Enabling SSL for SAP SCC Data Assurance Plug-In to DA Server RMI Communication

Configure the DA server and the SAP Control Center (SAP SCC) Data Assurance plug-in to use SSL to encrypt all RMI network communication.

1. Configure DA server.
   1. Set up RMI client connection to the DA server and issue these commands, for example:

      sslconfig rmi_server_ssl_enabled true
      go
      sslconfig keystore location_of_keystore_file
      go
      sslconfig keystore_passwd password
      go
      sslconfig keypair_passwd password
      go

   2. Restart DA server.
2. Configure the SCC Data Assurance plug-in.
   1. Open the SCC agent-plugin.xml script for editing:

      %SYBASE%\SCC-3_2\plugins\DAMAP\agent-plugin.xml

   2. Set the DA RMI and Java truststore SSL properties:

      You can add your DA server certificate to your own truststore, or you can add it to the truststore that already exists within SCC, which is located in $SCC_HOME/services/EmbeddedWebContainer/cacerts. The default password is changeit.

      For example:

      <properties>
        <set-property property="da.rmi.client.ssl.required" value="myserver" />
        <set-property property="da.rmi.client.debug" value="false" />
        <set-property property="javax.net.ssl.trustStore" value="C:\Sybase\SCC-3_2\services\EmbeddedWebContainer\cacerts"/>
        <set-property property="javax.net.ssl.trustStorePassword" value="changeit" />
      </properties>

      where:

      • da.rmi.client.ssl.required – is the host name of the DA server that requires all RMI communication to be encrypted with SSL.
        Note: You can add a comma-delimited list of host names for multiple DA servers.
      • da.rmi.client.debug – enables the debug mode. The default is false.
      • javax.net.ssl.trustStore – is the location for the truststore file.
      • javax.net.ssl.trustStorePassword – is the truststore password.
   3. Restart SAP Control Center Data Assurance plug-in.