Hello everyone,
I am using SNC to Encrypt Client/Server GUI Traffic from Windows GUI clients to SAP AS ABAP running on Solaris 10. SSO is not a consideration in this configuration.
I have read the "Installation, Configuration, and Administration Guide - SAP NetWeaver Single Sign-On SP1". My AS ABAP System is now configured and running an SNC X.509 Configuration as described in section 3.1 (Starting on Page 19) of this document. All well so far. dev_w0 confirms SNC is enabled on AS ABAP.
My Windows GUI Installation (SAPGUI 7.30 - Patch 2) is has SNC enabled
On the "Network" tab of the given GUI Connection I have check "Activate Secure Network Communication" and have entered the same "SNC Name" as is entered in "snc/identity/as", which corresponds to the PSE that has been entered using STRUST (obviously).
The Server SNC Key is signed by a root certificate I created using "snc createroot".
My GUI won't allow the connection because seemingly it can't resolve the trust path back to my self-created rootCA (makes sense).
My question: is there any way to get the GUI to recognize and trust my self-created root-CA or am I forced into abandoning this solution and using Kerberos as described starting on Page 22 (with Section 3.2) and in this overview?
Many thanks for your thoughts...