Enabling the use of HTTP requests with a secKey

Edit online

HTTP requests from SAP usually contain the secKey parameter. The value of this parameter is an encrypted hash sum of selected URL parameters. To ensure that an SAP request was not manipulated, Collector Server uses the SAP certificate to evaluate the hash sum. An SAP certificate must be available for each logical archive that is defined in the Collector Server instance configuration and that the SAP system communicates with.

Procedure

Complete these steps to transfer an SAP certificate to the Collector Server instance:

In the SAP GUI, use either of the following procedures:
- In the Change Content Repositories: Detail window, click the Send certificate icon .
- Enter the transaction code OAHT to open the “Send certificates to HTTP content server” window. Double-click the content repository that defines the connection to a logical archive.
  For example, double-click A2.
The corresponding Collector Server instance receives the SAP certificate and saves it in the SAPCertificates directory.

For example, the SAP certificate for logical archive A2 would be stored as A2.pse.fingerprint.TO_BE_CONFIRMED. fingerprint stands for the hash value that uniquely identifies the SAP certificate.
To accept the SAP certificate, complete these steps:
1. Open a command line and change to the directory where the server configuration profile that contains the logical archive is stored.
2. Enter the following command:
```
archcert -a archive_id
```
  archive_id stands for the logical archive ID. For example, A2.
  
  For additional parameters, see archcert.
3. The content of the SAP certificate is displayed. Review it.
4. If you decide to accept the SAP certificate, enter YES.

Results

Collector Server saves the SAP certificate in the SAPCertificates directory as archive_id.pse.fingerprint, for example, A2.pse.fingerprint. You can verify the SAP certificate in SAP by comparing the fingerprint to the one in the Trust Manager (transaction code STRUST).