Brook Preloader

Blog

Digital Signature For SAP Notes

SNOTE is a powerful tool to quickly implement specific SAP Notes, making it easy to install specific corrections to SAP solutions. SNOTE also recognizes any dependencies on the Notes.

Digital Signing of SAP Notes

There is a fair possibility for the SAP Notes to get maliciously modified and customers might unknowingly upload those maliciously modified SAP Notes files into their ABAP systems. To avoid any authentication issues or those issues that evolve during the upload of a corrupt note, SAP came up with the concept of ‘digital signing’ of SAP Notes with increased authenticity and security. With the updated SAP support backbone and mandatory digital signing of SAP notes, download and upload process of SAP notes will change to SAR files.

Getting an SAP Note into ABAP system – Comprises of two steps.

1. Upload SAP Note using SNOTE transaction of ABAP system

2. Download SAP Note using SNOTE transaction of ABAP system

If we want to download digitally signed SAP Notes, some preparations are required in ABAP-based systems i.e., we need to enable digital signing settings by the end of 2019, because post January 1, 2020, the download and upload processes will stop working unless Note Assistant (SNOTE transaction) is enabled in ABAP systems to work with digitally signed SAP Notes.

Configuration

Pre-requisites:

  • ST-PI and ST-A/PI add-ons must be up-to-date.
  • Implement following SAP Notes – 2408073, 2546220 and 2508268 into ABAP system and simultaneously perform the manual activities.
  • An equivalent Transport-Based Correction Instruction (TCI) is available as SAP Note 2576306 containing the above notes. Advantage going with TCI is that it avoids manual activities.
  • Technical S-User credentials are required.

Procedure:

  • Once we implement the SAP notes (2408073, 2546220 and 2508268) then run the report i.e., RCWB_SNOTE_DWNLD_PROC_CONFIG and choose option HTTPS port option where we need to provide the RFC details.
  • Create below RFC with technical S-User ID credentials:
    • SAP-SUPPORT-PORTAL and SAP-SUPPORT_NOTE_DOWNLOAD
  • HTTPS prerequisites can also be configured by executing automated Task List SAP_BASIS_CONFIG_OSS_COMM in ABAP Task Manager (STC01) and this task list is available in systems with at least SAP_BASIS 740 after applying TCI in sap Note 2738425.
  • Import the SSL certificates from T-code STRUSTSSO2/STRUST and download from Note 2631190.
  • Set parameter ssl/client_ciphersuites= 150:PFS:HIGH::EC_P256:EC_HIGH and parameter value for enabling highest TLS protocol version (Note:510007).

Validation:

In order to view the SAP Notes that failed the digital signature verification, run Transaction SNOTE or SLG1.

Contact for further details

VenkataSai Chillamcherla
Technical Analyst
venkatac.in@mouritech.com
MOURI Tech

0 0 vote
Rating
guest
0 Comments
Inline Feedbacks
View all comments