In this blog post, we will learn to activate AbapGit on SAP NetWeaver Developer Edition 7.52 with an alternate way of installing server certificates and ensuring AbapGit is working as it should be.

Recently, i had the pleasure of installing the SAP NetWeaver Developer Edition 7.52 on my PC. The first thing i wanted was to have backup of my code available to me.

Luckily, we have a wonderful tool AbapGit at our disposal. Installation was a breeze, as it was very well documented, however, SSL Setup was a bit of a problem, as some of the directions are bit vague , and provided steps were not fruitful at least at my end. However, with little bit of work, i was able to have it work on my SAP installation. Here i am putting up the steps, so that those who are facing the issues, will be able to solve them at their ends.

Little bit of BASIS work is also required.

I am not going to reproduce the steps of installation here, however, i suggest that one should download ,

zabapgit_standalone source code and save it as text file. Create a Program of this code and assign a transaction code to it ( zabapgit is for me). if you run this program, you will see this screen.

Abap%20GIT%20Main%20Page

Abap GIT Main Page

For testing of our connectivity to Github, we have one more program on our disposal, zabap_test_ssl  , download it and create a program in SE38 and execute it. Following screen will appear.

Upon executing this program, you will receive some errors like below or some others , now we need to find a way to solve these errors.

 

Let’s Solve The Problem

AbapGit SSL Setup mentions adding some parameters to SAP Default Profile. First of all, add those parameters if not already added.

Mentioned Parameters are;

ssl/ciphersuites             = 135:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
ssl/client_ciphersuites      = 150:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
icm/HTTPS/client_sni_enabled = TRUE
ssl/client_sni_enabled       = TRUE

SETENV_26 = SECUDIR=$(DIR_INSTANCE)$(DIR_SEP)sec
SETENV_27 = SAPSSL_CLIENT_CIPHERSUITES=150:PFS:HIGH::EC_X25519:EC_P256:EC_HIGH
SETENV_28 = SAPSSL_CLIENT_SNI_ENABLED=TRUE 

There parameters can be added through Transaction Code : RZ10. Here is a picture

And here is RZ10 after adding the parameters.

When you save the profile, SAP will prompt you to activate it and then mentions in popup that you must restart the SAP to have this changes be effective.

Logout and restart your SAP Application.

It is worth noting that, before making any changes to your SAP System profile, one should make a backup copy, so that in case of problems, you can revert back to old settings.

On Terminal:

cp DEFAULT.PFL DEFAULT.PFL.BKP

Once, SAP is back online, we need to add Server Certificates to Transaction Code Strust. On multiple available videos on youtube & AbapGit SSL Setup , solution is to add extract certificate from your browser and upload it to Strust, however , in my testing , it was not working, so i applied another way of extracting the Certificate for Strust by using Transaction Code : SMICM and extracting the Certificate from Trace Files.

Steps:

  • Run Transaction : SMICM
  • On Menu : Goto -> Trace File -> Reset (This will clear the Trace file)
  • Then On Menu : Goto -> Trace Level -> Set (Select level 3 and press Pen icon)
  • Go To Transaction : SE38
  • Run zabap_test_ssl program (This will again result in error, but this time SMICM will show us the full error log with server certificate information.
  • Exit SE38
  • Run Transaction : SMICM
  • Then On Menu : Goto -> Trace Level -> Set (select level 1 and press Pen icon)
  • Then on Menu : Goto -> Trace File -> Display All
  • Search for Value “Trace Level” and select “changing Trace Level to 3

Now, we need to look at the Trace File and find the following line

Subject: CN=github.com, O="GitHub, Inc.", L=San Francisco, SP=California, C=US
Issuer: CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1, O=DigiCert Inc, C=US
Serial Number: 0C:D0:A8:BE:C6:32:CF:E6:45:EC:A0:A9:B0:84:FB:1C

Just below this, there is a section with —BEGIN CERTIFICATE— as heading, Copy all of it and save it with the name of github.cer file. Make sure, the text starts with

-----BEGIN CERTIFICATE-----

and ends with

-----END CERTIFICATE-----

Notice 5 “-“ in lead & end.

If you go down on the trace, you will find another certificate just below this mentioning  CN=digicert , just skip it and go further down, until you came across the following lines;

Subject:                              CN=*.github.com, O="GitHub, Inc.", L=San Francisco, SP=California, C=US
Issuer:                               CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1, O=DigiCert Inc, C=US
Serial Number:                        02:74:87:F4:82:D0:7C:B0:E8:41:CF:0A:29:35:7E:9B

Again, copy the Certificate just below these lines, and save it as apigithub.cer file.

All Steps with SMICM are done.

 

Proceed with STRUST Steps

EDIT:

Make sure to select

SSL client SSL CLIENT (Anonyomus)

vhcalnplci_NPL_00

After uploading both certificates, SAVE and exit STRUST.

Now , Go BACK TO SE38 and run zabap_test_ssl . This Time, you will receive the OK report.

Now, You can run your AbapGit and create online repositories.

Just make sure, you create a token , before proceeding, as it seems that current version of AbapGit is not taking passwords into consideration , and only working with personal tokens.

 

Conclusion

we have a proper working AbapGit and a little bit better understanding of updating and using certificates in Strust.

if this blog post is helpful in please do provide feedback.

 

Sara Sampaio

Sara Sampaio

Author Since: March 10, 2022

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x