The applications that use the SSF functions (digital signatures and digital envelopes) do not all need to use the same security environment for applying the SSF functions. For example, different applications can use different security products.

Use this Customizing activity to specify the application-dependent parameters for using SSF functions.

Example

The SAP ArchiveLink HTTP content server 4.5 interfaces uses the SAP Security Library (SAPSECULIB) as the security provider to digitally sign archive requests. However, to sign inspection lots in Quality Management, you want to use an external security product. To make sure that each application can access the product-specific information it needs, you must maintain the SSF information that applies specifically to each application.

Requirements

The information to specify in these parameters is determined by the application that uses the SSF functions. Refer to the application's documentation to find the information that you need.

Make sure that the names of the security products and the locations of their libraries are correctly defined in the SSF profile parameters. Note the following:

• You can use up to three security products. Each product uses a set of SSF profile parameters defined as:
• ssf/...
• ssf2/...
• ssf3/...
• Use the profile parameters ssf<x>/name to specify the names of the security products. (Note that the value of this parameter is case sensitive!) The defaults are:
• ssf/name = SSF
• ssf2/name = SSF2
• ssf3/name = SSF3

• Use the profile parameters ssf<x>/ssfapi_lib to specify the locations of the security products' libraries.

The entry in ssf/ssfapi_lib specifies the default security product to use.

The default values for the ssf<x>/ssfapi_lib parameters are no entries. In these cases, the system searches for the default SSF library libssfso (SAPSECULIB library) in the directory specified by the profile parameter DIR_EXECUTABLE.

Note that if you assign the default security product (ssf/ssfapi_lib and ssf/name) to a product other than SAPSECULIB, then the system automatically assigns SAPSECULIB to the next available ssf<x>/... parameter set.

Example

The SAP ArchiveLink II HTTP content server 4.5 interface uses the SAP Security Library (SAPSECULIB) to create digital signatures. A different application uses an external security product (<product_name>) for digital signatures and digital envelopes. For this scenario, make sure the profile parameters are defined as follows:

• ssf/name = SAPSECULIB
• ssf/ssfapi_lib = location of the SAPSECULIB library libssfso
• ssf2/name = <product_name>
• ssf2/ssfapi_lib = location of the product's library

Standard settings

Per default, the system uses the SAPSECULIB as the security product and the system PSE (Personal Security Environment) to store the server's security information. The system PSE (SAPSYS.pse) is stored in the sub-directory sec in the <instance directory> as defined by the profile parameter DIR_INSTANCE.

Recommendation

Activities

If you do not want to use the SAPSECULIB as the default product, you can use this activity to specify the parameters for a default SSF application. You can also use this activity to define the information to use for additional specific SSF applications.

Note: The available SSF applications are pre-defined. Choose the application you wish to define or modify and enter the information as necessary.

Further notes

For more information on the application-specific parameters, refer to the documentation for the application that uses the SSF functions.

For more information on SSF and digital signatures, see the SAP Library under SAP Web Application Server -> Security -> Secure Store & Forward / Digital Signatures