2.6 Initial Configuration Wizard
2.6.1 Initial Configuration
This section describes the initial configuration of the Secure Login Server.
Before starting the Initial Configuration Wizard, verify that the Secure Login Server application is running.
Start the initial configuration using the browser URL:
http://localhost:5<instance_number>00/securelogin
Welcome Page
In the welcome page a prerequisite check is performed. Verify all prerequisites.
If everything is OK, choose Continue.
Figure: Initial Configuration Wizard – Welcome Page
Key File for Encryption of Server Credentials
The key file is a file on the server with random content and is used to secure password information in configuration files. You can use any kind of file type which is larger than 32 bytes. You must create or copy the file to the desired location on the server and define it in this configuration step. There is a check whether the key file is available.
Define the location of the key file.
Example:
D:\usr\sap\ServerKeyFile\KeyFile.txt
Figure: Initial Configuration Wizard – Key file for server credentials encryption
Keep in mind that, in case the key file is changed or not available, it is not possible to log on to the Secure Login Administration Console. The Secure Login Server does not work anymore and is locked.
After the configuration, choose Next to continue.
2 Secure Login Server Installation
Administrator Account
Define the password for the administration user Admin.
Figure: Initial Configuration Wizard – Administrator Account Entries marked with * are mandatory.
Passwords used in Secure Login Server are restricted by the password policy definition.
Passwords cannot be empty
Passwords must have a length between 8 to 20 characters
Passwords must contain at least one uppercase letter
Passwords must contain at least one lowercase letter
Passwords must contain at least one digit
Passwords must contain at least one special character
After the configuration, choose Next to continue.
Create Root CA Certificate
Define the parameter for the root CA certificate.
Figure: Initial Configuration Wizard – Create Root CA Entries marked with * are mandatory.
Option Details
Create a Root CA by providing certificate information
Common Name*
Enter the common name of the certificate (CN).
Example: Root CA SAP Security Organization Unit
Enter the division of the company in this field (OU).
Example: SAP Security Department Organization
Enter the company name in this field (O).
Example: Company xyz Locality
Enter the regional information in this field (L).
Example: Walldorf Country
Enter the country abbreviation in this field (C).
Example: DE
Encryption Key Length
Select the encryption key length for the server (512, 1024, 1536, 2048, 3072, or 4096 bits).
2 Secure Login Server Installation
Valid From*
Enter the date from when the validity of this certificate starts (format: YYYY-MM-DD).
Valid To*
Enter the date when the validity of this certificate ends (format: YYYY-MM-DD).
Password*
In this field you enter the password for this certificate.
The password length is limited to 20 characters.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Confirm Password*
Confirm the encryption password entered in the field above.
Import an Existing Key Store File
Checking this option displays the following options:
KeyStore File*
Click Browse… to locate and load an existing KeyStore file (File Format is: *.pse).
Password*
The password for the KeyStore (PSE) file.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Skip this certificate Check this option if you do not want to or do not need to enter any information for this specific certificate at this time.
Skip all PKI certificates Check this option if you do not want to or do not need to enter information for any certificate at this time.
This means you skip all the PKI certificates including the Root CA, SSL CA, SSL Server, and User CA certificates.
You can create or add certificate information at a later time in the Certificate Management function of the Administration Console.
After the configuration, choose Next to continue.
Select the SSL Certificate Generation Type
Choose an option for the SSL certificate.
Figure: Initial Configuration Wizard – Select the SSL Certificate Generation Type
It is possible to install or import SSL certificates later on using the administration console
Certificate Management. For more information, see section 3.3.3 Certificate Management.
Option Details
Generate an SSL certificate using the Secure Login
Administration Console
The SSL certificates for the SAP NetWeaver Application Server (or other Web application server) are created using the Secure Login Administration Console.
Skip all SSL certificates Check this option if you do not want to or do not need to enter information for SSL certificates at this time.
After having chosen an option configuration, choose Next to continue.
2 Secure Login Server Installation
Create SSL CA Certificate
This step is optional and is only available if the option Generate an SSL certificate using the Secure Login administration console was chosen.
Figure: Initial Configuration Wizard – Create SSL CA Information Entries marked with * are mandatory.
Option Details
Create a SSL CA by providing certificate information
Common Name*
Enter the common name of the certificate (CN).
Example: SSL CA SAP Security Organization Unit
Enter the division of the company in this field (OU).
Example: SAP Security Department Organization
Enter the company name in this field (O).
Example: Company xyz Locality
Enter the regional information in this field (L).
Example: Walldorf Country
Enter the country abbreviation in this field (C).
Example: DE
Encryption Key Length
Select the encryption key length for the server (512, 1024, 1536, 2048, 3072, or 4096 bits).
Valid From*
Enter the date when the validity of the certificate starts (format: YYYY-MM-DD).
Valid To*
Enter the date when the validity of the certificate ends (format: YYYY-MM-DD).
Password*
Enter the password for this certificate in this field. The password length is limited to 20 characters.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Confirm password*
Confirm the encryption password entered in the field above.
Import an Existing Key Store File
Checking this option displays the following options:
KeyStore File*
Click Browse… to locate and load an existing Key Store File (file format: *.pse).
Password*
The password for the KeyStore (PSE) file.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Skip this certificate Check this option if you do not want to or do not need to enter any information for this specific certificate at this time.
After the configuration, choose Next to continue.
Create SSL Server Certificate
This step is optional and is only available if you chose the option Generate an SSL certificate using the Secure Login administration console.
2 Secure Login Server Installation
Figure: Initial Configuration Wizard –SSL Server Information Entries marked with * are mandatory.
Option Details
Create an SSL server by providing certificate information
Common Name*
Enter the common name of the certificate (CN).
Example: Alias Server Name Organization Unit
Enter the division of the company in this field (OU).
Example: SAP Security Department Organization
Enter the company name in this field (O).
Example: Company xyz Locality
Enter the regional information in this field (L).
Example: Walldorf Country
Enter the country abbreviation in this field (C).
Example: DE
Subject Alternative Names (DNS)
Enter the alternative name in this field. Typically this is the Fully Qualified Domain Name (FQDN).
Example: [email protected] Encryption Key Length
Select the encryption key length for the server (512,
1024, 1536, 2048, 3072, or 4096 bits).
Valid From*
Enter the date when the validity of the certificate starts (format: YYYY-MM-DD).
Valid To*
Enter the date when the validity of the certificate ends (format: YYYY-MM-DD).
Password*
In this field, you enter the password for this certificate.
The password length is limited to 20 characters.
Save Password
If this checkbox is activated, this password will be stored. This means that you do not need to remember the password when editing this certificate at a later date.
Confirm Password*
Confirm the encryption password entered in the field above.
Import an Existing Key Store File
Checking this option displays the following options:
KeyStore File*
Click Browse… to locate and load an existing KeyStore file (file format: *.p12).
Password*
The password for the KeyStore file.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Skip this certificate Check this option if you do not want or do not need to enter any information for this specific certificate at this time.
After the configuration, choose Next to continue.
2 Secure Login Server Installation
Create User CA Certificate
Define the parameter for the user CA certificate.
Figure: Initial Configuration Wizard –User CA Information Entries marked with * are mandatory.
Option Details
Create a user CA by providing certificate information
Common Name*
Enter the common name of the certificate (CN).
Example: User CA SAP Security Organization Unit
Enter the division of the company in this field (OU).
Example: SAP Security Department Organization
Enter the company name in this field (O).
Example: Company xyz Locality
Enter the regional information in this field (L).
Example: Walldorf Country
Enter the country abbreviation in this field (C).
Example: DE
Encryption Key Length
Select the encryption key length for the server (512, 1024, 1536, 2048, 3072, or 4096 bits).
Valid From*
Enter the date when the validity of the certificate starts (format: YYYY-MM-DD).
Valid To*
Enter the date when the validity of the certificate ends (format: YYYY-MM-DD).
Password*
In this field you enter the password for this certificate.
The password length is limited to 20 characters.
Save Password
If this checkbox is activated, this password is stored.
This means that you do not need to remember the password when editing this certificate at a later date.
Confirm Password*
Confirm the encryption password entered in the field above.
Import an Existing Key Store File
Checking this option displays the following options:
KeyStore File*
Click Browse… to locate and load an existing KeyStore file (file format: *.pse).
Password*
The password for the KeyStore (PSE) file.
Save Password
If this checkbox is activated, this password will be stored. This means that you do not need to remember the password when editing this certificate at a later date.
Skip this certificate Check this option if you do not want or do not need to enter any information for this specific certificate at this time.
After the configuration, choose Next to continue.
2 Secure Login Server Installation
Define Server Configuration
Define the parameters for the User Certificate Configuration and Application Information.
The other configuration parameters are read-only (for verification reasons).
Figure: Initial Configuration Wizard – Server Configuration Entries marked with * are mandatory.
Option Details
User Certificate Configuration
DN.country
Enter the country abbreviation in this field (C).
Example: DE DN.locality
Enter the regional information in this field (L).
Example: Walldorf DN.organization
Enter the company name in this field (O).
Example: Company xyz DN.organizationalUnit
Enter the division of the company in this field (OU).
Example: SAP Security Department ValidityMinutes*
Information for a temporary certificate: The period of time (in minutes) that the user certificate is valid.
Application Information ServerHostName
FQDN name or IP address of this server.
This parameter is used for the client policy definition and can be used for centrally changing the server host name and the server port in the instance configuration of the Secure Login Server.
ServerPort
Port of this server.
This parameter is used for the client policy definition and can be used for central change.
Authentication Server Configuration (read-only)
AuthConfigPath
Authentication server configurations file for the Secure Login Server.
Secure Login User CA Key Store
(read-only)
PseName
The user CA key store file path. If you created a user CA in the previous step, the file path is shown here.
Log Configuration (read-only)
DailyLogDir
In this log path the user authentication information for the default instance is logged.
(for example, the user authentication was successful) MonthlyLogDir
In this log path the instance information for the default instance is logged.
(for example, the default instance was started successful)
AdminConsoleLogDir
In this log path the admin console information for the Secure Login Administration Console is logged.
(for example, the default instance configuration was changed)
LockDir
The path to which the lock file is saved. A lock file is created when the server encounters an internal error that requires manual intervention.
After the configuration, choose Next to continue.
2 Secure Login Server Installation
Setup Review
Verify the action points and choose the Finish pushbutton to complete the initial wizard configuration.
Figure: Initial Configuration Wizard –Setup Review
Finish Setup
After successful setup configuration this page appears. Restart the Secure Login Server application.
Figure: Initial Configuration Wizard – Congratulations
Use the Telnet application to stop and start the Secure Login Server application (for more information, see section 2.2 Secure Login Server Installation with Telnet).
Another possibility in the Microsoft Windows environment is to use the SAP Management Console (sapmmc) application. Under AS Java Components, choose the application sap.com/SecureLoginServer and restart the application.
Microsoft Windows SAP Management Console
In Microsoft Windows environment the SAP Management Console (sapmmc) can be used to restart the Secure Login Server application. Mark the application sap.com/SecureLoginServer and choose the option Restart (right-click option).
Figure: SAP Management Console (sapmmc)
2 Secure Login Server Installation