Kontakt

Ansicht
Dokumentation

PAY_DE_B2A_KK_640 - Transfer via HTTPS

PAY_DE_B2A_KK_640 - Transfer via HTTPS

CL_GUI_FRONTEND_SERVICES - Frontend Services   TXBHW - Original Tax Base Amount in Local Currency  
This documentation is copyright by SAP AG.
SAP E-Book
The ELENA procedure was discontinued. Therefore, the Customizing activities for ELENA are obsolete (SAP Note 1611591). Note:
Take special note of the latest changes to the setup of the communication server for ZSS/ELENA in the SAP Note 1408879 ELENA: Set Up HTTP(S) Connection for Communication.

Setup of the HTTP Connection

General Information for HTTPS

For general information about setting up the HTTPS connection from the SAP system, see the documentation on SAP Help Portal by choosing the following links:

  • Basis 6.40
    http://help.sap.com/saphelp_nw04/helpdata/EN/65/6a563cef658a06e10000000a11405a/content.htm
  • Basis 7.00
    http://help.sap.com/saphelp_nw70ehp1/helpdata/de/65/6a563cef658a06e10000000a11405a/content.htm
    (Steps 1, 2, and 3a are mandatory. They are relevant for all releases. An SSL server PSE is also a strict requirement if the system is going to be used only as an SSL client later on.
    Note on 3a: If you do not use the system as an SSL server, use the default values to create the PSE. This PSE has no relation to the PSE of the ITSG (BNxxxxxxxx.pse), which is used later.)

If problems or error messages occur during the setup of the HTTPS connection, you can also refer to SAP Note 634006 Note on the preclarification of ICM messages.

The SSL setup on the Web application server is described in detail in SAP Note 510007 Setting up SSL on Web Application Server ABAP. If the message "HTTPIO_PLG_CANCELED" appears during the connection test (at the end of step 4 or 5), this most likely means that the SSL settings are incorrect and must be corrected.

If problems occur during the SSL setup, you can report them under the component BC-SEC-SSL.

HR-Specific Setup Steps:

  1. Procurement of public HTTPS certificates for ELENA
You can find the 2 required certificates (test notifications and live notifications) on SAP Service Marketplace by choosing the following path: https://service.sap.com/hrde -> Media Center -> ELENA-Zertifikate (“ELENA Certificates”, file: Elena_Zertifikate_01.zip).
Save the file to your computer and unpack it. The file contains two certificates in Base64 format.
You also have the option of procuring the two files as follows:
  • Certificate for transferring live data to https://meldung.elena-zss.de/ElenaEXTra/rest
    You can find the file on the Internet at https://www.das-elena-verfahren.de -> ELENA für Arbeitgeber (“ELENA for Employers”, site not available in English).
    Download the file "meldung.elena-zss.de.cer". Note that you must download the file with the extension .cer (format: Base64).

  • Certificate for transferring test data to https://meldung.elena-zss-dev.de/

Internet Explorer 6:
- Open Windows Explorer and enter the address https://meldung.elena-zss-dev.de/.
- Double-click the yellow padlock in the bottom right corner. In the dialog box that appears, choose the Details tab.
- Choose the Copy to File pushbutton. Choose the following pushbuttons: Next -> Base-64 encoded… -> Next and enter the file name (for example, Elena_B64). Choose the Next pushbutton, followed by the Finish pushbutton.

Internet Explorer 7:
- Open Windows Explorer and enter the address https://meldung.elena-zss-dev.de/.
- Choose the following #Continue to this website# -> #Certificate Error# -> #View certificates#.
- In the dialog box that appears, choose Details.
- Choose the Copy to File pushbutton. Choose the following pushbuttons: Next -> Base-64 encoded… -> Next and enter the file name (for example, Elena_B64). Choose the Next pushbutton, followed by the Finish pushbutton.

Transaction STRUST (Trust Manager)
Transaction STRUST is client-independent. In this transaction, you create an SSL client for every PSE file you use that has a certificate from ITSG. In this step, the procedure is different for systems with one PSE file than for systems with multiple PSE files.

Variant A
Procedure for an HR system with one client and one PSE file (company number) as the sender:
  • Start transaction STRUST in the HR system.

  • Choose the menu path Environment -> SSL Client Identity and choose OK in the infobox about client independence.

  • Create a new entry by choosing New Entries.

  • Enter the following values:
    SSL ID: DRV
    Description: SSL Client (SI German Pension Insurance)
    Select the Active checkbox
    (If the Active field is not available in your release, you do not have to select the checkbox.)

  • Save your entries.

  • Go back to transaction STRUST via F3 and select the SSL client (SI German Pension Insurance).

  • Choose PSE -> Import. For the file, select the PSE file that is also used for encrypting SI notifications.
    Notes:
    (a) This file has the name "BNXXXXXXXX.pse". XXXXXXXX stands for your company number. You can find these files on the server for the HR system. /instance/sec/.
    (b) If a PIN has been assigned for the PSE file, you must enter it here.
    (c) If you use multiple PSEs with different company numbers, you can choose any one of these files to implement the HTTPS connection.

  • Save the loaded PSE file by choosing PSE -> Save as “SSL Client” and “DRV”.
    Uploading of the public HTTPS certificate for ELENA from step 1.
    Choose the Import Certificate pushbutton (on the bottom left of the Certificate window) to upload the two files with the certificate. Select B64. The certificate details then appear in the Certificate window. Next, choose the Add to Certificate List pushbutton. The certificate appears in the certificate list.
    After you have uploaded both certificates, you see two new items in the certificate list with the following owners:
    (a) CN=meldung.elena-zss.de, OU=GB0560, O=Deutsche Rentenversicherung Bund, ...
    (b) CN=meldung.elena-zss-dev.de, OU=GB 0500, O=Deutsche Rentenversicherung Bund, ...
    Important: Save these settings.

Variant B:
Procedure for an HR system with one or more clients and various PSE files (company numbers) that are used as senders:
  • For each company number used as a sender (that is, each one with a PSE file entitled BNXXXXXXXX.pse), you must create an SSL client in STRUST.

  • Start transaction STRUST in the HR system.

  • Choose the menu path Environment -> SSL Client Identity and choose OK in the infobox about client independence.

  • Create a new entry by choosing New Entries.

  • Enter the following values:
    SSL ID: DRV01
    Description: BNXXXXXXXX SSL Client (GPI)
    Select the Active checkbox.
    (If the Active field is not available in your release, you do not have to select the checkbox.)

  • Save your entries.

  • Use F3 to go back to transaction STRUST and select SSL client DRV01.

  • Choose PSE -> Import. For the file, select the PSE file that is also used for encrypting SI notifications. BNXXXXXXXX.pse: You can find these files on the server for the HR system. /instance/sec/. If a PIN has been assigned for the PSE file, you must enter it here.

  • Save the loaded PSE file by choosing PSE -> Save as “SSL Client” and “DRV01”.
    Uploading of the public HTTPS certificate for ELENA from step 1.
    Use the Import Certificate pushbutton (on the bottom left of the Certificate window) to upload the two files with the certificate. Select B64. The certificate details then appear in the Certificate window. Next, choose the Add to Certificate List pushbutton. The certificate appears in the certificate list.
    After you have uploaded both certificates, you see two new items in the certificate list with the following owners:
    (a) CN=meldung.elena-zss.de, OU=GB0560, O=Deutsche Rentenversicherung Bund, ...
    (b) CN=meldung.elena-zss-dev.de, OU=GB 0500, O=Deutsche Rentenversicherung Bund, ...
    Important: Save these entries (using the button with the diskette symbol).

  • Repeat these steps for each PSE file that you use and change the values accordingly.
    Example:
    - BN12345678.pse: SSL ID: DRV01, Description: BN12345678 SSL Client (GPI)
    - BN87654321.pse: SSL ID: DRV02, Description: BN87654321 SSL Client (GPI)

  • See SAP Note 1452519 "ELENA: HTTP code 401/logon screen for creating connections" for additional examples for implementing multiple PSE files.

  1. Transaction SMICM (ICM Monitor)
    Restarting the ICM system.
  • Launch transaction SMICM.

  • Choose Administrator -> ICM -> Exit Soft. This restarts the ICM process. This step is necessary to download the certificate from the server to the memory.

Note:
SSL Server must have been created and appear green.

Create HTTPS connections in transaction SM59
Note:
Note corrections from the following SAP Notes must be available in the system:
ELENA: Connection problems with proxy password (1426592)
ELENA: HTTP code 401/logon screen for creating connections (1452519).
Transaction SM59 is client-independent. In this transaction, you create an HTTPS pair consisting of one test connection and one live connection for each of the items you created in step 2 in STRUST (SSL Client). As in step two, the procedure in this step for systems with one SSL client (one PSE file) differs from that of systems with multiple SSL clients (multiple PSE files).

Variant A
Procedure for an HR system with 1 SSL client in transaction STRUST (variant A, step 2).
  • Creation of the test connection.

  • Launch transaction SM59.

  • Choose Create.
    Connection type: G
    RFC destination: HR_DE_ELENA_TEST
    Description: HTTPS connection for ELENA

  • Entries on the Technical Settings tab page:
    Target host: meldung.elena-zss-dev.de
    Service no.: 0443
    Path prefix: /ElenaEXTra/rest

    HTTP proxy options:
    Enter your own proxy data, if required.

  • Entries on the Logon/Security tab page:
    Security options -> Select SSL Active. In the selection list, use the F4 help to select DRV.

  • Save the connection.
    Afterwards, you can test the connection. Return code 405 means that the connection has no technical issues.
    (Background: The connection test calls the connection with HTTP-GET. However, the data is later transferred by the HR application program with HTTP-POST. The ZSS HTTPS server therefore only allows POST and returns error 405 when GET is called.)

  • Creation of the live connection

  • Launch transaction SM59.

  • Choose Create.
    Connection type: G
    RFC destination: HR_DE_ELENA_PROD
    Description: HTTPS connection for ELENA

  • Entries on the Technical Settings tab page:
    Target host: meldung.elena-zss.de
    Service no.: 0443
    Path prefix: /ElenaEXTra/rest

    HTTP proxy options:
    Enter your own proxy data, if required

  • Entries on the Logon/Security tab page:
    Security options -> Select SSL Active. In the selection list, use the F4 help to select DRV.

  • Save the connection.
    Afterwards, you can test the connection. Return code 400 means that the connection has no technical issues.
    (Background: The connection test calls the connection with HTTP-GET. However, the data is later transferred by the HR application program with HTTP-POST. The ZSS HTTPS server therefore only allows POST and returns error 400 when GET is called.)

Variant B:
Procedure for an HR system with multiple SSL clients in transaction STRUST (variant B, step 2).
  • Creation of the test connection.

  • Launch transaction SM59.

  • Choose Create.
    Connection type: G
    RFC destination: HR_DE_ELENA_XXXXXXXX_TEST
    Description: HTTPS connection XXXXXXXX for ELENA
    (For XXXXXXXX, enter the company number for which the SSL client was created.)

  • Entries on the Technical Settings tab page:
    Target host: meldung.elena-zss-dev.de
    Service no.: 443
    Path prefix: /ElenaEXTra/rest

    HTTP proxy options:
    Enter your own proxy data, if required.

  • Entries on the Logon/Security tab page:
    Security options -> Select SSL Active. In the selection list, use the F4 help to select DRVXX (for example, DRV01).

  • Save the connection.
    Afterwards, you can test the connection. Return code 405 means that the connection has no technical issues.
    (Background: The connection test calls the connection with HTTP-GET. However, the data is later transferred by the HR application program with HTTP-POST. The ZSS HTTPS server therefore only allows POST and returns error 405 when GET is transmitted.)

  • Creation of the live connection

  • Launch transaction SM59.

  • Choose Create.
    Connection type: G
    RFC destination: HR_DE_ELENA_XXXXXXXX_PROD
    Description: HTTPS connection XXXXXXXX for ELENA
    (For XXXXXXXX, enter the company number for which the SSL client was created.)

  • Entries on the Technical Settings tab page:
    Target host: meldung.elena-zss.de
    Service no.: 443
    Path prefix: /ElenaEXTra/rest

    HTTP proxy options:
    Enter your own proxy data, if required.

  • Entries on the Logon/Security tab page:
    Security options -> Select SSL Active. In the selection list, use the F4 help to select DRVXX (for example, DRV01).

  • Save the connection.
    Afterwards, you can test the connection. Return code 400 means that the connection has no technical issues.
    (Background: The connection test calls the connection with HTTP-GET. However, the data is later transferred by the HR application program with HTTP-POST. The ZSS HTTPS server therefore only allows POST and returns error 400 when GET is transmitted.)

  • Repeat these steps for each company number.
    Example:
    You have 2 company numbers, 12345678 and 87654321, with the SSL clients DRV01 and DRV02 from transaction STRUST. After the connection is created, you have the following connections in SM59:
    HR_DE_ELENA_12345678_TEST -> SSL-Client DRV01
    HR_DE_ELENA_12345678_PROD -> SSL-Client DRV01
    HR_DE_ELENA_87654321_TEST -> SSL-Client DRV02
    HR_DE_ELENA_87654321_PROD -> SSL-Client DRV02
    For more examples, see SAP Note 1452519 ELENA: HTTP code 401/logon screen for creating connections.

  1. Transaction SM30
    If you used Variant B in steps 2 and 4, you must now proceed as follows:
  • Maintain constant RHTTP in view V_T50BK in every client.

  • Transaction SM30

  • Table/view V_T50BK -> Maintain pushbutton.

  • Country grouping 01.

  • Choose the Position Cursor pushbutton and enter the following values:
    Area: SV
    Document type: OENA
    Constant: RHTTP

  • Enter the following value for the constant:
    HR_DE_ELENA_<BN> and save this value.
    Note:
    Do not substitute the company number for <BN>. <BN> is a placeholder for the company number. The program will substitute it with the company number currently in use.
    Example:
    You send the data for company number 12345678. The HTTPS connections HR_DE_ELENA_12345678_TEST and HR_DE_ELENA_12345678_PROD are then used by the program.

General Comments/Additional Information:

  • The decision as to whether a system is a test system or live system is made as follows:
  • Constant MODE is evaluated in table T50BK (SV/OENA or OENR). If the constant is not maintained (it usually is not), table T000 is evaluated. If the client is classified as P, this means the system is a live system. If not, then the system is a test system.

  • You can perform additional tests on the HTTPS connection using the report Test Report: Communication Server ELENA (RPUSVLD0). For the test URL and the live URL, the text "Error 200: Error reported: 200#" and the HTTP code 200 should be returned from the HTTPS server of the ZSS. (This is OK. The error notification can be ignored because the test report cannot send any valid XML data.)
  • For more information on saving HTTP/HTTPS connections, see the following documentation on SAP Service Marketplace at https://service.sap.com/security -> SAP Security Guides -> SAP NetWeaver 7.0 Network Security.





Fill RESBD Structure from EBP Component Structure   ROGBILLS - Synchronize billing plans  
This documentation is copyright by SAP AG.

Length: 23596 Date: 20240523 Time: 193846     sap01-206 ( 264 ms )