: Elena_Zertifikate_01.zip).
   Save the file to your computer and unpack it. The file contains two certificates in Base64 format.

   You also have the option of procuring the two files as follows:

• Certificate for transferring live data to https://meldung.elena-zss.de/ElenaEXTra/rest
  You can find the file on the Internet at https://www.das-elena-verfahren.de -> ELENA für Arbeitgeber (#ELENA for Employers#, site not available in English).
  Download the file "meldung.elena-zss.de.cer". Note that you must download the file with the extension .cer (format: Base64).
• Certificate for transferring test data to https://meldung.elena-zss-dev.de/
Internet Explorer 6:
- Open Windows Explorer and enter the address https://meldung.elena-zss-dev.de/.
- Double-click the yellow padlock in the bottom right corner. In the dialog box that appears, choose the Details tab.
- Choose the Copy to File pushbutton. Choose the following pushbuttons: Next -> Base-64 encoded# -> Next and enter the file name (for example, Elena_B64). Choose the Next pushbutton, followed by the Finish pushbutton.

Internet Explorer 7:
- Open Windows Explorer and enter the address https://meldung.elena-zss-dev.de/.
- Choose the following #Continue to this website# -> #Certificate Error# -> #View certificates#.
- In the dialog box that appears, choose Details.
- Choose the Copy to File pushbutton. Choose the following pushbuttons: Next -> Base-64 encoded# -> Next and enter the file name (for example, Elena_B64). Choose the Next pushbutton, followed by the Finish pushbutton.

Transaction STRUST (Trust Manager)
Transaction STRUST is client-independent. In this transaction, you create an SSL client for every PSE file you use that has a certificate from ITSG. In this step, the procedure is different for systems with one PSE file than for systems with multiple PSE files.

Variant A

Procedure for an HR system with one client and one PSE file (company number) as the sender:

• Start transaction STRUST in the HR system.
• Choose the menu path Environment -> SSL Client Identity and choose OK in the infobox about client independence.
• Create a new entry by choosing New Entries.
• Enter the following values:
  SSL ID: DRV
  Description: SSL Client (SI German Pension Insurance)
  Select the Active checkbox
  (If the Active field is not available in your release, you do not have to select the checkbox.)
• Save your entries.
• Go back to transaction STRUST via F3 and select the SSL client (SI German Pension Insurance).
• Choose PSE -> Import. For the file, select the PSE file that is also used for encrypting SI notifications.
  Notes:
  (a) This file has the name "BNXXXXXXXX.pse". XXXXXXXX stands for your company number. You can find these files on the server for the HR system. /instance/sec/.
  (b) If a PIN has been assigned for the PSE file, you must enter it here.
  (c) If you use multiple PSEs with different company numbers, you can choose any one of these files to implement the HTTPS connection.
• Save the loaded PSE file by choosing PSE -> Save as #SSL Client# and #DRV#.
  Uploading of the public HTTPS certificate for ELENA from step 1.
  Choose the Import Certificate pushbutton (on the bottom left of the Certificate window) to upload the two files with the certificate. Select B64. The certificate details then appear in the Certificate window. Next, choose the Add to Certificate List pushbutton. The certificate appears in the certificate list.
  After you have uploaded both certificates, you see two new items in the certificate list with the following owners:
  (a) CN=meldung.elena-zss.de, OU=GB0560, O=Deutsche Rentenversicherung Bund, ...
  (b) CN=meldung.elena-zss-dev.de, OU=GB 0500, O=Deutsche Rentenversicherung Bund, ...
  Important: Save these settings.
  

  Variant B:
  Procedure for an HR system with one or more clients and various PSE files (company numbers) that are used as senders:

• For each company number used as a sender (that is, each one with a PSE file entitled BNXXXXXXXX.pse), you must create an SSL client in STRUST.
• Start transaction STRUST in the HR system.
• Choose the menu path Environment -> SSL Client Identity and choose OK in the infobox about client independence.
• Create a new entry by choosing New Entries.
• Enter the following values:
  SSL ID: DRV01
  Description: BNXXXXXXXX SSL Client (GPI)
  Select the Active checkbox.
  (If the Active field is not available in your release, you do not have to select the checkbox.)
• Save your entries.
• Use F3 to go back to transaction STRUST and select SSL client DRV01.
• Choose PSE -> Import. For the file, select the PSE file that is also used for encrypting SI notifications. BNXXXXXXXX.pse: You can find these files on the server for the HR system. /instance/sec/. If a PIN has been assigned for the PSE file, you must enter it here.
• Save the loaded PSE file by choosing PSE -> Save as #SSL Client# and #DRV01#.
  Uploading of the public HTTPS certificate for ELENA from step 1.
  Use the Import Certificate pushbutton (on the bottom left of the Certificate window) to upload the two files with the certificate. Select B64. The certificate details then appear in the Certificate window. Next, choose the Add to Certificate List pushbutton. The certificate appears in the certificate list.
  After you have uploaded both certificates, you see two new items in the certificate list with the following owners:
  (a) CN=meldung.elena-zss.de, OU=GB0560, O=Deutsche Rentenversicherung Bund, ...
  (b) CN=meldung.elena-zss-dev.de, OU=GB 0500, O=Deutsche Rentenversicherung Bund, ...
  Important: Save these entries (using the button with the diskette symbol).
• Repeat these steps for each PSE file that you use and change the values accordingly.
  Example:
  - BN12345678.pse: SSL ID: DRV01, Description: BN12345678 SSL Client (GPI)
  - BN87654321.pse: SSL ID: DRV02, Description: BN87654321 SSL Client (GPI)
• See SAP Note 1452519 "ELENA: HTTP code 401/logon screen for creating connections" for additional examples for implementing multiple PSE files.

1. Transaction SMICM (ICM Monitor)
   Restarting the ICM system.
• Launch transaction SMICM.<