Set FQDN on Linux for SAP Server

An example FQDN: myserver.mkysoft.com

Add computer name to /etc/hostname file.

myserver

Add you domain to /etc/resolv.conf.

domain mkysoft.com

Add host name and domain with IP to /etc/hosts.

10.10.1.5  myserver.mkysoft.com myserver

You can check yor configuration with niping tool. This tool can be found n SAPRouter package.

niping -v -H myserver.mkysoft.com

Hostname/Nodeaddr verification:
===============================

Hostname of local computer: myserver                         (NiMyHostName)
FQHN of local computer: myserver.mkysoft.com                 (NiGetOwnFQDN)

Lookup of hostname: myserver                                 (NiHostToAddr)
    --> IP-Addr.: 10.10.1.5
Lookup of IP-Addr.: 10.10.1.5                                (NiAddrToHost)
    --> Hostname: myserver.mkysoft.com

Lookup of hostname: myserver.mkysoft.com                     (NiHostToAddr)
    --> IP-Addr.: 10.10.1.5
Lookup of IP-Addr.: 10.10.1.5                                (NiAddrToHost)
    --> Hostname: myserver.mkysoft.com

SSL / TLS settings for SAP NetWeawer

A lot of SAP product such as NetWeaver using sapcrypto / commoncrypto library (sapcryptolib.dll or sapcryptolib.so) for SSL / TLS and encryption.

SSL / TLS client configuration.

ssl/client_ciphersuites = 150:PFS:HIGH::EC_P256:EC_HIGH

SSL / TLS server configuration.

ssl/ciphersuites = 135:PFS:HIGH::EC_P256:EC_HIGH

You need at least 8.4.40 sapcrpytolib for SNI (Server Name Indication) support. Before SNI protocol client request certificate with domain IP instead of domain name. SNI used for hosting multiple site on same port with encryption.

ssl/client_sni_enabled = TRUE

We need updated kernel for using this parameter, details are in this note.

Also you can set these parameters as OS environment variable.

SAPSSL_CLIENT_CIPHERSUITES = 135:PFS:HIGH::EC_P256:EC_HIGH
SAPSSL_CLIENT_SNI_ENABLED = TRUE

sapcryptolib versions for protocols

In below table you can find minumum sapcryptolib version for protocols.

ProtocolVersion
TLS 1.05.5.5 PL 28
TLS 1.28.4.31
SNI8.4.40

If SOAMANAGER not exists

Some old system hasn’t got SOAMANAGER for configuring/creating logical port or service. We can use below t-codes for same operation.

LPCONFIG
WSCONFIG
WSADMIN

distribution_policy not exist

Depending on SQL Server version some columns are change. In sap_tf_sysdatabases functions reference to distribution_policy column in sys.tables. With program MSSPROCS (run with se38) you can change stored procedure and functions which are using by SAP.