Kontakt

Ansicht
Dokumentation

PAY_DE_B2A_KK_620 - ITSG Communication Server (GKV)

PAY_DE_B2A_KK_620 - ITSG Communication Server (GKV)

PERFORM Short Reference   CL_GUI_FRONTEND_SERVICES - Frontend Services  
This documentation is copyright by SAP AG.
SAP E-Book

Setting Up the HTTPS Connection

For general information about setting up the HTTP(S) connection from the SAP system, see the documentation in SAP Help Portal under Internet Communication Framework.

If problems or error messages (ICM) occur when setting up the HTTP(S) connection, you can also refer to SAP Note 634006 (Note on the preclarification of ICM messages).

Activities
  1. Check the HTTPS service
    Check whether the HTTPS service has been activated in the system.
    1. Launch transaction SMICM.
    2. Choose Goto -> Services in the menu to switch to an overview of the active services. The HTTPS log should be activated. If this is not the case, set up the service. For more information, see SAP Note 510007 (Setting up SSL on Application Server ABAP).

      Comment:
      Make sure that the HTTPS service is set up on every instance on which you want to transfer messages via HTTPS.
  2. Check the certificates in Trust Manager
    You have already requested a certificate for these company numbers at the ITSG trust center. You now need to check whether there is an entry in transaction STRUST for the company numbers you use as the data provider.
    1. Launch transaction STRUST.
      On the left-hand side under PSE Status, there should now be an entry with SSF HR B2A-SV BN<your company number> for each of the company numbers you use.
      (Example: SSF HR B2A-SV BN12345678)
    2. If there is no entry, create this using the report Copy PSE for HI Funds to SFF Tables (RPUSVND0).
  3. Check and, if required, update the certificate list
Use the Test Report for Communication with the GKV and DSRV (RPUSVHD1) to check whether the public certificates with the company numbers of the health insurance funds exist in your certificate list.

If this is not the case, update the certificate list in the key files (PSE files) that you use, as follows:
  1. Downloading of the current certificate list from ITSG
You can find the list on the Internet at
www.itsg.de -> Trust Center -> Öffentliche Schlüsselverzeichnisse AG.
Select the file with the public keys of the data collection points for the employer procedure. The file is currently provided for the SHA1 and SHA256 hash algorithm. In report RPUSVHD1, you can find information about which algorithm you are using listed under Algorithm Signature for the certificate for the company number.
From here, download the file for the PKCS#7 procedure.
Save the file locally to your PC (example: annahme-pkcs.agv for SHA1 or annahme-sha256.agv for SHA256).
  1. Deletion of the old certificate list from the PSE files used
Start the Utility Report for Management of Encryption PKCS#7 for HI Funds (RPUSVKD1).
Enter the company number. For the company numbers that you use and the related PSE files, see Customizing under Assign File Name for PKCS#7 Certificates.
Confirm the entry. The information (administrator, company name, PSE file) is thus read and displayed.
In the group box Delete Certificate List, select the checkbox Delete List (All).
Execute the report. The report displays the number of deleted entries.
  1. Import of the new certificate list
    Start report RPUSVKD1 again.
Enter the company number and confirm the entry.
In the group box Read Certificate List, select the checkbox Read List and confirm the entry. The field Path/File Name is ready for input.
Enter the path for the file with the current certificate list (example: C:\annahme-sha256.agv).
Execute the report. The report displays the number of imported entries.
  1. Use the Test Report for Communication with the GKV and DSRV (RPUSVHD1) to check whether the public certificates with the company numbers of the health insurance funds exist in the certificate list of the PSE file just processed.
  2. If you implement more than one company number as the sender (view V_T5D4X), import the most recent certificate list for these company numbers as well. To do this, repeat steps b) to d).
  • Create the SSL client certificates in Trust Manager

    You need a separate SSL client for each company number for which you have requested a certificate (PSE file exists). If you have more than company number, repeat the following steps for each number.
    1. Launch transaction STRUST and switch to change mode.
    2. Check if an identity has already been created for the company number (PSE file) in the menu under Environment -> SSL Client Identities. If it has, continue with step 6. If not, switch to change mode and select New Entries to create the missing identities SVnnnn. nnnn may either represent a sequential numbering or possibly the last 4 figures of the relevant company number. (Example: For PSE file BN12345678.pse, you can create SSL client identity SV5678.) Save the entries.
    3. Return to Trust Manager.Double-click the SSL client you created. Then choose PSE -> Import in the menu to transfer your certificate for the company number to the new SSL client. Select the PSE file called BN<company number employer> .pse from the application server (directory DIR_INSTANCE\sec).
    4. In the menu, choose PSE -> Save As to save the file under type SSL Client with the value SVnnnn.


  • Create the HTTPS connection(s)
    If you have only one data provider (PSE file), or if you do not use any proxy or have a proxy without information about the user and password, proceed as follows:
    1. Launch transaction SM59.
    2. Choose Create:
      Connection Type: G
      RFC Destination: HR_DE_GKV_MELDUNG
      Description: HTTPS SHI communication server notification
    3. Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path Prefix: /meldung/extra14.meldung

      HTTP Proxy Options:
      Enter your own proxy data, if required
    4. On the Registration & Security tab page, activate the security option SSL. Select the SSL certificate for your company number from the list. If there is more than one company number, select one of the SSL certificates.
      Comment: If you are not using a proxy or have a proxy without password, the program may dynamically exchange the SSL certificate entered in the connection. In this case, you do not need to create connections for every individual company number.
    5. Save your entries.
    6. Test the connection. Return code 404 means that the connection has no technical issues.
      Background: The connection test calls the connection with HTTP-Get. However, the data is later transmitted by the HR application program using HTTP-POST. The SHI communication server only allows post and returns error 404 for Get.
    7. Repeat steps a) to f) for the HTTPS connection for the Request with the following values:
      Connection Type: G
      RFC Destination: HR_DE_GKV_ANFRAGE
      Description: HTTPS SHI communication server request

      Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path Prefix: /anfrage/extra14.anfrage
    8. Repeat steps a) to f) for the HTTPS connection for the Exit with the following values:
      Connection Type: G
      RFC Destination: HR_DE_GKV_QUITTUNG
      Description: HTTPS SHI communication server exit

      Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path Prefix: /quittung/extra14.quittung

    If you have several data providers (PSE files) and are using a proxy that includes the user and password, proceed as follows:
    1. Launch transaction SM59.
    2. Choose Create:
      Connection Type: G
      RFC Destination: HR_DE_GKV_<company number employer>_MELDUNG
      Description: HTTPS SHI communication server notification
    3. Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path prefix: /meldung/extra14.meldung

      HTTP Proxy Options:
      Enter your own proxy data, if required
    4. On the Registration & Security tab page, activate the security option SSL. Select the SSL certificate SVnnnn for your company number from the list. (Example: For the company number 12345678, create an RFC connection called HR_DE_GKV_12345678_MELDUNG with SSL client certificate SV5678.) The company number used in the name of the RFC connection and the company number of the SSL client must be identical.
    5. Save your entries.
    6. Test the connection. Return code 404 means that the connection has no technical issues.
      Background: The connection test calls the connection with HTTP-Get. However, the data is later transmitted by the HR application program using HTTP-POST. The SHI communication server only allows post and returns error 404 for Get.
    7. Repeat steps a) to f) for the HTTPS connection for the Request with the following values:
      Connection Type: G
      RFC Destination: HR_DE_GKV_<company number employer>_ANFRAGE
      Description: HTTPS SHI communication server request

      Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path Prefix: /anfrage/extra14.anfrage
    8. Repeat steps a) to f) for the HTTPS connection for the Exit with the following values:
      Connection Type: G
      RFC Destination: HR_DE_GKV_<company number employer>_QUITTUNG
      Description: HTTPS SHI communication server exit

      Entries on the Technical Settings tab page:
      Target Host: verarbeitung.gkv-kommunikationsserver.de
      Service No.: 443
      Path Prefix: /quittung/extra14.quittung


    Additional Information

    • You decide whether to use the test or productive system to transfer the notifications as follows: The constant MODE in table T50BK is read for the current procedure, for example SV/OVVZ. If the constant is not maintained (it usually is not), table T000 is evaluated. If the client is classified as P, this means a productive system is used. If not, then the system is a test system.
    • You can also test the HTTP connection using the Test Report for Communication with the GKV and DSRV (RPUSVHD1). For the test URL and the live URL, the text "Error 200: Error reported: 200#" and the HTTP code 200 should be returned from the DRV communication server. This is OK. You can ignore this error message because the test report cannot send any valid XML data.





    Addresses (Business Address Services)   ABAP Short Reference  
    This documentation is copyright by SAP AG.

    Length: 16388 Date: 20240523 Time: 195017     sap01-206 ( 199 ms )